Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security

Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security

One key to improving cardless ATM acceptance among consumers is to build trust and comfort by ensuring that best-in-class security measures are in place. Given the right security and layers of defense, the cardless ATM process can be secure.

  • By Michael Lynch
  • Apr 16, 2018

Using a variety of different approaches, several major financial institutions now offer cardless ATM capabilities that allow consumers to withdraw cash using mobile devices instead of their debit card. Using contactless technology or QR codes, banks are now offering an improved experience by removing the authentication step requiring the consumer to insert their debit card to identify themselves and replacing it with the mobile device and mobile banking application.

Cardless ATMs are a way to improve convenience by eliminating the need for consumers to carry their cards. And with respect to security, these banks have reduced the need to replace lost or stolen cards, and have eliminated the potential for skimming, which is the use of a device to read debit card information at the physical ATM and commit fraud against consumer accounts.

Currently, consumer demand for cardless ATMs is relatively low. For its ATM Future Trends 2017 report, ATM Marketplace surveyed U.S. consumers about the top three services they'd most like to see available at the ATM. Only 14 percent selected cardless ATM access.

One key to improving cardless ATM acceptance among consumers is to build trust and comfort by ensuring that best-in-class security measures are in place. Given the right security and layers of defense, the cardless ATM process can be secure.

For example, one ATM process might be the following. A consumer will set up the ATM withdrawal in advance and now have the capability to withdraw the cash within 24 hours. Arriving at the ATM, the consumer interfaces with a contactless reader with their digital wallet which has their debit card enabled. The wallet may require biometric to access the card, which is a good best practice. If the consumer has initiated an ATM transaction already, they will be prompted on screen to complete their withdrawal. During the process, as another authentication factor, the consumer is asked to enter their pin.

This example shows the proper use of multifactor authentication which will help mitigate fraud. The mobile device acts as “something you have,” as does the tokenized card in your digital wallet. The biometric acts as “something you are”, identifying the authorized user. The pin is a third authentication factor, as it is “something you know”.

Since the mobile device is taking on an increasingly high-profile role in facilitating financial transactions of all types, organizations must focus on the device itself as the central component of security. A truly comprehensive mobile security strategy must consider the risk of the mobile device and ensure the environment where the mobile banking application is operating is secure.

A device intelligence solution that uses the mobile device as a permanent identifier is critical to establishing trust in the user who is being authenticated. Such solutions also use many different device attributes to uncover and analyze risk factors to establish the first layer of trust for cardless ATM access.

Organizations should use risk detection capabilities that detect evidence of malware, malicious and corrupted applications, emulators, GPS spoofers, device spoofers, key loggers, SMS forwarders and other fraud tools used by criminals to hijack accounts and defraud customers.

It is critical to verify the device does not pose a fraud risk in order to use it as a factor in multifactor authentication, as well as to trust the biometric identification. Biometric access is a much stronger authentication layer than the outdated username and password system. However, if a device has spyware to capture account information, the biometric is not a deterrent for fraud because the cyber criminals are still able to steal the account information.

Once device trust has been established, financial institutions can confidently allow good customers to transact with minimal friction. At the same time, they can better identify devices with high-risk indicators so they can be challenged or denied outright. In cases of a known fraud case, permanently identifying a device allows an organization to negative list it and block further access.

Cardless ATMs represent the latest wave in mobile payments evolution. The technology offers increased convenience for consumers, and cost-savings and enhanced efficiency for financial institutions. But for it to gain adoption, financial institutions must ensure that they are providing customers a secure experience.

Employing security best practices in the cardless ATM process can have a profound effect on the proliferation of cardless ATM technology and will go a long way toward creating consumer acceptance and trust.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3