CAI Managed IT Blog
Banks Enact New Security Solutions to Safeguard ATMs
All across the United States, banks are rolling out ATM improvements to help boost the security of their members by utilizing mobile devices. While these measures will undoubtedly help, they aren’t enough to fix all of the vulnerabilities that ATMs suffer from without some vigilance on the user’s part.
What is Being Done
Wells Fargo launched an initiative that allows their members to access their accounts via automated teller machines, without the use of their ATM cards. By utilizing the bank’s mobile application, an account holder can receive a temporary code that will grant them access to a Wells Fargo ATM when paired with a personal identification number.
While Wells Fargo is the first bank to incorporate app-based access to all 13,000 of their ATMs, other banks aren’t far behind. Chase, Bank of America, and Citigroup have also begun to incorporate similar functions into some of their ATMs.
This isn’t the end of improvements to Wells Fargo’s ATMs, either. Wells Fargo is making the necessary additions to allow members to utilize near-field communication (NFC). By doing so, bank members won’t even need their card to access the ATM. Instead, their mobile device prompts them to scan their fingerprint and enter their pin. So far, about 40 percent of the bank’s ATMs are equipped for this functionality.
Why These Advancements Might Help
Advancements like these are sure to help boost the user’s account security while they utilize these machines to handle their finances. Criminals have been getting more clever in their schemes, and it shows. There were six times as many ATMs that were compromised in 2015 than in 2014.
Scammers now use spy cameras and card skimmers in tandem to collect the information they need to gain access to a bank member’s accounts. These skimmers are able to be inserted directly into the ATM’s card reading mechanism, where it is almost impossible to detect their presence. The same can be said of the pinhole cameras that criminals will use to capture a user’s PIN number. These tiny devices are remarkably difficult to spot.
Worse yet, criminals will often damage machines that don’t have their devices inserted, forcing users into their trap. If you see a row of ATMs with only one in working order, it’s best to give that one a pass.
If you think that a user is safe if they were to use a chip-based card, rather than the magnetic strip, you’d be mistaken. Much as they capture the information from a card’s magnetic strip, scammers have a method to do the same with the card’s onboard chip. Known as “shimming,” this approach is rare but will likely only increase in popularity as more transactions are made with the chip functionality. Plus, these chip-based cards still have the magnetic strip as well, tempting many to swipe away their security.
A Few Issues That Remain
Unfortunately, there are still factors that make ATM machines an effective vehicle for scammers. First of all, many of these new security features were added to the ones already present in the ATMs, rather than replacing them. For instance, while Wells Fargo ATMs will permit the use of a temporary PIN, they will still allow account access through the less secure methods as well. Not to mention that out of a total of 70 million members, there are only 20 million Wells Fargo app users. This means that there are 50 million bank members who aren’t even using the features.
This is assuming that those 20 million app users will make use of them, anyways. Habits are hard to break, so many account holders will likely continue to carry and swipe their ATM cards, despite having a more secure way to access their accounts.
What Should You Do?
Whether you’re dealing with the accounts for your business, or your personal finances, keep security in mind whenever you happen to use an ATM, and take advantage of the improved, more secure processes that are available to you. At the very least, shield your PIN number with your other hand as you input it into the machine.
Is it worth potentially allowing a criminal to access your (or your business’) accounts? Share your thoughts with us in the comments!