February 02, 2016
Bank of America, Wells Fargo and JPMorgan Chase have announced plans to roll out ATMs that take smartphones as well as ATM cards to authenticate transactions in an effort to reduce the likelihood of skimming and other security attacks as well as make ATM use more convenient for users.
The new ATMs will support near field communication (NFC), tap to pay technology similar to what is used in Apple Pay and Android Pay, or codes provided through a customer’s banking app, according to theLos Angeles Times.
Later this year, Chase’s ATMs will first implement a code-based authentication system that uses a temporary PIN. The company is currently working on ATMs with NFC capabilities but it is unclear when they will be made available, the Times said.
A Bank of America spokesperson told SCMagazine.com via email correspondence that the firm will begin rolling out its NFC-enabled ATMs in select cities in late February followed by a broader launch mid-year.
Wells Fargo reportedly will adopt NFC technology by the end of the year.
Some security researchers think smartphones are more secure than ATM cards and can helps banks save money in the long run.
VASCO spokesperson John Gunn told SCMagazine.com in an email correspondence that the additional methods of authentication available with a smartphone, such as biometric authentication, could help make smartphones a safer alternative.
“Using smartphones for ATM transactions enhances both the security and convenience of the ATM transaction,” said Gunn, who explained that ATM cards are vulnerable to skimming attacks, which have cost banks more than $1 billion.
Some researchers however, feel smartphones aren’t inherently safer than ATM cards.
“To hack a smartphone, one can be anywhere in the world, which exponentially increases the number of potential attackers and available skillset,” Securonix Chief Scientist Igor Baikalov said email correspondence with SCMagazine.com.
But Baikalov said that smartphone security can be boosted enough to keep the cost of breaking phones “prohibitively high” for the majority of hackers, but this might come at the cost of convenience for the user.