Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security -- Security Today

Consumers’ Trust of Cardless ATMs Will Not Happen Without Strong Mobile Device Security

One key to improving cardless ATM acceptance among consumers is to build trust and comfort by ensuring that best-in-class security measures are in place. Given the right security and layers of defense, the cardless ATM process can be secure.

By Michael Lynch
Apr 16, 2018

Using a variety of different approaches, several major financial institutions now offer cardless ATM capabilities that allow consumers to withdraw cash using mobile devices instead of their debit card. Using contactless technology or QR codes, banks are now offering an improved experience by removing the authentication step requiring the consumer to insert their debit card to identify themselves and replacing it with the mobile device and mobile banking application.

Cardless ATMs are a way to improve convenience by eliminating the need for consumers to carry their cards. And with respect to security, these banks have reduced the need to replace lost or stolen cards, and have eliminated the potential for skimming, which is the use of a device to read debit card information at the physical ATM and commit fraud against consumer accounts.

Currently, consumer demand for cardless ATMs is relatively low. For its ATM Future Trends 2017 report, ATM Marketplace surveyed U.S. consumers about the top three services they'd most like to see available at the ATM. Only 14 percent selected cardless ATM access.

For example, one ATM process might be the following. A consumer will set up the ATM withdrawal in advance and now have the capability to withdraw the cash within 24 hours. Arriving at the ATM, the consumer interfaces with a contactless reader with their digital wallet which has their debit card enabled. The wallet may require biometric to access the card, which is a good best practice. If the consumer has initiated an ATM transaction already, they will be prompted on screen to complete their withdrawal. During the process, as another authentication factor, the consumer is asked to enter their pin.

This example shows the proper use of multifactor authentication which will help mitigate fraud. The mobile device acts as “something you have,” as does the tokenized card in your digital wallet. The biometric acts as “something you are”, identifying the authorized user. The pin is a third authentication factor, as it is “something you know”.

Since the mobile device is taking on an increasingly high-profile role in facilitating financial transactions of all types, organizations must focus on the device itself as the central component of security. A truly comprehensive mobile security strategy must consider the risk of the mobile device and ensure the environment where the mobile banking application is operating is secure.

A device intelligence solution that uses the mobile device as a permanent identifier is critical to establishing trust in the user who is being authenticated. Such solutions also use many different device attributes to uncover and analyze risk factors to establish the first layer of trust for cardless ATM access.

Organizations should use risk detection capabilities that detect evidence of malware, malicious and corrupted applications, emulators, GPS spoofers, device spoofers, key loggers, SMS forwarders and other fraud tools used by criminals to hijack accounts and defraud customers.

It is critical to verify the device does not pose a fraud risk in order to use it as a factor in multifactor authentication, as well as to trust the biometric identification. Biometric access is a much stronger authentication layer than the outdated username and password system. However, if a device has spyware to capture account information, the biometric is not a deterrent for fraud because the cyber criminals are still able to steal the account information.

Once device trust has been established, financial institutions can confidently allow good customers to transact with minimal friction. At the same time, they can better identify devices with high-risk indicators so they can be challenged or denied outright. In cases of a known fraud case, permanently identifying a device allows an organization to negative list it and block further access.

Cardless ATMs represent the latest wave in mobile payments evolution. The technology offers increased convenience for consumers, and cost-savings and enhanced efficiency for financial institutions. But for it to gain adoption, financial institutions must ensure that they are providing customers a secure experience.

Employing security best practices in the cardless ATM process can have a profound effect on the proliferation of cardless ATM technology and will go a long way toward creating consumer acceptance and trust.

ZBeta Strengthens Its Advisory Bench with New Appointment
05/05/2025
Security Trends Reshaping Enterprise Resilience Into 2027
05/05/2025
Amerant Bank Selects Omnilert AI Technology for Enhanced Video Surveillance Security
05/02/2025
Minnesota County Is Still Reaping Huge Benefits from ASAP Service
05/01/2025
Winsted Unveils Pinnacle Collection with Sliding Worksurface
04/30/2025
Everon Awarded Sourcewell Cooperative Purchasing Contract
04/30/2025
Honeywell Signs Global Distribution Agreement With Milestone Systems
04/28/2025
DSI Security Services Announces Leadership Reorganization and Strategic Growth Initiatives
04/21/2025

Featured

Body-Worn Cameras on the Rise

On the evening of Oct. 29, 2024, the owner of 300 Guard based in Houston, was shot while on duty at a convenience store. He returned fire. He was wearing a plated vest and thankfully recovered in the hospital. Read Now
- Government
Fast-Forward from 1,000 B.C.E. to Today

The lock and key have been around since time immemorial. In fact, the locksmith profession is one of the oldest in the world when you consider the earliest wooden tumbler lock debuted three-plus millennia ago. Read Now
- Access Control
Brazil Port Enhances Surveillance and Supports Wildlife Conservation with Sustainable Technology

Ferroport, which operates the iron ore terminal at the Port of Açu in São João da Barra, Rio de Janeiro, Brazil, has deployed state-of-the-art video surveillance cameras from Axis Communications to enhance nighttime security and visibility, while decreasing environmental impact and prioritizing sustainability. With cutting-edge technology, the port now has precise surveillance cameras that capture high-quality nighttime images, while reducing the amount of artificial lighting that negatively impacts the surrounding ecosystem. Read Now
- Government
Verizon’s 2025 Data Breach Investigations Report Notes Alarming Cyberattack Surge Through Third Parties

Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally. Read Now
- Cybersecurity
Net2 Access Control Increases Reliability at Residential Complex

Encore Atlantic Shores is a residential complex of 240 luxurious townhomes for ages 55 and over in Eastport, New York. Completed in 2011, the site boasts an 11,800 square foot clubhouse, with amenities such as a fitness center, heated indoor pool, whirlpool spa, multi-purpose ballroom, cardroom and clubroom with billiards, tennis courts and an outdoor putting green. Read Now
- Access Control

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Connect ONE®

Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.