Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security

Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security

One key to improving cardless ATM acceptance among consumers is to build trust and comfort by ensuring that best-in-class security measures are in place. Given the right security and layers of defense, the cardless ATM process can be secure.

Using a variety of different approaches, several major financial institutions now offer cardless ATM capabilities that allow consumers to withdraw cash using mobile devices instead of their debit card. Using contactless technology or QR codes, banks are now offering an improved experience by removing the authentication step requiring the consumer to insert their debit card to identify themselves and replacing it with the mobile device and mobile banking application.

Cardless ATMs are a way to improve convenience by eliminating the need for consumers to carry their cards. And with respect to security, these banks have reduced the need to replace lost or stolen cards, and have eliminated the potential for skimming, which is the use of a device to read debit card information at the physical ATM and commit fraud against consumer accounts.

Currently, consumer demand for cardless ATMs is relatively low. For its ATM Future Trends 2017 report, ATM Marketplace surveyed U.S. consumers about the top three services they'd most like to see available at the ATM. Only 14 percent selected cardless ATM access.

One key to improving cardless ATM acceptance among consumers is to build trust and comfort by ensuring that best-in-class security measures are in place. Given the right security and layers of defense, the cardless ATM process can be secure.

For example, one ATM process might be the following. A consumer will set up the ATM withdrawal in advance and now have the capability to withdraw the cash within 24 hours. Arriving at the ATM, the consumer interfaces with a contactless reader with their digital wallet which has their debit card enabled. The wallet may require biometric to access the card, which is a good best practice. If the consumer has initiated an ATM transaction already, they will be prompted on screen to complete their withdrawal. During the process, as another authentication factor, the consumer is asked to enter their pin.

This example shows the proper use of multifactor authentication which will help mitigate fraud. The mobile device acts as “something you have,” as does the tokenized card in your digital wallet. The biometric acts as “something you are”, identifying the authorized user. The pin is a third authentication factor, as it is “something you know”.

Since the mobile device is taking on an increasingly high-profile role in facilitating financial transactions of all types, organizations must focus on the device itself as the central component of security. A truly comprehensive mobile security strategy must consider the risk of the mobile device and ensure the environment where the mobile banking application is operating is secure.

A device intelligence solution that uses the mobile device as a permanent identifier is critical to establishing trust in the user who is being authenticated. Such solutions also use many different device attributes to uncover and analyze risk factors to establish the first layer of trust for cardless ATM access.

Organizations should use risk detection capabilities that detect evidence of malware, malicious and corrupted applications, emulators, GPS spoofers, device spoofers, key loggers, SMS forwarders and other fraud tools used by criminals to hijack accounts and defraud customers.

It is critical to verify the device does not pose a fraud risk in order to use it as a factor in multifactor authentication, as well as to trust the biometric identification. Biometric access is a much stronger authentication layer than the outdated username and password system. However, if a device has spyware to capture account information, the biometric is not a deterrent for fraud because the cyber criminals are still able to steal the account information.

Once device trust has been established, financial institutions can confidently allow good customers to transact with minimal friction. At the same time, they can better identify devices with high-risk indicators so they can be challenged or denied outright. In cases of a known fraud case, permanently identifying a device allows an organization to negative list it and block further access.

Cardless ATMs represent the latest wave in mobile payments evolution. The technology offers increased convenience for consumers, and cost-savings and enhanced efficiency for financial institutions. But for it to gain adoption, financial institutions must ensure that they are providing customers a secure experience.

Employing security best practices in the cardless ATM process can have a profound effect on the proliferation of cardless ATM technology and will go a long way toward creating consumer acceptance and trust.

Featured

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.