Card-Less ATM Authentication
Card skimming and other forms of ATM fraud are caused by shared secrets. Just like passwords, bank PINs and ATM card numbers are inherently shared secrets that lead to breaches and widespread account fraud from hackers who can focus on attacking a single point of failure – the ATM. In addition, the rise of ATM malware has exposed banks and their users to new unseen adversaries and attacks.
By applying the same concepts of true passwordless security to ATM access, financial institutions can enable a next-gen banking experience that significantly reduces risk while increasing privacy and enhancing customer experience.
By moving card-less authentication to the mobile device, customers no longer have to be physically in front of an ATM to complete a transaction. Users can approve a transaction from the comfort and safety of their own home – and pick up funds from any ATM just minutes later.
In a card-less model:
- Card numbers and PINs are replaced with public-private key infrastructure.
- The ATM interface and transaction staging is performed on a mobile device.
- Private keys stored safely on the user’s personal device are never sent over the air.
- Mobile biometric authentication is combined with FIDO architecture to securely authenticate users on their personal device.
- The use of advanced public-key cryptography ensures users never share a card number or ATM PIN again.