The Rise of Cardless ATMs: Security and Convenience For The Modern Consumer

Consumers today often demand two things that can be inherently contradictory: increased convenience and increased security. Fortunately, with respect to banking, the two can go hand in-hand. One excellent example is the cardless ATM.

Although world economies continue to shift towards cashless transactions and digital currency and payments, cash remains the prevalent payment method across the world. And consumers get cash from ATMs. But consumer convenience, concerns about ATM fraud devices and the necessities of the COVID pandemic have joined to make consumers more wary of ATM usage.

Cardless ATM’s help resolve these issues, eliminating a card from the user’s wallet and reducing the overall amount of contact consumers have with common surfaces such as ATM screens or keypads.

How do cardless ATMs work?

Cardless transactions are becoming the new norm across Europe and North America. Any online shopper is familiar with simply entering their card data into a form to complete their purchase. But modern businesses are having to rely on accounting systems that have features allowing card-not-present transactions, meaning the online shopper does not even need to have their card information available.

Cardless ATMs rely on either near-field communication or QR code readers.

Near-field communication (NFC)

Most smartphone users are familiar with NFC from contactless credit or debit card transactions or use of ApplePay or other similar contactless payment services on their phones or connected devices such as smartwatches. NFC is a low-speed, radio frequency communication connection that bridges distances of less than 4 cm.

In an NFC-enabled ATM, the user opens a banking app on an enabled device and brings the device within proximity of the NFC chip in the ATM. This replaces the traditional insertion of the card in the ATM. The user may then be prompted to enter their banking PIN.

QR codes

QR-enabled ATMs work in a similar manner. Using their bank’s mobile app, users scan an ATM-generated QR code. This verifies the user’s identity and allows the user to conduct their transaction. Much of the interaction is between the user and their smartphone, rather than between the user and the ATM, including entry of the user’s PIN number and selection of their transaction (e.g. withdrawal) and any associated amount.

One recent and widely-adopted implementation of QR-code enabled ATMs works through India’s Unified Payments Interface (UPI). The UPI is a real-time electronic payment system in use in over 200 Indian banks for facilitating inter-bank transfers.

NCR, the maker of many ATM’s, recently launched an initiative to allow cardless transactions at UPI-enabled machines across India. Users can use UPI-enabled applications on their smartphones, such as Google’s GPay, to make withdrawals from UPI-enabled ATMs. One Indian bank has already upgraded the software in more than 1500 ATM’s to allow cardless transactions.

Biometrics

Just as many smartphones now have biometric access features such as fingerprint readers or facial recognition for gaining access to the phone or their applications, cardless ATM transactions can work through biometrics. As most biometric ATMs rely on fingerprint readers built into the ATM, however, they are less secure against health concerns.

Are cardless ATMs secure?

Once concern consumers have about no-card ATMs is their security compared to traditional ATMs. While no system will ever be 100% secure against fraud, cardless transactions are actually more secure than traditional transactions.

More secure against typical ATM card scams

First, cardless transactions are not susceptible to highly effective card fraud efforts, such as card skimming. In ATM card skimming, criminals place a skin over the face of the ATM machine.

The ATM user sees a normal ATM machine, but when they insert their card, the card’s data is intercepted by the skimming device. Skimmers are frequently used in conjunction with hidden cameras aimed at the ATM keypad that allow interception of the user’s PIN as they enter it.

With a cardless ATM transaction, there is no physical card from which criminals can steal data. Moreover, because most of the data entry is on the user’s phone rather than the keypad, there is less opportunity for the criminal to access sensitive information such as the user’s PIN.

More secure against loss

One potential concern about cardless ATM access is what happens when a user loses their phone. But this situation is also likely less of a problem than losing a card.

First, due to the difference in sizes and amount of use, it is much easier to lose an ATM card than it is to lose a phone. And when a user loses an ATM card that they have signed, anyone who picks up the card may be able to use it to fraudulently access the user’s accounts, particularly as they will have the 3-digit card security code (CSC) on the back of the card.

In contrast, if a user loses their (properly-secured) phone, there should be a series of hurdles a criminal would have to overcome before being able to access user accounts. This includes the user’s password or biometrics for opening the phone, the password for the user’s banking app (and any two-factor authentication not directly tied to the phone), and the user’s banking PIN.

And, unlike ATM cards, most smartphones have built-in services that allow users to easily locate and disable a lost phone, even though some users have valid security concerns about location services.

More secure against health threats

As the COVID-pandemic developed and scientists attempted to assess the methods of transmission for COVID, people rightfully became concerned about touching surfaces with frequent contact by members of the public. Nations across the world encouraged consumers to use more secure payment systems when available and asked businesses to shift payments towards contactless systems.

The same concern applies to ATM machine usage. Cardless systems reduce the amount of contact a user must make with the ATM machine, focusing contact on the user’s phone instead. Minimizing contact with common surfaces reduces the likelihood that a user will contract a communicable illness. Preferred cardless ATM systems would rely wholly on the user’s phone and communication between the phone and the ATM, rather than requiring the user to touch any part of the ATM, whether card reader, screen or keypad.

Conclusion

Cardless ATM systems offer banking consumers a secure and efficient banking experience. They allow the user to carry one less item they can potentially lose and avoid contact with surfaces that are subject to contamination, all while efficiently conducting their financial transactions. Expect to see them become the standard in the near future.