Technology has been slowly assimilating into every part of our lives—making it easier to connect with friends, be productive anywhere in the world, and even order the once obscure with a few taps on a mobile device.
Less than two decades after the introduction of Apple’s iPhone, financial institutions are leveraging mobile technology to enable cardless ATMs. With one more reason to leave their wallet at home, people now have the ability to initiate ATM transactions without having to carry a physical debit card.
Although these types of transactions are relatively new, according to a 2018 Harris Poll survey of household finances, 54 percent of consumers have already embraced cardless ATM technology or are interested in using the feature in the near future. The cardless ATM appeals to both the sophisticated, mobile user as well as minimalists looking to limit their everyday carry. But now that we are a few years in, what have we learned about the cardless ATM? Has it lived up to the hype, or has it introduced some unexpected downsides?
Cardless ATMs work by connecting a customer with their financial institution through a mobile app and a unique verification code—such as a QR code, a PIN, or another token—that the app generates. When the customer arrives at the ATM, they enter the code or scan their device, and the ATM processes the transaction in a fraction of the usual time, delivering the preset amount of cash. The technology has caught on quickly, with Wells Fargo introducing 13,000 machines in 2017, followed by PNC, Chase, Bank of America, and Fifth Third bank in 2018, to name a few.
Cardless ATMs appeal to consumers because of their ease of use, their ability to allow consumers to carry one fewer card, and their limited number of physical vulnerabilities. Consumers are also able to use their smartphones as another layer of security, leveraging their devices’ passcodes and app locks or even biometric authentication to limit access to their ATM selections. Banks like cardless ATMs because they reduce the cost of creating and delivering ATM cards and help mitigate the threat of hardware attacks such as card skimming.
In recent years, two types of security concerns have been reported with the rise of cardless ATMs. First, as seen with an incident tied to Chase, cardless ATMs still rely on the security features built into an institution’s online banking platform. A hacker can steal a username and password, add a mobile phone number to the account, and then use that phone number to make an approved cardless withdrawal wherever they are.
Cardless ATMs also rely on a financial institution’s ability to establish and maintain a strong, secure authentication solution integrated into its mobile app to facilitate the transaction. Because they cannot just rely on a user to lock their mobile phone, banks need to invest in the infrastructure, resources, training, and marketing to introduce security features like two-factor authentication—such as text verification or biometrics—into their mobile apps to help keep account information secure. Features like these can help prevent phishing attacks and unauthorized tampering or mitigate fraud risks if someone loses their mobile phone, but they take resources to develop and implement.
In a few years’ time, cardless ATMs may very well be the standard, rendering physical debit cards useless. Yet the need for consumers to have cash may never truly go away. Therefore, as with any new technology, consumers need to understand the risks they may encounter as they ride a new wave of personal finance innovation and weigh them against the benefits. In the end, cardless ATMs transfer more of the security burden to consumers, but with that burden comes a whole new type of flexibility that consumers seem to have been looking for.