Who in the U.S. hasn’t used an ATM to deposit or withdraw cash? The average U.S. household withdraws cash from an ATM approximately 45 times a year1. And the ATM installed base continues to grow; it’s expected to reach 3.3 million by 20202.
But security and convenience are major concerns.
Since the dawn of ATM technology, customers have used cards and pins to log into accounts. But skimming attacks, in which a specialized device securely affixed to the mouth of the ATM secretly swipe credit and debit card information, are a growing threat. ATM theft can cost a bank $30,000 to $50,0003 per attack—not to mention the negative impact on a bank’s brand.
Meanwhile, PINs can be difficult to remember. And if the user writes their PIN down so they don’t forget, they compromise security.
At the American Banker Digital Banking conference in Austin in June, Samsung SDS, in partnership with Diebold Nixdorf, demoed the first ATM transaction that is completely cardless and pinless, improving both security and the user experience. The smartphone-based transaction uses Samsung SDS Nexsign™—a FIDO compliant biometric authentication platform combined with the Diebold Nixdorf ATM.
The two companies will showcase this demo again--this time on a next generation ATM—in the Diebold Nixdorf booth at the Money 20/20 conference in Las Vegas from October 23-25. During the conference, they will also present at a FIDO Alliance workshop to explain this compelling use case for biometrics.
Banking without Cards and Pins
Using this new technology, a banking customer simply uses the mobile bank application on their smartphone to pre-stage a cash withdrawal. After they enter their name into the app and click a login button, the app requests a fingerprint scan for biometric authentication. Now the user clicks the Get Cash button, stages the cash withdrawal, receives confirmation and logs out.
When they arrive at the ATM, they log back in by touching an icon on their mobile banking app. The user then taps the Near Field Communication (NFC) panel on the ATM to establish a connection between the mobile app and the ATM. The ATM asks if they want to withdraw cash and the user taps “Yes.”
Behind the scenes, the NFC also initiates a request from the ATM to an authentication server at bank headquarters, which sends a notification to the ATM requesting facial authentication. A camera on the mobile device performs this authentication instantly and communicates with the ATM through NFC. Only now does the ATM dispense the cash.
Convenient and Secure
As you can see, this approach greatly improves the user experience. The user no longer has to remember a PIN because they’re authenticated with a non-duplicative biometric template.
At the same time, it is also highly secure. Banks and users no longer have to worry about card skimmers because cards have been eliminated. And there’s no concern that someone will find a copy of the user’s pin written on a scrap of paper.
In addition, the technology leverages the FIDO standard, which uses public and private key cryptography. With FIDO, the biometric template (in this case the fingerprint scan) and the private key are encrypted and stored in the OS of the customer device where they can’t be intercepted by a hacker.
The encrypted public key is sent to the FIDO server located behind the corporate firewall. Even if the device is lost, the biometric template stored on it can’t be used because the public key on the server can be de-provisioned. Previous approaches used server-side authentication where credentials were stored on servers behind the financial institution firewalls, creating an attractive repository for hackers.
In a highly competitive market place, the winners will be banks that give their customers an experience that’s both convenient and secure. A cardless, pinless ATM transaction ensures your offerings will be superior on both counts.
1 RBR volume of ATM cash withdrawals;
2 ATMIA Benchmarking Study 2016 and Industry Report
3 Credit Union Journal,
How is ATM fraud still a thing? 4/24/17
Richard is a senior business development executive with extensive wireless industry experience focused on secure mobility in financial services. He is currently leading a team at Samsung SDSA focused on providing mobility and security based enterprise software solutions to the financial services industry including their FIDO compliant biometrics solution. He is a member of SDSA’s leadership team which sets the overall strategy for the organization.