Cardless ATM withdrawals aren't immune to fraud - Member Access Processing

  • Home
  • ATM
  • Cardless ATM withdrawals aren’t immune to fraud

As financial technology evolves, it’s important that credit unions keep up with the changes so they can continue to offer their members convenient, timely products and services. However, implementing new technologies at the right time is crucial.

Releasing a popular new service might attract new members or revitalize relationships with existing ones. But if that new service is wrought with troublesome or even harmful mistakes, introducing it could cause more harm than good.

Financial institutions make a point to utilize new technologies to improve member services, including the implementation of mobile banking and peer-to-peer cardless transactions. Following this smartphone-forward trend, several banks and credit unions have begun to allow cardless ATM withdrawals with the help of a mobile app.

Curbing or fueling fraud?

When first introduced, the idea that a mobile app could give access to an ATM withdrawal was meant to be a positive one that could help curb fraud, according to Credit Union Times, in a 2014 article highlighting one of the first credit unions to offer the service. Because a card isn’t needed, skimming devices would be rendered useless, and it would require more than simply knowing a four-digit PIN to gain access to cash.

However, a report from KrebsOnSecurity showed that cardless ATM transactions aren’t exactly immune to fraud. The article highlighted the story of Kristina Markula, a Chase bank customer who unsuccessfully tried to access her checking account with her phone from a Mexico hotel while on vacation.

Once she returned to the U.S., she found that $2,900 had been moved from her savings account to her checking account, then withdrawn from an ATM. The fraudster had obtained Markula’s username and password to her online bank account, logged in and added a new mobile number to the account. From there, the criminal was able to easily access Markula’s funds, move them around and ultimately take them out.

Markula was targeted by a six-person group who used the same process to empty the Chase bank accounts of consumers in several states, and who were eventually arrested. However, it’s unclear how many people were affected by the crime spree, or how many victims were notified of the activity or got their money back.

Introducing technologies the right way

Markula’s story is enough to persuade a consumer that cardless ATM transactions aren’t quite ready for widespread use. However, as more people and financial institutions adopt mobile banking technologies into their daily routine, credit unions need to keep up with the trend. More importantly, though, it’s crucial that credit unions are rolling out these new services with confidence in their security, as well as their ability to respond properly to a fraudulent claim.

  1. Add extra security layers

One way to prevent cardless ATM fraud is to increase security barriers, Avivah Litan, a fraud analyst at Gartner Inc., told KrebsOnSecurity.

“Identity proofing remains the weakest point in mobile banking,” she told the source. “Asking for the customer’s username and password to on-board a new mobile device isn’t enough.”

She advised adding a PIN entry requirement one step in the security process.

  1. Have a proactive and responsive claims process

One of Chase’s mistakes in Markula’s case is not promptly addressing the situation. Markula had to make many calls through the bank’s fraud department. Her claim was even denied before the bank agreed to reimburse her the missing funds.

“I’m pretty frustrated at the process so far,” she told KrebsOnSecurity. ” … The time it takes to reach someone and poor communication seems designed to make one want to give up.”

Credit unions that have already implemented, or are considering rolling out cardless ATM transactions, need to be sure that in the event of fraud your member is taken care of promptly and adequately. Chase failed to notify victims of the crime spree, and interactions with Markula were frustrating and largely inefficient.

“It makes you wonder how many other people didn’t dispute the charges,” she commented. “Thankfully, I don’t give up easily.”

  1. Educate your members

It’s possible that the fraudsters wouldn’t have been able to access Markula’s account had she not attempted to log into her mobile banking app using an unsecure hotel network. Teaching your members mobile banking best practices will go a long way in preventing fraud. Explain the importance of secure networks and refraining from mobile banking and shopping on public Wi-Fi networks.

As technologies continue to evolve and more financial tasks can be performed on a smartphone, credit unions will need to adapt to remain relevant and competitive. However, doing the proper due diligence prior to rolling out a new service is crucial. Keep your members safe by offering them secure ways to access funds and educating them on the best way to keep their identity and finances protected.