Cardless ATM Fraud Is Fueled By Insecure Bank Countermeasures
Cardless ATM Withdrawals Create More Fraud
Obtaining these login credentials is far too easy for criminals. WiFi hotspots, particularly at hotels and public places, are often logging all information transmitted through the connection. It doesn’t take much effort for criminals to snoop on users and what they are doing. The fact that banks have weak security when it comes to unauthorized login access is not helping matters much either.
With the login information, criminals can add new forms of 2FA, such as an additional mobile phone number. They can also change contact information for the account, and complete online transfers with relative ease. It remains a mystery as to why financial institutions do not perform thorough security checks for these types of transactions.
Criminals are only aided by the new deployment of a cardless ATM. Rather than entering the card, users can authenticate through a smartphone app. In most cases, this means logging in with the username and password combination. If anyone obtains this information, they can easily drain an entire bank account in mere hours. Hardly any bank requires users to enter their card pin or any other form of secure authentication to process withdrawals.
Even if customers can provide evidence they did not request a money withdrawal, chances are slim they get the money back. Once someone authenticated through the login and password, the bank can decide this is a legitimate transaction. Customer support is not the bread and butter of banks, and these types of decisions will only hurt their business model. It is evident cardless ATM technology is still in its infancy, and should not be deployed on a large scale.
Header image courtesy of Shutterstock