Banks must ensure that their ATM application management complies with the following:
(a) The display of a cardholder PIN must be obfuscated on the ATM display and must not be in 'clear' mode;
(b) Sensitive information must not be present any longer or used more often than strictly necessary. The ATM must automatically clear its internal buffers when either the transaction is completed, or the ATM has timed out whilst awaiting a response from the cardholder or host; and
(c) Prevent the display or disclosure of cardholder account information such as the account number, ID number, address and other personal details etc. on the ATM screen, printed on receipts, or audio transcripts for visually impaired cardholders.
Added: January 2020