Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security

Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security

One key to improving cardless ATM acceptance among consumers is to build trust and comfort by ensuring that best-in-class security measures are in place. Given the right security and layers of defense, the cardless ATM process can be secure.

Using a variety of different approaches, several major financial institutions now offer cardless ATM capabilities that allow consumers to withdraw cash using mobile devices instead of their debit card. Using contactless technology or QR codes, banks are now offering an improved experience by removing the authentication step requiring the consumer to insert their debit card to identify themselves and replacing it with the mobile device and mobile banking application.

Cardless ATMs are a way to improve convenience by eliminating the need for consumers to carry their cards. And with respect to security, these banks have reduced the need to replace lost or stolen cards, and have eliminated the potential for skimming, which is the use of a device to read debit card information at the physical ATM and commit fraud against consumer accounts.

Currently, consumer demand for cardless ATMs is relatively low. For its ATM Future Trends 2017 report, ATM Marketplace surveyed U.S. consumers about the top three services they'd most like to see available at the ATM. Only 14 percent selected cardless ATM access.

One key to improving cardless ATM acceptance among consumers is to build trust and comfort by ensuring that best-in-class security measures are in place. Given the right security and layers of defense, the cardless ATM process can be secure.

For example, one ATM process might be the following. A consumer will set up the ATM withdrawal in advance and now have the capability to withdraw the cash within 24 hours. Arriving at the ATM, the consumer interfaces with a contactless reader with their digital wallet which has their debit card enabled. The wallet may require biometric to access the card, which is a good best practice. If the consumer has initiated an ATM transaction already, they will be prompted on screen to complete their withdrawal. During the process, as another authentication factor, the consumer is asked to enter their pin.

This example shows the proper use of multifactor authentication which will help mitigate fraud. The mobile device acts as “something you have,” as does the tokenized card in your digital wallet. The biometric acts as “something you are”, identifying the authorized user. The pin is a third authentication factor, as it is “something you know”.

Since the mobile device is taking on an increasingly high-profile role in facilitating financial transactions of all types, organizations must focus on the device itself as the central component of security. A truly comprehensive mobile security strategy must consider the risk of the mobile device and ensure the environment where the mobile banking application is operating is secure.

A device intelligence solution that uses the mobile device as a permanent identifier is critical to establishing trust in the user who is being authenticated. Such solutions also use many different device attributes to uncover and analyze risk factors to establish the first layer of trust for cardless ATM access.

Organizations should use risk detection capabilities that detect evidence of malware, malicious and corrupted applications, emulators, GPS spoofers, device spoofers, key loggers, SMS forwarders and other fraud tools used by criminals to hijack accounts and defraud customers.

It is critical to verify the device does not pose a fraud risk in order to use it as a factor in multifactor authentication, as well as to trust the biometric identification. Biometric access is a much stronger authentication layer than the outdated username and password system. However, if a device has spyware to capture account information, the biometric is not a deterrent for fraud because the cyber criminals are still able to steal the account information.

Once device trust has been established, financial institutions can confidently allow good customers to transact with minimal friction. At the same time, they can better identify devices with high-risk indicators so they can be challenged or denied outright. In cases of a known fraud case, permanently identifying a device allows an organization to negative list it and block further access.

Cardless ATMs represent the latest wave in mobile payments evolution. The technology offers increased convenience for consumers, and cost-savings and enhanced efficiency for financial institutions. But for it to gain adoption, financial institutions must ensure that they are providing customers a secure experience.

Employing security best practices in the cardless ATM process can have a profound effect on the proliferation of cardless ATM technology and will go a long way toward creating consumer acceptance and trust.

Featured

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

  • The Impact of Convergence Between IT and Physical Security

    For years, the worlds of physical security and information technology (IT) remained separate. While they shared common goals and interests, they often worked in silos. Read Now

  • Unlocking Trustworthy AI: Building Transparency in Security Governance

    In situations where AI supports important security tasks like leading investigations and detecting threats and anomalies, transparency is essential. When an incident occurs, investigators must trace the logic behind each automated response to confirm its validity or spot errors. Demanding interpretable AI turns opaque “black boxes” into accountable partners that enhance, rather than compromise, organizational defense. Read Now

  • Seeking Innovative Solutions

    Denial, Anger, Bargaining, Depression and Acceptance. You may recognize these terms as the “5 Phases” of a grieving process, but they could easily describe the phases one goes through before adopting any new or emerging innovation or technology, especially in a highly risk-averse industry like security. However, the desire for convenience in all aspects of modern life is finally beginning to turn the tide from old school hardware as the go-to towards more user-friendly, yet still secure, door solutions. Read Now

  • Where AI Meets Human Judgment

    Artificial intelligence is everywhere these days. It is driving business growth, shaping consumer experiences, and showing up in places most of us never imagined just a few years ago. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.