Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Banks To Test ATMs Which Accept Your Smartphone Instead Of Cards (ibtimes.co.uk)

Posted by BeauHD on from the gimme-your-smartphone dept.

Dozens of banks in the US are updating their ATMs, or installing new ones, in order to allow customers to withdraw cash without using bank cards. A new cardless system will be rolled out at around 2,000 cash machines across the US, operated by at least 28 banks, including giants like Wells Fargo, Bank of America and Chase. Under the new system, people can order cash on an app on their phone, and then scan a code at the ATM to receive their money, all without inserting a card or entering a PIN. The developers of the system insist that smartphone technology makes for faster and more secure transactions. More banks are expected to adopt the technology soon.

148 comments

  1. Sounds a bit sketchy... by Frosty+Piss · · Score: 4, Insightful

    I'm not really technically competent to make a valid argument against this, but my "gut" says... No! Maybe I'm just an ignorant Luddite that longs for my black rotary phone, but my uneducated imagination flows over with ideas and visions of how wrong this could go. My new ATM card has a chip, I'll stick with that for the time being.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 2, Insightful

      I'm betting it's that the banks see some sort of additional revenue stream from doing this. Maybe they think they'll get higher overdraft fees by making withdraws easier to screw up? Without the phone maybe liability lies with customer not bank, since without a PIN the customer has less of a case to claim it wasn't them who made the withdrawal?

    2. Re:Sounds a bit sketchy... by unrtst · · Score: 1

      Agreed. If the summary is to be believed, then it would be possible to:
      * use app to order up cash and show the QR code
      * take a pic of it with another phone (or screenshot and send it, or print it, etc)
      * have someone else go pick up that cash

      That almost sounds convenient, but it also means anyone that can scan that QR code from any of the many cameras that are everywhere, could re-generate the QR code and go snag your cash. It would also be a way to steal cash from someone, whether by force or by using their phone while they're in the bathroom or something. No need for a pin... not a feature I want enabled for my account, thank you.

    3. Re:Sounds a bit sketchy... by TapeCutter · · Score: 5, Insightful

      Many people in poor nations do not have access to banking facilities but they do have a mobile phone. Paying for things via your phone (as opposed to a card) is the normal way of doing business for a large chunk of the world's population.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    4. Re: Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      Well you're doing the QR generation right at the ATM. Someone would have to take a picture of your code and then...run to another ATM and put it in? And they'd still probably need your PIN to start the process.

      It'd be easier to wait till they got their money and physically rob them then your convoluted picture taking idea.

    5. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      I'm not really technically competent to make a valid argument against this, but my "gut" says... No! Maybe I'm just an ignorant Luddite that longs for my black rotary phone, but my uneducated imagination flows over with ideas and visions of how wrong this could go. My new ATM card has a chip, I'll stick with that for the time being.

      I am just the opposite, I am all for our general purpose, holographic slab of glass, ubiquitous smart phone thing that everybody has..just like the expanse.
      We are well on our way seeing as how we went from flip phone star trek communicators and iPads which were clearly predicted by the engineering tablets used in Star Trek the next generation. Next thing we will have blue tooth low energy badges that are hands free speakerphones. I want universal translators and hypospray injectors next!

    6. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 1, Informative

      I'm betting it's that the banks see some sort of additional revenue stream from doing this. Maybe they think they'll get higher overdraft fees by making withdraws easier to screw up? Without the phone maybe liability lies with customer not bank, since without a PIN the customer has less of a case to claim it wasn't them who made the withdrawal?

      As a former Bank of America customer and employee, trust me they do not need any smart phone app or extra functionality to get higher overdraft fees. Let me tell you what Bank of America does to some people.. They regularly withdraw a percent of your account, play it in the stock market and make money on it and then put it back.. and if you are unlucky enough to try to withdraw from your account while they are doing this, you get an overdraft fee.. and they will add up before it shows up in the ledger that they host on your account on their website (IE the numbers they show there are not accurate and when you confront them on it, they say as much.) No matter how much you confront them on it, you can end up in a situation where they will charge overdraft and add them up until you get overdraft fees being charged from overdraft fees being charged and they will not own up to it no matter how dead to rights you have them on it. They figure they can victimize lower income customers, because it is not like they are going to be able to afford a lawyer to sue them.

      I even tried to call the local news media and get them to do a story on it and apparently Bank of America has the news stations paid off too, as apparently they do this to a lot of people.

      I eventually went into a location with my bank card and a pair of scissors, cut up my card on their desk and left a binding document that they owe me $900.00 that they heisted out of my account and that I have no intent to pay the fraudulent overdraft fees remaining on my account. They have made no attempt to collect on the remaining fees because they know they are in the wrong (and probably know I called the news media.) Bank of America are a bunch of crooks, do not waste your time or money doing business with them!

    7. Re:Sounds a bit sketchy... by modecx · · Score: 1

      Sketchy? Mark my words, this will all end in tears.

      --
      Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
    8. Re:Sounds a bit sketchy... by s.petry · · Score: 1

      And those same poor people have money for a smart phone how exactly? Me thinks you are confusing "cash" with credit cards and tech gadgets. Sorry, but it's not safer than a credit card. It's the same as a credit card, while having dependency on some type of connectivity for the Cell.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    9. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 1

      could re-generate the QR code and go snag your cash. It would also be a way to steal cash from someone, whether by force or by using their phone while they're in the bathroom or something. No need for a pin... not a feature I want enabled for my account, thank you.

      The problem that you're describing is called the replay attack and it's one that's easily solved by the addition of a nonce, which is basically a fancy cryptography term for a number or code that is used only once and then never used again. In effect the QR code is good for only one withdrawal, after that it will never be valid again. When this is combined with public key cryptography and one way hashing the QR code becomes both impossible to re-use or to forge.

    10. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 3, Informative

      This sounds like you fundamentally didn't understand how the "money market" account you had worked.

      I'm not going to defend BoA here, but many people simply don't understand the difference between a savings account, checking account, and other "higher interest" accounts. Paypal is another example of a "money market" account. Never use a money-market account as anything other than a store of value, because you can, and likely will lose money if you repeatedly put money in it and take it out before any calculations can be performed on it.

      The poster above describes a Money Market account that they were using as a checking account. It's also likely that BoA didn't go after the poster for the overdraft charges because it's easier to write off customer dissatisfaction claims than it is to sell it to a collections agency.

      As for the topic, everyone knows that scanning a barcode is a bad idea to transfer money. All one needs to do is swipe the smartphone while it's unlocked, and clean someone out. This is another example of where the biometric and the pin need to be combined to work. A similar issue can be created by having the banking app on the phone hijacked (hello Android phones) and the thief needs merely show the barcode at the ATM to get the money without any confirmation.

      As it is, the correct solution really is to cut out middleman, just use credit/debit over NFC or with the EMV chip everywhere you can, and avoid touching gross physical cash.

    11. Re:Sounds a bit sketchy... by Martin+Blank · · Score: 1

      The banking apps I have on my phone don't allow persistent login, and automatically log out after a certain period of time without activity (and it's not very long). Someone would have to swipe the phone while it's logged in and continue performing activity within the app along the way to the ATM for that to work. It's not impossible, but it makes for a targeted attack, which lowers the odds of it happening.

      --
      You can never go home again... but I guess you can shop there.
    12. Re:Sounds a bit sketchy... by ATMAvatar · · Score: 1

      I want universal translators and hypospray injectors next!

      Jet injectors have existed longer than most people here. Universal translators, on the other hand... are still very much a work in progress.

      --
      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
    13. Re:Sounds a bit sketchy... by gl4ss · · Score: 1

      smartphones are cheap.

      atm machines are not.

      --
      world was created 5 seconds before this post as it is.
    14. Re:Sounds a bit sketchy... by rtb61 · · Score: 4, Insightful

      So basically, you give up your wallet and the threat of being mugged for the cash in your wallet for, hmmmm, for log in access to your phone banking account and transfer money or else and what happens after money transferred, how to keep you silent, hmmm, let me think. Yeah, nah, fuck off with the crazy idea of carrying around my bank account with my life being the guarantee of handing over the password and my life being in the balance when it comes to my not complaining about the illegal access to my account. Sure steal my cash, steal my credit card but stealing access to my bank account, that's real risky business. I'm thinking a T-Shirt, "My phone is not, absolutely not, linked to my bank account, please point your gun at the next available auto-teller". Swapping your phone for the ATM where you become an ATM.

      --
      Chaos - everything, everywhere, everywhen
    15. Re:Sounds a bit sketchy... by Martin+Blank · · Score: 4, Informative

      The phones are cheap, plans are prepaid (and cheap), it's safer than carrying cash, and the mobile networks are ubiquitous. While the US has only recently been getting on board with transferring money by phones, much of Africa has been doing it for years.

      Example: A Samsung Note 2 (not the latest and greatest, but still a decent phone) from Jumia Kenya is 550 Kenyan shillings. According to xe.com, that's about US$5.39, based on an exchange rate of about 102 Ksh to the US dollar.

      Being poor doesn't mean being disconnected. Poverty hasn't been a barrier to mobile phone use in other parts of the world for many years. Even in Afghanistan, cell phone towers are common even in the remote regions, because they get used.

      --
      You can never go home again... but I guess you can shop there.
    16. Re:Sounds a bit sketchy... by ShanghaiBill · · Score: 4, Informative

      And those same poor people have money for a smart phone how exactly?

      By working and getting paid for it. In much of Africa, you can buy a phone capable of financial transactions for less than $20 new, and less than $5 used. It is considered important enough that most households will buy a cellphone before they buy a TV or refrigerator.

      It's the same as a credit card

      You cannot use a credit card for peer-to-peer transactions, and a CC is much harder for a poor person to get than a cellphone.

      while having dependency on some type of connectivity for the Cell.

      You must be an American. In much of the rest of the world, cell coverage is ubiquitous.

    17. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      NFC cards are just about the stupidest invention ever. The banks still rolled them out and you cannot request a card without NFC capability. Skimmers love them.

    18. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 3, Insightful

      And those same poor people have money for a smart phone how exactly?

      There are many millions of "poor" people in Asia and Africa with smart phones who are paying $3 to $5 per month for the same phones and better plans than those offered in the US. The idea that a phone, which can be manufactured for $40, should cost you $80/month for two years, subject to ridiculous throttling/caps/degradation of service, plus enormous fees if you try to switch carriers, is strictly an American concept and frankly I don't understand why you tolerate it. Throughout most of the world there are no contracts, you can buy SIM cards out of vending machines that will work in any phone, and it's all extremely cheap.

    19. Re:Sounds a bit sketchy... by SNRatio · · Score: 1

      1. Lower costs: no need to snail mail new ATM cards every time someone loses one under the car seat. Monthly statements sent to your phone too.

      2. Charge extra if you want paper statements or a plastic ATM card

      3. Sell all the personal info the app collects to advertisers

    20. Re:Sounds a bit sketchy... by thegarbz · · Score: 1

      And those same poor people have money for a smart phone how exactly?

      You do realise that not every smartphone costs $800 and comes with a Designed in the USA logo on it right?
      People in China who feed a family of 3 for dinner with less than $2 typically have 2 smartphones between them.

    21. Re:Sounds a bit sketchy... by KGIII · · Score: 1

      Err... If you need to ask a question about banking, I'll do what I can to help you out. There's a lot that I don't know but I'm kind of familiar with it and I'm going to suggest that I'm probably a bit more familiar than you. Don't take that as an insult, you probably program far better than I. There are others here who can give you good information (better than mine) but separating the noise from the signal can be a bit rough.

      Umm... They only give you that higher interest rate because they're using your money. Realistically? You wanted a credit union with share and draft accounts. You also need to read the difference between the two. However, a credit union is your best choice (you're likely eligible for at least one and many have shared banking) and probably to spend a few dollars on a financial advisor but you can learn it on your own if you want and take the time to do so. It's complicated but you need only know the basics.

      There should be like financial lessons for geeks. It should cover retirement savings, investment strategies, basic accounting, the types of accounts and ways to manage, store, and invest your assets. It should cover various states of liquidity and risk. It should even cover handing a ledger and some simple portfolio managements for a broad overlook.

      --
      "So long and thanks for all the fish."
    22. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      They leave an interesting scar. They stopped using them in the military after I got out. They're usually on the shoulder. They kind of suck, they are not painless.

    23. Re:Sounds a bit sketchy... by invictusvoyd · · Score: 1

      On an app!!! On their Android phones !!! on an app !!

      _____________________
      This aint fishy . It's a seafood platter

    24. Re:Sounds a bit sketchy... by AK+Marc · · Score: 1

      All one needs to do is swipe the smartphone while it's unlocked, and clean someone out.

      In practice, the only time someone has it unlocked is while they are using it. And you'd need to be in the bank app for it to matter. So the crook would have to be wandering public, looking for people using a banking app, then swipe the phone, and get to an ATM before the robbed person could call their bank.

      Possible, but unlikely. When it's easier to make $500 making a table from scrap wood than to steal it with your method, you can expect that the number of thefts of that manner would be low.

      --
      Learn to love Alaska
    25. Re:Sounds a bit sketchy... by invictusvoyd · · Score: 1

      Skimmers love old unmanaged ATM's , compromised POS, senior citizens and of course credit cards.

    26. Re:Sounds a bit sketchy... by AK+Marc · · Score: 1

      A smartphone in India is cheaper than my bank card (my bank theoretically charges $20 for the card, and you can get a smartphone in India for $5).

      You are confusing your incorrect bias for reality.

      --
      Learn to love Alaska
    27. Re:Sounds a bit sketchy... by OolimPhon · · Score: 2

      In practice, the only time someone has it unlocked is while they are using it. And you'd need to be in the bank app for it to matter. So the crook would have to be wandering public, looking for people using a banking app, then swipe the phone, and get to an ATM before the robbed person could call their bank.

      You just said it yourself. All the crook has to do is stand near an ATM and wait for somebody with a smartphone to use it.

    28. Re:Sounds a bit sketchy... by dave420 · · Score: 1

      There you go again assuming if you don't know of something it must not exist. The perfect storm of ignorance and hubris.

    29. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      Oh yeah, I've heard this argument before. What's not good for us can still be good for people in poor nations. And that's because you don't give a shit about people in poor nations.

    30. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      You are there already - or at least most people are. When I turned on my smartphone the first time, it wanted a credit card number. This ostensibly so I can purchase "apps". Most people accept that, because they get themselves some nice $1 apps/games - no big expense.

      I refused. As in "do that later" and never following up.

      There are some cheapo apps I would like too. But I will NOT have my phone linked to a credit card. First, there are these "in-app purchases" they try to trick you into at every opportunity. I refuse to take part in that show. Then, there is rtb61 robbery scenario: someone mug me for my phone, simply to "buy" the mafia's $999 "app" and get some kickback? That is possible already, with the credit card link.

      I'll happily buy some cheap apps the day I can use the credit card and not have the phone remember it. Similiar to how I use the credit card for web purchases - the browser/pc/os do not remember the number. I enter it everytime, someone stealing my PC would not get it. And "in-game" purchases won't happen from a PC/game with no idea of my payment details.

    31. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      First of all, rotary phones were shit. I used them myself. Touch tone is superior in every way. Second, the ATM chip card is shit. The contacts on the phone are susceptible to corrosion, static discharge, and wear. I'm on my 3rd ATM card now because eventually the chip itself stops working. It's not that you're a Luddite, per se, but that you just don't have any real understanding of technology. But you blend in easily on Slashdot.

    32. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      "my bank theoretically charges $20 for the card"

      Your bank are scum sucking cunts. No way does it cost $20 to produce a bank card.

    33. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      If they're in a position to swipe the phone, they're probably already close enough to force someone with a card to withdraw money and give it to them - an old tried and true technique - often augmented by forcing the cardholder to drive to the ATM.

    34. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      And your job is being outsourced to them.

    35. Re:Sounds a bit sketchy... by Firethorn · · Score: 1

      You just said it yourself. All the crook has to do is stand near an ATM and wait for somebody with a smartphone to use it.

      Or, you know, hold a gun or a knife to them and make them withdraw the max they can for you. You know, the traditional method.

      Or attach a skimmer to the reader, so the inserted card goes through your reader before entering the machine, and you have a camera placed to catch the pin. Like what happens in eastern europe all the time.

      --
      I don't read AC A human right
    36. Re:Sounds a bit sketchy... by AmiMoJo · · Score: 1

      How is that worse than just standing by an ATM and snatching cash or waiting for the user to enter their pin and mugging them?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    37. Re:Sounds a bit sketchy... by houghi · · Score: 1

      However, we are talking about banks in the US, not about some poor nation.

      To me it seems it is there to make people spend easier and thus more. That will mean more credit is used and that means people will pay more interest and the bank makes more money.

      --
      Don't fight for your country, if your country does not fight for you.
    38. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      Hah ha ha!

      I have a trick I learned from a housewife to stop that!

      I just use my own gun to steal the gun or knife from the thief, probably his pants and wallet too, and shoes if he's one of those ghettoes and has good ones!

    39. Re:Sounds a bit sketchy... by Chris+Mattern · · Score: 1

      It can also be noted that they are kept affordable by air time being prepaid, often a minute a time, and many of these applications are written to optimize their use of that time.

    40. Re:Sounds a bit sketchy... by Anne+Thwacks · · Score: 1
      Your bank are scum sucking cunts

      All banks are SSC - it is the nature of the universe. There are probably references to the fact in Shakespeare's plays.

      --
      Sent from my ASR33 using ASCII
    41. Re: Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      I'm an ATM software guy from the business side at a bank with over a trillion in assets. This isn't about increasing revenue, it's about cutting costs. The ATM networks lose hundreds of millions of dollars per year, and bank tellers cost even more. Over the next year or two, everything mechanically possible will move to machines, and tellers will be more about sales and troubleshooting the machines when they break down.

    42. Re:Sounds a bit sketchy... by luis_a_espinal · · Score: 1

      And those same poor people have money for a smart phone how exactly? Me thinks you are confusing "cash" with credit cards and tech gadgets. Sorry, but it's not safer than a credit card. It's the same as a credit card, while having dependency on some type of connectivity for the Cell.

      Me thinks traveling to a couple of countries will help you understand the answer to that question.

    43. Re:Sounds a bit sketchy... by luis_a_espinal · · Score: 1

      And your job is being outsourced to them.

      Your job maybe. This is the thing. If your job can be commoditized, you are a commodity, and you will be outsourced. So the key is to always be on top of that shit and not let yourself be commoditized. Offshoring is not a new thing. It is just an extension of outsourcing.

      And guess what? Outsourcing is not a new thing either. I've seen it in action for the last 25 years. So I don't get why people keep sounding the alarm as if that shit was new. It's like people that complain their jobs went to China... 15-20 years ago. I'm like, well, wtf have you been doing since then to adapt?

      Adaptation sucks. I know. I've lost my jobs several times, a lot of times because of outsourcing, directly or indirectly. Being unemployed sucks. But you adapt your game, your skills, even yourself and move to something else.

      To say our jobs are going to be outsourced is like saying 2+2=4. So what? This is not news. People worth a damn in this field will find a way to find a way out of it.

    44. Re:Sounds a bit sketchy... by luis_a_espinal · · Score: 1

      And those same poor people have money for a smart phone how exactly?

      You do realise that not every smartphone costs $800 and comes with a Designed in the USA logo on it right? People in China who feed a family of 3 for dinner with less than $2 typically have 2 smartphones between them.

      Word.

      People are ignorant, horribly ignorant, when it comes to things like this. I remember I asked a friend of mine from grad school to get me a copy of Knuth's books in India. I paid like a fifth of what I would have paid if I had bought them in the US. Pricing is "zonified" (if there is such a word.) The same shit that we have to pay $100 we can pay a fraction of it in another country without any loss in quality.

    45. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      paying for things with cash is the normal way of doing business

      ftfy

    46. Re:Sounds a bit sketchy... by Charcharodon · · Score: 1

      Last time I checked most of the rest of the world is a festering shit hole, so you think the best solution is to do it how they do? That is pure genius.

    47. Re:Sounds a bit sketchy... by Charcharodon · · Score: 2

      You obviously never had a phone in Europe, the rates and phone prices are even worse than the US.

    48. Re:Sounds a bit sketchy... by Martin+Blank · · Score: 1

      There are targeted attacks where people are told to withdraw some amount of money from the bank or their loved ones suffer the consequences.

      Two cases here from 2015:
      http://legacy.wbir.com/story/n...
      http://www.mansfieldnewsjourna...

      And here's one from 1992:
      http://www.deseretnews.com/art...

      Using an ATM card isn't any safer, with robberies involving forced ATM withdrawals happening frequently. Fraudulent activity is covered by banking regulations and FDIC insurance.

      --
      You can never go home again... but I guess you can shop there.
    49. Re:Sounds a bit sketchy... by Charcharodon · · Score: 1

      Goes a bit back farther than that. Studying globalism in an Economic class. The first round of "globalism" end 12,000 years ago when the last continent was colonized by early man. There have been 5 or so major periods or so since then. We are currently in the middle of one of these transformations. They speculate the next one will be off world. LEO or with another planet. Companies are relocating to Mars to avoid paying taxes and robotic orbital mining in the asteroid belt is destroying the middle class!

    50. Re:Sounds a bit sketchy... by unrtst · · Score: 1

      I'm not referring to re-use or forgeries. I'm talking about theft.

    51. Re:Sounds a bit sketchy... by edtice1559 · · Score: 1

      If somebody threatens me with violence unless I pay them money, I want the means of paying them to be as easy as possible. Times are changing but when I was younger, I was taught always to have some amount of money $20-$40 available. If somebody robs you, throw the money in their direction and run. They'll pick it up and you'll get away.

    52. Re:Sounds a bit sketchy... by xaxa · · Score: 0

      You obviously never had a phone in Europe, the rates and phone prices are even worse than the US.

      You obviously aren't European, if you're willing to make generalisations like that about 40-odd countries.

    53. Re:Sounds a bit sketchy... by LinuxIsGarbage · · Score: 1

      You are there already - or at least most people are. When I turned on my smartphone the first time, it wanted a credit card number. This ostensibly so I can purchase "apps". Most people accept that, because they get themselves some nice $1 apps/games - no big expense.

      I refused. As in "do that later" and never following up.

      There are some cheapo apps I would like too. But I will NOT have my phone linked to a credit card. First, there are these "in-app purchases" they try to trick you into at every opportunity. I refuse to take part in that show. Then, there is rtb61 robbery scenario: someone mug me for my phone, simply to "buy" the mafia's $999 "app" and get some kickback? That is possible already, with the credit card link.

      I'll happily buy some cheap apps the day I can use the credit card and not have the phone remember it. Similiar to how I use the credit card for web purchases - the browser/pc/os do not remember the number. I enter it everytime, someone stealing my PC would not get it. And "in-game" purchases won't happen from a PC/game with no idea of my payment details.

      Can't you get both Apple iTunes and Google Play store gift cards from a brick and mortar store, paid with cash, to then use to buy apps?

    54. Re:Sounds a bit sketchy... by mjwx · · Score: 1

      Many people in poor nations do not have access to banking facilities but they do have a mobile phone. Paying for things via your phone (as opposed to a card) is the normal way of doing business for a large chunk of the world's population.

      Hi, it sounds like you've never been to a developing nation. Would you like some help?

      You see, in developing nations people use these small pieces of paper or polymer with numbers on them to trade for goods and services. They do this because adding banks into the mix creates extra costs that must be passed onto the consumer. Seeing as they dont have much money to begin with, they opt not to use the bank.

      It'll be the same with phones. You dont need any infrastructure to deal in cash, you'll need infrastructure to deal with phones.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    55. Re:Sounds a bit sketchy... by mjwx · · Score: 1

      By working and getting paid for it. In much of Africa, you can buy a phone capable of financial transactions for less than $20 new, and less than $5 used

      This is for a basic Nokia rip off (not a genuine Nokia, that costs money). A smart phone will cost upwards of US$75 for a cheap Chinese model.

      You cannot use a credit card for peer-to-peer transactions, and a CC is much harder for a poor person to get than a cellphone.

      You cant use a phone for peer-to-peer transactions either. You will need, at the very least, significant back end infrastructure that can handle thousands of real time transactions a second. This isn't easy or cheap to do, this means the people doing it (erm... the banks) will want to make money off it. As this will increase costs, it will not be an attractive option for the African on a budget.

      Those not on a budget will get a CC as it's a status symbol along with the 35 yr old Merc.

      You must be an American. In much of the rest of the world, cell coverage is ubiquitous.

      You must not have been to the rest of the world as you've not no idea how spotty and unreliable mobile coverage is in developing nations.

      In the Philippines, I cant even get reliable coverage for the entirety of the NLEX (Northern Luzon EXpressway) which is 84 KM's of road through a relatively well to do part of the PI, let alone out in Leyte or Samar. Hell, sometimes I can walk from one end of my hotel room to the other and cross tower's 3 times... Internet outages for days are not uncommon (I had this happen after Typhoon Hagupit/Ruby rolled through in 2014). Compared to the African nations you're alluding to, the Phils is positively developed.

      If you think instant, on demand internet access is commonplace in the developing world, you've clearly never been there.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    56. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 0

      I was on a boating trip last summer and I went ass-over-teakettle into a river. My phone did not survive. Guess what worked just fine to buy gas for the drive home: my dumb, plastic credit cards.

      When I travel, I sometimes drain my phone's battery watching movies on the plane. Guess what never runs out of juice when I need a hotel or meal on the road: my dumb, plastic credit cards.

      I wouldn't object to having a backup payment method on my phone, in case I lose my wallet, but we've had several decades to take the friction out of credit and debit card purchases and my phone is an order of magnitude less reliable than a magstripe on a piece of plastic.

    57. Re:Sounds a bit sketchy... by Charcharodon · · Score: 1
      Lived in UK and Germany. Visited Cyprus, Albania, Greece, France, Ireland, Italy, and Norway. The cell phone prices and the service, as well as regular phone and internet service in each of those countries sucked goat cock.

      So eat a dick.

  2. Say HI to all your Russian friends now by Anonymous Coward · · Score: 0

    Your phone is next.

  3. Is apple involved? by catalina · · Score: 1

    Hmm, this might solve any FBI funding problems...

  4. obligatory by Anonymous Coward · · Score: 2, Informative

    Choosing 'that' vs. 'which': http://www.dailywritingtips.co...

  5. no smartphone no cash by turkeydance · · Score: 1

    maybe THAT will stop my wife.

    1. Re:no smartphone no cash by Anonymous Coward · · Score: 0

      maybe THAT will stop my WITCH.

      did i get that right?

  6. So now if I get mugged... by swamp_ig · · Score: 2

    Not only do I potentially get assaulted, and all my stuff stolen, but they can drain my bank account too? Doesn't this just paint a big target on the back of anyone who carries a smart phone?

    I like pay-pass, the way it works in aus is there's a maximum amount per transaction where you can use contactless without a pin. Hopefully it will be the same for this?

    1. Re:So now if I get mugged... by thegarbz · · Score: 1

      but they can drain my bank account too?

      How did you reach that conclusion? The article only mentions the interaction between the phone app and the ATM works via barcode. It doesn't say what security is involved on the phone app.

      Now how many times have you been able to log into mobile banking recently without using a password, one that is often longer / harder to guess than a 4 digit PIN?

    2. Re:So now if I get mugged... by edtice1559 · · Score: 1

      The alternative, of course, would be that you get assaulted, they take your stuff, then beat you dead because you won't give them the money stored on your phone. They won't believe that you don't have the app. I always wanted to get one of those briefcases that you handcuff to your wrist because I thought they are cool. I thought better of it because somebody may commit a brazen act of violence to take it from me and then a deadly one when they realize I don't have anything of value.

    3. Re:So now if I get mugged... by edtice1559 · · Score: 1

      Most bank accounts have a daily withdrawal limit. I'd like to think you can report your phone stolen in less than 24 hours. The same way you would an ATM card. What seems reasonable is reentry of the PIN at the ATM. Wave your phone, enter your PIN, withdrawal money. What's the difference between that and an ATM card? Right now I'm carrying at least 10 ATM cards and a half dozen credit cards.

    4. Re:So now if I get mugged... by thegarbz · · Score: 1

      What seems reasonable is reentry of the PIN at the ATM. Wave your phone, enter your PIN, withdrawal money.

      Given you need to authenticate yourself to your mobile banking app in the first place in order to setup this money withdrawal what's the benefit of doing it twice?
      As other's have pointed out any threat against this form of payment involves someone already having detailed access to banking accounts (assuming they are setting this up the same way as some banks already have).

  7. Cardless cash by well_in_theory · · Score: 4, Informative

    A version of this is already widely in use in Australia. Log into bank via smartphone, request amount of cash, receive code. Go to that bank's ATM, request cardless cash, enter code, ???, cash! I no longer carry a wallet, just my smartphone with 3-card slimline case containing my ID/drivers licence, public transport RFID card, and credit card. I'm able to slip a $20 in there too for the few remaining places who either don't take credit or charge a fee to do so.

    1. Re:Cardless cash by Grishnakh · · Score: 0

      So anyone who snatches your phone from you can drain money out of your bank account too?

      Sounds like a great system!

    2. Re:Cardless cash by well_in_theory · · Score: 3, Informative

      Sure, all they need is my fingerprint to access the phone, know which bank I'm with, know that that I'm registered for cardless cash at said bank, my fingerprint again to access the app, and possibly my fingerprint again to request the funds.

      But sure, a card and 4 digits is totally more secure.

    3. Re:Cardless cash by sumdumass · · Score: 1

      So your phone and a finger? Not much different from right now I guess.

    4. Re:Cardless cash by Grishnakh · · Score: 4, Insightful

      I hate to break it to you, but it's not hard for a mugger to get your fingerprint. All they need is a knife....

    5. Re:Cardless cash by fluffernutter · · Score: 1

      You know there are databases of fingerprints being stolen every day, right?

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    6. Re:Cardless cash by Anonymous Coward · · Score: 0

      even easier, you probably use that finger to do things like hold your phone. Fingerprint scanners were a neat idea before they were easy to crack, but that was a decade ago.

    7. Re:Cardless cash by well_in_theory · · Score: 2

      If I'm suddenly in a position where losing a finger during a mugging is a genuine concern, I'll look into better protecting my hundreds of dollars.

      Are there actual documented cases of small-time crooks in a civilized country using fingerprint harvesting off secondary sources to get into a smartphone? Maybe I just live in a country where tinfoil hats aren't so necessary.

    8. Re:Cardless cash by Nyder · · Score: 1

      Sure, all they need is my fingerprint to access the phone, know which bank I'm with, know that that I'm registered for cardless cash at said bank, my fingerprint again to access the app, and possibly my fingerprint again to request the funds.

      But sure, a card and 4 digits is totally more secure.

      You mean the finger print that is already on the phone because oil leaves the prints on the screen? Not sure how you can think this is safer when finger print scanners have been fooled by pictures.

      https://www.google.com/search?...

      --
      Be seeing you...
    9. Re:Cardless cash by well_in_theory · · Score: 2

      I'm still going to guess the $5 wrench (https://xkcd.com/538/) gets used more than whatever is required to fool TouchID in the time it takes me to register that my phone/card is missing and report it as such. I don't *think* I have a network of spies tracking my every move and lifting my prints off of water glasses in order to obtain my hundreds of dollars, but perhaps that's just because they don't *want* me to think that, right?

      How do you paranoids ever leave the house?

    10. Re:Cardless cash by Anonymous Coward · · Score: 2, Insightful

      That's why you make sure at least two fingers get you into your phone. Or you could use a toe.

      For the most part, a PIN is more secure than a fingerprint, but this is owing to the current level of accuracy in fingerprint readers. Like a gelatin (eg gummybear) finger can get into a fingerprint reader because it has just enough depth to look like a real finger, but fingerprint sensors could be improved to actually care about opacity and temperature to secure it better. So cutting a finger off wouldn't work, and a gummyfinger would't be stable enough at body temperature.

      Other biometrics are more fun. Facial recog is pretty much garbage since it can be fooled with a photo, and only works for white people. Iris scans are irrefutable (only an identical twin could fool it, and it would rely on refractive properties, so it can't be copied with a simple photo that doesn't refract light) and DNA tests are still way too slow to be useful. The problems with Iris scanning and DNA scans is that they are way too complicated and expensive and are best used for security (eg border control, bank vaults, military complexes and such) and not for poorly secured consumer applications.

      That said, an iris scan may eventually be doable with the "selfie" camera on a camera phone, and if an ATM were to be used to withdraw money, all they would need to do is have the same "selfie" camera at the ATM instead.

      But one needs to ask why bother with all this nonsense in the first place. Quit using cash for everything. So what if Visa/MC/Amex knows what you buy, are you ashamed or embarrassed by what you buy? The amount of people who are scared to buy tampons and condoms are afraid of being judged by the person ringing up the order. If you're really afraid of the person in the store, buy that stuff off Amazon.com

    11. Re:Cardless cash by Anonymous Coward · · Score: 0

      He's Aussie... will pull the 'that's not a knife' act...

    12. Re:Cardless cash by Anonymous Coward · · Score: 3, Interesting

      Iris scans are irrefutable

      From wikipedia: "Many commercially available iris-recognition systems are easily fooled by presenting a high-quality photograph of a face"

      A high-quality photo of someone's iris is not hard to get. Celebrities, which tend to have money, are even used to people pointing big expensive lenses at them all the time. Anyone can pretend to be paparazzi.

      And if they have some way of rejecting paper images - well, embed the iris image in a glass eye. A fake head, heated to body temperature is not hard to pull off.

    13. Re: Cardless cash by Anonymous Coward · · Score: 0

      In Australia anyway the banks will cover this type of theft..

    14. Re:Cardless cash by Anonymous Coward · · Score: 0

      you remove the need for a wallet but introduce the need to go to your bank atm for the cash, while going to the bank you can get attacked by a dropbear which ive heard is really dangerous

    15. Re:Cardless cash by Anonymous Coward · · Score: 0

      even easier, you probably use that finger to do things like hold your phone. Fingerprint scanners were a neat idea before they were easy to crack, but that was a decade ago.

      Yeah, I'm sure there are a ton of pickpockets out the with the ability to lift a fingerprint and create a replica that is acceptable for use at the ATM. If you could get a million dollars out of an ATM, sure. But with ATM limits typically at $400-$1000/day, that's not where people with those sort of skills and criminal intentions are going to focus their efforts.

    16. Re:Cardless cash by slashping · · Score: 1

      Celebrities, which tend to have money

      Kanye will be glad to hear he's safe.

    17. Re:Cardless cash by Anonymous Coward · · Score: 0

      fingerprint sensors could be improved to actually care about opacity and temperature to secure it better

      Great, so up here in New England we can't unlock our phones because it's too cold out. What a horrible idea.

    18. Re:Cardless cash by Toshito · · Score: 1

      You have to unlock your phone, start the banking app, login into the app*, click on the withdrawal button, choose the amount, get the code, scan the code on the ATM, and get your cash.

      Wow! It's so much simpler and faster than inserting my card into the atm, punching my 5 digit PIN, clicking on the 20$ or 40$ (or whatever amount) fast withdrawal button, and getting my cash.

      * I don't know how you do that for your bank's app, but mine asks for the 16 digits of my banking card, and a password. It takes a long time to enter...

      --
      Try it! Library of Babel
  8. Market will decide by justcauseisjustthat · · Score: 1

    It's interesting that every vendor tries a slightly different approach to give or get money, it's probably going to take 5-10 yrs for a standard to prevail.
    By the time this new standard prevails there will be an approach using quantum encryption using Personal IDs.

  9. Fie by Iamthecheese · · Score: 2

    Combine it with the war on cash. Up next: Anyone not wearing a trackable GPS chip at all times is forbidden from using money.

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    1. Re: Fie by Anonymous Coward · · Score: 0

      Yes that is exactly what this is about. The banks and tax collectors hate cold hard cash. If everything was electronic they can track everything and make sure you and the business you're dealing with pays taxes and prevent you from purchasing something that you may not want tracked. Like the 4 ounces of weed I smoke every month

    2. Re:Fie by Anonymous Coward · · Score: 0

      Combine it with the war on cash. Up next: Anyone not wearing a trackable GPS chip at all times is forbidden from using money.

      Are you having a hard time finding people to take your cash, or are you full of shit?

  10. So 5 Minutes Ago! by Anonymous Coward · · Score: 0

    A number of banks do a function like this locally already:
    https://www.commbank.com.au/personal/online-banking/commbank-app/cardless-cash.html

    Best thing is you can actually use it for you to let someone else get money from your account if you really want. [i.e. kids lost wallet and can't get home type deals]

    1. Re:So 5 Minutes Ago! by Anonymous Coward · · Score: 0

      "Best thing is you can actually use it for you to let someone else get money from your account if you really want. [i.e. kids lost wallet and can't get home type deals]"

      This is a solved problem.

      Create a bank account for your kids, give them a card to it. Let them put their pocket money in it. Typically, knowing what most kids are like, this account will be mostly empty most of the time.

      You get a call from your kid(s) one day and they're broke and stuck someplace and you want to send them some money so they can get home. Easy. Just log into your online banking, transfer the amount to their account, and they can then walk up to *any* ATM and get the money out. If your account is with the same bank as your kids then the transfer really is instant, if not, they may have to wait a bit.

      See? Solved problem.

      The other solution is to make your lazy ass useless kids sit on the side of the road for a few hours as punishment until you can be bothered to go and get them. They need to **learn** (kids remember) that making mistakes brings about some kind of punishment. Without that negative reinforcement how else will they learn?

      PS: For the sake of this discussion we're assuming the kids are by themselves in an age-appropriate place in the first place.

  11. DO NOT WANT. by kheldan · · Score: 1

    Leave the cardreader in it for those of us who prefer to not waste time with data-leaking, security-hole-ridden so-called 'smartphones'.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:DO NOT WANT. by Anonymous Coward · · Score: 0

      Completely agree. I downgraded from smartphone back to dumbphone and have been happy ever since. My card works great. I don't care if it is old and old-fashioned, that's how I like it.

      Please, however, get those chip readers rolled out. Far too many places still use the magnetic stripe. In the modern day, that is outright negligent.

    2. Re: DO NOT WANT. by Anonymous Coward · · Score: 0

      Well every place small and big around me have chip reader pin pads. Unfortunately only the really big box stores, target, Wal-Mart etc accept the cards. All others. Even Safeway, Fred Meyer, home depot, etc only let you swipe

  12. Not new by Anonymous Coward · · Score: 0

    Australia has had this since 2014

  13. DOJ suggests... by Anonymous Coward · · Score: 0

    iPhone support be rolled out first for this. And also wants to remind everyone to ApplePay your taxes on time this year!

  14. Australian Banks do this already by Anonymous Coward · · Score: 0

    Sounds like what a few Australian Banks do, but instead of a QRcode, you punch in a password that shows up on your phone

  15. Which 28 Banks? by ohnocitizen · · Score: 1

    It's annoying the article doesn't list the banks.

    1. Re:Which 28 Banks? by Known+Nutter · · Score: 1

      Chase is one.

      http://www.nbcchicago.com/news...

      I'm sure all the rest are right behind them.

      --
      Beware of the Leopard.
    2. Re:Which 28 Banks? by Anonymous Coward · · Score: 1

      Well, it is an International Business Times story. They probably just noticed this 2-year old news release on the subject, FIS Mobile Wallet Earns Prestigious Frost & Sullivan Customer Value Enhancement Award

  16. Marketing B.S. by Nunya666 · · Score: 0

    TFA says the new method will be faster. I call B.S. Using the new method, you have to interact with an app to generate a code. There is no way in hell that is faster than typing my PIN into an ATM.

    Also, how can this be secured for the majority of users who do not lock their phones? Granted, an ATM could be modified to have a retina scanner or fingerprint scanner. But TFA says some machines would only need a software update. Wait until Jane Doe loses her phone (or it gets stolen) and a thief uses this new app to clean out her bank account.

    1. Re:Marketing B.S. by jrumney · · Score: 1

      I think when they say "faster", they mean less time spent using the ATM, since a large part of the process can be done before you get there, or while queuing. Of course in reality, what will happen is people will queue up for the machine, then pull out their phone once they get to the front of the queue and start with their transaction, holding the queue up even more.

    2. Re:Marketing B.S. by kuzb · · Score: 1

      They'll require a PIN still, you'll just need to enter it on your phone. So even if the attacker has access to the software, they'll still have to figure out the PIN which will likely lock the account after too many tries.

      --
      BeauHD. Worst editor since kdawson.
  17. This isn't new by jonwil · · Score: 2

    Several banks here in Australia (the Commonwealth for one and I think also Westpac) have had the "get cash via a phone app" option for a while now (where you log onto the online banking app on your phone and get a code that you key into the ATM which will then give you cash without a card). Other banks (like the ANZ) are trialing a NFC solution where you can tap with your compatible NFC phone on a reader on the ATM instead of using your card.

    There is no increase security issue with the cash-via-phone-app option as implemented by the Australian banks that have done it since the thief needs to steal your online banking password (and if they have that, they can transfer money via direct transfer to another account they control rather than risk being caught by an ATM camera withdrawing cash using this technology)

    In fact the technology makes things more secure in that your account details cant be stolen by a card skimmer attached to the ATM.

    1. Re:This isn't new by Anonymous Coward · · Score: 0

      The primary attraction of these smartphone based solutions, in my opinion, is not having to actually touch the yucky and nasty ATM keypad or screen which has been sneezed, coughed and spat upon by the general public. Arguably, the cash itself isn't much better, but the keypad of the ATM is quite possibly the dirtiest and nastiest surface that one encounters in everyday life. Even the restroom door handle is better because it's made of metal, unlike the ATM keys which tend to be either plastic or covered in plastic.

    2. Re:This isn't new by Anonymous Coward · · Score: 0

      I agree with you on this the cashless option that Commonwealth offers is very safe and a great add on to a already good banking app

    3. Re:This isn't new by Anonymous Coward · · Score: 0

      How many people take their mobile phone into the toilet with them?

    4. Re:This isn't new by Anonymous Coward · · Score: 0

      There is no increase security issue with the cash-via-phone-app option

      You've missed the security issue: by requiring you to run the bank's unaudited code, this option potentially exposes your phone's contents to the bank.

    5. Re:This isn't new by Anonymous Coward · · Score: 0

      More secure? I'm sure that the people writing data collecting malware will be absolutely unable to keylog your password and send your banking details for duplication without you ever knowing. It's not like there's a financial incentive for them. Screen scrapers aren't even a thing.

      I left my previous bank (Lloyds TSB) because they don't offer two factor authentication with a device that generates a temporary code to allow you to login to online banking. The one I have from HSBC requires a PIN to generate a code that lasts for 15 seconds which is used in tandem with my password AND a security question to login. When all you are relying on is a single password and an easily duplicated NFC device (NFC ReTag is the first thing that comes to mind) you are spreading your security very thinly indeed. I hate the fact that I'm now a HSBC customer given their history of laundering colossal sums of money for drug cartels but their online banking is the most secure so that's where I'll bank.

      It's a different attack vector but it's still a vector. Using actual money removes all risk of digital fraud and things like identity theft. Identity theft ruins lives. If I get robbed of my cash once I lose my cash. If I get robbed of my identity I get robbed potentially of my entire line of credit and there is, despite what you imply, NO guarantee that you get that money back at all. Even if you do you'll have to fight for it and that can take years and a lot of litigation. Lawyers aren't known for paying for themselves. I wonder if they take cash?

  18. You don't have this? by Anonymous Coward · · Score: 0

    Wait, you guys don't have this already? This is not new technology, we've even had it in Australia for a few years now and we are usually behind the times!

    1. Re:You don't have this? by Anonymous Coward · · Score: 0

      The US is behind with a lot of CC related tech (chip and pin etc).

  19. When did I last visit an ATM? by 93+Escort+Wagon · · Score: 1

    I don't think I've pulled cash from a cash machine in at least five years. I hardly use cash, although I do tend to keep an "emergency" $20 in my wallet. But pretty much every store I frequent asks me if I want cash back whenever I shop anyway - no extra trip to the ATM needed.

    --
    #DeleteChrome
    1. Re:When did I last visit an ATM? by Anonymous Coward · · Score: 0

      yes but you're only one person. my butt smells bad, too.

  20. SQRL? by Chrontius · · Score: 1

    If they're using SQRL, then I don't have any new security concerns.

    https://en.wikipedia.org/wiki/...
    https://www.grc.com/sqrl/sqrl....

    Keep your phone secure, and the authentication scheme is really hard to break.

  21. This is a game of pass the buck. by kuzb · · Score: 5, Insightful

    Now it won't be their system which is insecure, it'll be your phone. This gives them another layer of defense against their often laughably bad security.

    --
    BeauHD. Worst editor since kdawson.
    1. Re:This is a game of pass the buck. by shawn2772 · · Score: 1

      Now it won't be their system which is insecure, it'll be your phone. This gives them another layer of defense against their often laughably bad security.

      Except that, according to federal law, they're liable for the fraud anyway.

      To be precise, for ATM and debit cards (which this would be), your liability varies according to how quickly you report a lost or stolen card. $0 if you report the loss before it's used, $50 if you report the loss within two days after you learn about it, $500 if you report it within 60 days after your statement (containing fraudulent transactions) is sent to you. For a phone-based version, if it turns out to be vulnerable to attacks and you're defrauded as a result of that while the phone is in your possession, the FTC would force the banks to eat all of the fraud because there's no way you could have known to report. If your phone is lost or stolen, the normal reporting rules would apply.

      Also, it's rather ridiculous that you think your phone is less secure than a piece of plastic with a magnetic stripe on it. The security of your ATM/debit card, what there is of it, lies entirely in the PIN because copying magnetic stripes is trivial (called "skimming"). And that PIN doesn't provide much security because the classic way to commit ATM/debit card fraud is with a fake ATM or point of sale device which captures your magstripe when you swipe, and your PIN when you enter it.

      Your phone does have additional attack vectors because it is a networked device, but mobile phone OSes already have protections in place to mitigate that. iOS has the secure enclave and Android has the hardware-backed keystore[*], both of which allow the phone to carry non-extractable cryptographic credentials which are bound to user authentication (though Android only started providing the authentication binding in Marshmallow, so it'll be a couple of years before it's widespread, but it'll take longer than that to widely deploy new ATMs).

      Banks will also apply their normal risk management engines to decide if the transaction is legitimate, and the phone offers a far richer set of data elements they can use, making it harder to convince their systems that a fraudulent transaction isn't legitimate.

      Banks clearly are not "passing the buck", because federal law won't let them. No, they're doing this because it really will be more secure, which will save them money by reducing the fraud they have to cover. This is a totally self-interested move on their part, sure, and the goal is to reduce fraud liability, but your cynical interpretation of how that will happen is dead wrong.

    2. Re: This is a game of pass the buck. by Anonymous Coward · · Score: 0

      What magnetic stripe? Cards have had chips and pins on them for the last 15 years!

  22. No by s.petry · · Score: 1

    In fact the technology makes things more secure in that your account details cant be stolen by a card skimmer attached to the ATM.

    Impossible, and a BS justification. Okay, a card skimmer is not a problem, but a MITM attack and screen scraper app are possible on your phone and not on a credit/atm card. You are trading risks, and not in favor of the phone. Safer? Not a chance.

    Kind of like everything else that goes 100% on line, it's more risk and prone to problems. But, we all get to pay for increased premiums to pay for damages so who cares right?

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:No by Martin+Blank · · Score: 1

      It's a different risk profile, but that does not necessarily mean more risk. In this case, the screen scraper app is going to hit far fewer users of the ATM than the card skimmer would, and it would probably be discovered quickly as the codes generated by an authorized user were used elsewhere and the user noticed money missing. Preventing this becomes fairly simple: make the code only work within some specific time and distance of where it was generated. If it has to be used within ten minutes and five miles of being generated, it's much harder to use even if the phone is compromised. If it's not used, it become invalid and has to be regenerated.

      --
      You can never go home again... but I guess you can shop there.
    2. Re:No by stoborrobots · · Score: 1

      ... a MITM attack and screen scraper app are possible on your phone and not on a credit/atm card. You are trading risks, and not in favor of the phone. Safer? Not a chance.

      There's no more exposure than simply having online banking in the first place. If you have online access to your account, then MITM and screen scrapers are already a risk. Adding cardless cash support does not increase that risk appreciably.

      Stolen card attacks via ATM are already a risk. Online banking is already a risk.

      Most people who use cardless cash in Australia also have an ATM card, however they have the option of using the app if they are without their card for some reason. This does not increase their exposure over someone who already has online banking and an ATM card.

      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
    3. Re:No by thegarbz · · Score: 1

      Impossible, and a BS justification. Okay, a card skimmer is not a problem, but a MITM attack and screen scraper app are possible on your phone and not on a credit/atm card. You are trading risks, and not in favor of the phone. Safer? Not a chance.

      I'll happily trade a risk for something I know and I'm in control of compared to something unknown that I can't control.

      Want to keep your phone secure? Don't install shady apps.
      Want to avoid your card getting skimmed? Don't use ATMs with card skim.... wait what does a card skimmer look like?

      While you're at it if you steal my phone you still need my banking password. If you steal my credit card you can go nuts doing online purchases (it has happened to me before), or you can enjoy any number of sub $50 purchases using PayPass. These are risks I'll happily trade.

    4. Re:No by redback · · Score: 1

      You have to chose the specific ATM to generate the code.

    5. Re:No by Martin+Blank · · Score: 1

      That makes it even more secure.

      --
      You can never go home again... but I guess you can shop there.
  23. Your phone is your key by mveloso · · Score: 1

    Your phone is your hardware key. With your phone in hand, they can assume (or ensure) that your authorization and identity are mostly guaranteed.

    This is essentially what Apple did with ITunes and iPods; the iPod is a hardware key for access to DRM content. I assume it's the same with the iPhone/FairPlay video.

    TouchID works on different principles, but the idea is the same: security is (mostly) guaranteed with hardware. Apple can guarantee authorization and identity with TouchID. That makes it a bit more dangerous, because you can accidentally grant authorization to someone. But at least Apple can argue that it was you who did the grant and not person Z.

  24. More BS by s.petry · · Score: 1

    Seriously, stop and use your brain for a while. If the Phone is subject to a screen scraper, and the reader is subject to a similar app (think skimmer) then you have just doubled your points of entry for a bad guy. It does not matter how long the code is good for, because telecommunications is fast for bad guys too. Code must be used in X radius is not a huge restriction in a city. Maybe out in the sticks.

    I can't stop the ignorant from thinking that on-line is secure, but I'm not going to fall for the gag and lie to people. Want secure? Use CASH! I do this all the time, and it's amazing how little risk I face for card skimmers. You can use on-line all you want, but I want you to pay for the insurance. Want to pay with your phone, go right ahead. Pay the insurance and be responsible for that too.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:More BS by jonwil · · Score: 1

      The system in use by the Commonwealth Bank requires both a unique code (given to you by the app) and also a pin number sent to you via SMS (meaning a thief needs to be able to steal both numbers somehow). Oh and the codes are one-time-use only and expire after 30 minutes so the thief needs to be able to get to a Commonwealth Bank ATM within 30 minutes and hope the legitimate owner of the account hasn't used the code in the mean time.

      So for a screen scraper to be useful the hacker would need to specifically write it to look for and steal both the code AND SMS'd pin at the same time. And they would need to have someone stationed right next to a Commonwealth Bank ATM at that point to run the transaction through before the legitimate account holder (who would probably be right next to an ATM at the time they are using the phone app) runs the transaction.

  25. Stinky BS by Anonymous Coward · · Score: 0

    You are trading more security against card skimmers with less security against muggers and thieves.

    Why do you think CC is so popular? In more densely populated areas, it is extremely convenient to not be carrying cash around where it can be stolen or outright taken from you. If your card did get compromised, you have some fallback (still, please don't be carting a debit card around, that's just asking for problems) against purchases that are not yours and easily proven to not be yours. If you lose the card, or if it's stolen regardless if the CC is used fraudulently, you can get a new one. If you lose your cash, you are out that money, period.

    Please stop with the name calling, especially when you are pushing a solution that easily shifts risk unacceptably in many plausible scenarios.

    1. Re:Stinky BS by Anonymous Coward · · Score: 0

      Why do you think CC is so popular? In more densely populated areas, it is extremely convenient to not be carrying cash around where it can be stolen or outright taken from you. If your card did get compromised, you have some fallback (still, please don't be carting a debit card around, that's just asking for problems) against purchases that are not yours and easily proven to not be yours. If you lose the card, or if it's stolen regardless if the CC is used fraudulently, you can get a new one. If you lose your cash, you are out that money, period.

      I've been using cash for more than 40 years. I have never been mugged, pickpocketed, nor lost a wallet.

      In the past three years alone, I have had my credit cards and SSN compromised by Anthem, Home Depot, Target, my state's DMV, and I know people whose entire life histories were compromised by the OPM.

      In what universe is cash less secure than cards?

    2. Re:Stinky BS by Martin+Blank · · Score: 1

      Ever walk up to a store where there's an armored truck idling outside? The crew is armed, and that's because the trucks are targets, with an attempt against them every so often. You don't see remotely that level of physical security involved with credit card transactions. Look at the marijuana stores in Colorado and Washington that have trouble getting bank accounts and consider the risks involved with all-cash transactions.

      Your compromises almost exactly match mine (I wasn't lucky enough to be part of the Target breach, but it did happen with a small restaurant), and my wife was affected by the OPM breach. You can get your money back from credit card fraud, and for most people, the OPM hack was an inconvenience and some free credit monitoring. Security in general does have to get better, but it's still a far cry from the risks associated with carrying cash. Once cash is gone, it's gone. Maybe you get something back if you have insurance, but you're paying for that along the way.

      --
      You can never go home again... but I guess you can shop there.
  26. more progress to mark of the beast by Anonymous Coward · · Score: 0

    first something is voluntary
    then it becomes mandatory

    we've seen this time and time again.

    the beast chips are coming soon.

  27. Great... I'm sure the bank apps will admin rights by Anonymous Coward · · Score: 0

    Get them used to using it, and up the permission's with each version.

  28. old thing in Europe by Anonymous Coward · · Score: 0

    In Poland system like this was introduced in largest Polish bank 3 years ago - it is called blik or iko.

    2 drawbacks:

    1. You need Internet for it to work

    2. If someone hacks your phone you are screwed

  29. time to stop calling these things "smart phones". by pezpunk · · Score: 1

    seriously, phone calls is like 1% of what people use these things for.

    in addition to being a portable gaming system, email device, messaging tool, web browser, photo/video camera, walkman, television, alarm clock, weather forecaster, pinball leveler, and about a million other things, the future of this device is clearly moving in the direction of replacing things like photo ID and credit card. the term "smartphone" does not fit. it's like calling a car a "smart chair".

    --
    i could live a little longer in this prison
  30. US competing for most insecure worldwide? by Anonymous Coward · · Score: 0

    Instead of fixing your social security number problem, you add one more easily hacked device to the mix?

  31. Japan... by Anonymous Coward · · Score: 0

    Their smartphone has essentially replaced their wallet in Japan.. they even pay for transport(bus/train) with their smartphone, like seriously, the rest of the world is FAR behind.

  32. Set sail for fail! by Anonymous Coward · · Score: 0

    Too many smart-phones that are in service no longer receive security updates. Now you want to trust an app on an unpatched device? That's better than carrying a card? You people are insane.

  33. Re:time to stop calling these things "smart phones by GuB-42 · · Score: 1

    At least almost everyone uses their smartphone to make phone calls, among other things.
    But when is the last time you've actually seen gloves in a glove box?

  34. new phone names by Anonymous Coward · · Score: 0

    "position logger", "personal surveillance device", "tracker", "why am i paying for this thing", "big brothers sensor platform" , "privacy-b-gone"?

    I agree, these devices... they aren't really phones.

  35. Real advantages are as follows: by gurps_npc · · Score: 1
    1) Company doesn't have to make, send, or replace a card

    2) You are less likely to misplace your phone - and you will personally pay to replace it.

    3) You can begin the transaction before you get to the machine, so if there is a line, in effect, it is faster.

    4) I can enter the code on my phone, take a snapshot and email it to you, then you can go to my bank and take the money out of my account. I just made a no fee way to email cash, as long as I have it in the account.

    5) If you don't have a debit card, you can't mistakenly use it instead of a credit card, nor will you be tempted to do so on purpose. This negates the vicious attempt by the banks to charge you fees for overdrafting.

    --
    excitingthingstodo.blogspot.com
  36. Additional authentication by phorm · · Score: 1

    I would accept the phone as an *additional* authentication method, but certainly not as the only one. It shouldn't be hard to tie large purchases to a banking app for authentication. Heck, in a lot of places groundwork for this is partially in-place already:
    * Various banks including my own allow you to increase your daily debit/transaction limit to nearly $10k if you call in to pre-authorize it for a set period. You still need the debit card and PIN of course
    * My credit card company has periodically put a brief hold on an unusual large transaction, which was followed by a verification phone-call. The last time it happened I had bought gum, gas, and then a big-screen TV (apparently a common pattern for those testing a recently-stolen card). The TV purchase was initially denied, but I got a call then-and-there on my mobile from Visa asking if it was me making the purchase for $X at location Y, then it was approved.

    So tie the above into a mobile app. If spending exceeds a daily, hourly, or per-transaction limit, require that it be authorized on the mobile app (with password) before processing further transactions. Your card/PIN would still be required to complete the transaction as well, but this helps prevent somebody from stealing your card and making a bunch of withdrawals/purchases if they stole the card and shoulder-surfed (or had a camera on) your PIN.

  37. Oh great by JustAnotherOldGuy · · Score: 1

    ...another vector for someone to steal my money, meddle with my finances, or break into my bank account.

    Nothing could possibly go wrong with this idea. Because, you know, smartphones are SO secure and everything.

    DO. NOT. WANT.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  38. Crazy country by Anonymous Coward · · Score: 0

    Upgrading to Chip and PIN smartcards was deemed too costly, but adding this feature isn't?

  39. Real disadvantages are as follows: by Anonymous Coward · · Score: 0

    0) Company has to make, send, and upgrade an app and all the back-end to support it.
    1) You must have an expensive cell plan with data access (I currently pay under $80 a year w/o data)
    2) You need a charged phone with service on you anytime you want to get money (not a problem for everyone addicted to their phones).
    3) If your battery dies you can't get money to buy a new battery.
    4) How the fuck is having to pay to replace your phone a good thing? You don't have to pay to replace a lost card. (or was this a corporate benefit and not a user benefit?)
    5) You need to use an app that'll be spying on your phone.
    6) In a year you're going to start paying app fees to use this service.

    Your 4 is currently illegal (and never will be legal here in USA :( ). You're allowed to give people access to your account like that.
    If you have problems identifying your cards, put a label on them.

  40. ATM CARD. by Anonymous Coward · · Score: 0

    We are in the business of making others rich within the shortest period of time. come get your blank ATM card today and be among the lucky ones. This PROGRAMMED blank ATM card is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I'm rich and I can never be poor again. The least money I get in a day with it is about $30,000.Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTV to detect you..For details on how to get yours today, email the hackers on : benson.blankatmcard@gmail.com

  41. Finally! by JamesHolliberg · · Score: 1

    Very good! Finally! It's probably the most discussed topic for any business :) Thank you for the advice. I used to build long-standing relationships with my partners and customers, so money is a crucial point here. My experience shows, that company is doing well being secure with its funds. That's why I cooperate with https://worldcore.eu/Public/Fo... to make money transfers. The system provides p2p no-fees transfers, so it was a great solution for my business. And I can keep the track of all money flows easily, as transfers are accomplished with same day approval. Perfect for enterprenuers!