Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Banks To Test ATMs Which Accept Your Smartphone Instead Of Cards (ibtimes.co.uk)

Posted by BeauHD on from the gimme-your-smartphone dept.

Dozens of banks in the US are updating their ATMs, or installing new ones, in order to allow customers to withdraw cash without using bank cards. A new cardless system will be rolled out at around 2,000 cash machines across the US, operated by at least 28 banks, including giants like Wells Fargo, Bank of America and Chase. Under the new system, people can order cash on an app on their phone, and then scan a code at the ATM to receive their money, all without inserting a card or entering a PIN. The developers of the system insist that smartphone technology makes for faster and more secure transactions. More banks are expected to adopt the technology soon.

22 of 148 comments (clear)

  1. Sounds a bit sketchy... by Frosty+Piss · · Score: 4, Insightful

    I'm not really technically competent to make a valid argument against this, but my "gut" says... No! Maybe I'm just an ignorant Luddite that longs for my black rotary phone, but my uneducated imagination flows over with ideas and visions of how wrong this could go. My new ATM card has a chip, I'll stick with that for the time being.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 2, Insightful

      I'm betting it's that the banks see some sort of additional revenue stream from doing this. Maybe they think they'll get higher overdraft fees by making withdraws easier to screw up? Without the phone maybe liability lies with customer not bank, since without a PIN the customer has less of a case to claim it wasn't them who made the withdrawal?

    2. Re:Sounds a bit sketchy... by TapeCutter · · Score: 5, Insightful

      Many people in poor nations do not have access to banking facilities but they do have a mobile phone. Paying for things via your phone (as opposed to a card) is the normal way of doing business for a large chunk of the world's population.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    3. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 3, Informative

      This sounds like you fundamentally didn't understand how the "money market" account you had worked.

      I'm not going to defend BoA here, but many people simply don't understand the difference between a savings account, checking account, and other "higher interest" accounts. Paypal is another example of a "money market" account. Never use a money-market account as anything other than a store of value, because you can, and likely will lose money if you repeatedly put money in it and take it out before any calculations can be performed on it.

      The poster above describes a Money Market account that they were using as a checking account. It's also likely that BoA didn't go after the poster for the overdraft charges because it's easier to write off customer dissatisfaction claims than it is to sell it to a collections agency.

      As for the topic, everyone knows that scanning a barcode is a bad idea to transfer money. All one needs to do is swipe the smartphone while it's unlocked, and clean someone out. This is another example of where the biometric and the pin need to be combined to work. A similar issue can be created by having the banking app on the phone hijacked (hello Android phones) and the thief needs merely show the barcode at the ATM to get the money without any confirmation.

      As it is, the correct solution really is to cut out middleman, just use credit/debit over NFC or with the EMV chip everywhere you can, and avoid touching gross physical cash.

    4. Re:Sounds a bit sketchy... by rtb61 · · Score: 4, Insightful

      So basically, you give up your wallet and the threat of being mugged for the cash in your wallet for, hmmmm, for log in access to your phone banking account and transfer money or else and what happens after money transferred, how to keep you silent, hmmm, let me think. Yeah, nah, fuck off with the crazy idea of carrying around my bank account with my life being the guarantee of handing over the password and my life being in the balance when it comes to my not complaining about the illegal access to my account. Sure steal my cash, steal my credit card but stealing access to my bank account, that's real risky business. I'm thinking a T-Shirt, "My phone is not, absolutely not, linked to my bank account, please point your gun at the next available auto-teller". Swapping your phone for the ATM where you become an ATM.

      --
      Chaos - everything, everywhere, everywhen
    5. Re:Sounds a bit sketchy... by Martin+Blank · · Score: 4, Informative

      The phones are cheap, plans are prepaid (and cheap), it's safer than carrying cash, and the mobile networks are ubiquitous. While the US has only recently been getting on board with transferring money by phones, much of Africa has been doing it for years.

      Example: A Samsung Note 2 (not the latest and greatest, but still a decent phone) from Jumia Kenya is 550 Kenyan shillings. According to xe.com, that's about US$5.39, based on an exchange rate of about 102 Ksh to the US dollar.

      Being poor doesn't mean being disconnected. Poverty hasn't been a barrier to mobile phone use in other parts of the world for many years. Even in Afghanistan, cell phone towers are common even in the remote regions, because they get used.

      --
      You can never go home again... but I guess you can shop there.
    6. Re:Sounds a bit sketchy... by ShanghaiBill · · Score: 4, Informative

      And those same poor people have money for a smart phone how exactly?

      By working and getting paid for it. In much of Africa, you can buy a phone capable of financial transactions for less than $20 new, and less than $5 used. It is considered important enough that most households will buy a cellphone before they buy a TV or refrigerator.

      It's the same as a credit card

      You cannot use a credit card for peer-to-peer transactions, and a CC is much harder for a poor person to get than a cellphone.

      while having dependency on some type of connectivity for the Cell.

      You must be an American. In much of the rest of the world, cell coverage is ubiquitous.

    7. Re:Sounds a bit sketchy... by Anonymous Coward · · Score: 3, Insightful

      And those same poor people have money for a smart phone how exactly?

      There are many millions of "poor" people in Asia and Africa with smart phones who are paying $3 to $5 per month for the same phones and better plans than those offered in the US. The idea that a phone, which can be manufactured for $40, should cost you $80/month for two years, subject to ridiculous throttling/caps/degradation of service, plus enormous fees if you try to switch carriers, is strictly an American concept and frankly I don't understand why you tolerate it. Throughout most of the world there are no contracts, you can buy SIM cards out of vending machines that will work in any phone, and it's all extremely cheap.

    8. Re:Sounds a bit sketchy... by OolimPhon · · Score: 2

      In practice, the only time someone has it unlocked is while they are using it. And you'd need to be in the bank app for it to matter. So the crook would have to be wandering public, looking for people using a banking app, then swipe the phone, and get to an ATM before the robbed person could call their bank.

      You just said it yourself. All the crook has to do is stand near an ATM and wait for somebody with a smartphone to use it.

    9. Re:Sounds a bit sketchy... by Charcharodon · · Score: 2

      You obviously never had a phone in Europe, the rates and phone prices are even worse than the US.

  2. obligatory by Anonymous Coward · · Score: 2, Informative

    Choosing 'that' vs. 'which': http://www.dailywritingtips.co...

  3. So now if I get mugged... by swamp_ig · · Score: 2

    Not only do I potentially get assaulted, and all my stuff stolen, but they can drain my bank account too? Doesn't this just paint a big target on the back of anyone who carries a smart phone?

    I like pay-pass, the way it works in aus is there's a maximum amount per transaction where you can use contactless without a pin. Hopefully it will be the same for this?

  4. Cardless cash by well_in_theory · · Score: 4, Informative

    A version of this is already widely in use in Australia. Log into bank via smartphone, request amount of cash, receive code. Go to that bank's ATM, request cardless cash, enter code, ???, cash! I no longer carry a wallet, just my smartphone with 3-card slimline case containing my ID/drivers licence, public transport RFID card, and credit card. I'm able to slip a $20 in there too for the few remaining places who either don't take credit or charge a fee to do so.

    1. Re:Cardless cash by well_in_theory · · Score: 3, Informative

      Sure, all they need is my fingerprint to access the phone, know which bank I'm with, know that that I'm registered for cardless cash at said bank, my fingerprint again to access the app, and possibly my fingerprint again to request the funds.

      But sure, a card and 4 digits is totally more secure.

    2. Re:Cardless cash by Grishnakh · · Score: 4, Insightful

      I hate to break it to you, but it's not hard for a mugger to get your fingerprint. All they need is a knife....

    3. Re:Cardless cash by well_in_theory · · Score: 2

      If I'm suddenly in a position where losing a finger during a mugging is a genuine concern, I'll look into better protecting my hundreds of dollars.

      Are there actual documented cases of small-time crooks in a civilized country using fingerprint harvesting off secondary sources to get into a smartphone? Maybe I just live in a country where tinfoil hats aren't so necessary.

    4. Re:Cardless cash by well_in_theory · · Score: 2

      I'm still going to guess the $5 wrench (https://xkcd.com/538/) gets used more than whatever is required to fool TouchID in the time it takes me to register that my phone/card is missing and report it as such. I don't *think* I have a network of spies tracking my every move and lifting my prints off of water glasses in order to obtain my hundreds of dollars, but perhaps that's just because they don't *want* me to think that, right?

      How do you paranoids ever leave the house?

    5. Re:Cardless cash by Anonymous Coward · · Score: 2, Insightful

      That's why you make sure at least two fingers get you into your phone. Or you could use a toe.

      For the most part, a PIN is more secure than a fingerprint, but this is owing to the current level of accuracy in fingerprint readers. Like a gelatin (eg gummybear) finger can get into a fingerprint reader because it has just enough depth to look like a real finger, but fingerprint sensors could be improved to actually care about opacity and temperature to secure it better. So cutting a finger off wouldn't work, and a gummyfinger would't be stable enough at body temperature.

      Other biometrics are more fun. Facial recog is pretty much garbage since it can be fooled with a photo, and only works for white people. Iris scans are irrefutable (only an identical twin could fool it, and it would rely on refractive properties, so it can't be copied with a simple photo that doesn't refract light) and DNA tests are still way too slow to be useful. The problems with Iris scanning and DNA scans is that they are way too complicated and expensive and are best used for security (eg border control, bank vaults, military complexes and such) and not for poorly secured consumer applications.

      That said, an iris scan may eventually be doable with the "selfie" camera on a camera phone, and if an ATM were to be used to withdraw money, all they would need to do is have the same "selfie" camera at the ATM instead.

      But one needs to ask why bother with all this nonsense in the first place. Quit using cash for everything. So what if Visa/MC/Amex knows what you buy, are you ashamed or embarrassed by what you buy? The amount of people who are scared to buy tampons and condoms are afraid of being judged by the person ringing up the order. If you're really afraid of the person in the store, buy that stuff off Amazon.com

    6. Re:Cardless cash by Anonymous Coward · · Score: 3, Interesting

      Iris scans are irrefutable

      From wikipedia: "Many commercially available iris-recognition systems are easily fooled by presenting a high-quality photograph of a face"

      A high-quality photo of someone's iris is not hard to get. Celebrities, which tend to have money, are even used to people pointing big expensive lenses at them all the time. Anyone can pretend to be paparazzi.

      And if they have some way of rejecting paper images - well, embed the iris image in a glass eye. A fake head, heated to body temperature is not hard to pull off.

  5. Fie by Iamthecheese · · Score: 2

    Combine it with the war on cash. Up next: Anyone not wearing a trackable GPS chip at all times is forbidden from using money.

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
  6. This isn't new by jonwil · · Score: 2

    Several banks here in Australia (the Commonwealth for one and I think also Westpac) have had the "get cash via a phone app" option for a while now (where you log onto the online banking app on your phone and get a code that you key into the ATM which will then give you cash without a card). Other banks (like the ANZ) are trialing a NFC solution where you can tap with your compatible NFC phone on a reader on the ATM instead of using your card.

    There is no increase security issue with the cash-via-phone-app option as implemented by the Australian banks that have done it since the thief needs to steal your online banking password (and if they have that, they can transfer money via direct transfer to another account they control rather than risk being caught by an ATM camera withdrawing cash using this technology)

    In fact the technology makes things more secure in that your account details cant be stolen by a card skimmer attached to the ATM.

  7. This is a game of pass the buck. by kuzb · · Score: 5, Insightful

    Now it won't be their system which is insecure, it'll be your phone. This gives them another layer of defense against their often laughably bad security.

    --
    BeauHD. Worst editor since kdawson.