Cardless ATMs Are Cool, but You Still May Get Ripped Off

 The roll out of cardless ATM transaction services has been getting a lot of attention for both the “cool” factor as well as opportunities for more secure transactions. Without the need to input the card and a PIN, these cardholder details can’t be skimmed:

Several financial institutions have introduced smart ATMs to their branches in recent months. The cardless ATM sends a code to the consumer’s phone via the bank’s mobile app. By entering that code at the ATM, the customer can access his or her bank accounts.

Wells Fargo set up 13,000 cardless ATMs this year. “We place significant efforts to ensure our online and mobile channels are secure, and we are continuously enhancing our controls,” Lauren Terreros, associate vice president of corporate communications for Wells Fargo, said about the bank’s smart ATM efforts.

JPMorgan Chase also said it’s testing cardless ATMs in 600 locations with plans to roll them out more widely next year. Bank of America is also reportedly following with its own cardless program.

Now the industry is starting to surface some of the ways that enterprising fraudsters can still break in to compromise ATM details through the device. And recovery may be more difficult:

“No matter what system is used to identify people, there’ll always be a flaw,” said Ryan O’Leary, vice president of WhiteHat Security, a provider for securing web applications. “When taking away skimming, you now have an issue with people gaining access to your account or device through finding your username and password.”

“It might be a lot more difficult to get your money back because you’re trying to prove something that [banks] thought was bulletproof,” O’Leary said.

Overview by Sarah Grotta, Director Debit Advisory Service at Mercator Advisory Group

Read the full story here