Banks are finding out that stolen passwords are fueling cardless ATM fraud and point to identity proofing as the most difficult challenge in mobile banking. Robert Capps, VP at NuData Security commented below.

Robert Capps, VP at NuData Security:

Robert Capps “Traditionally, ATM security has long relied on multi-factor authentication, namely, something you have (an ATM card issued by the bank) and something you know (the ATM card PIN).  This requirement to possess a physical card kept ATM fraud largely in check. The presence of a physical card meant you either have to steal the legitimate card from the consumer, convince the bank to send a new card to the fraudster or capture the information from the magnetic strip of an authentic bank card, and re-encode this data onto a counterfeit card.”

According to Robert, “With the advent of cardless ATMs, we’ve entered a brave new world of ATM security, where the mere knowledge of the consumer’s username and password enables a fraudster to withdraw large sums of money from any cardless-enabled ATM.  By offering this capability, banks have significantly increased the risk exposure to banking customers, while making theft of deposited funds extremely convenient for the fraudster. Luckily, there are technologies in the marketplace that can differentiate between the legitimate consumer and an illegitimate fraudster, even when the bad guys come armed with stolen valid credentials. And, these solutions can do this without burdening the real user with more hurdles. With the application of behavioral analytics and passive biometrics to this problem, these risks can be largely mitigated and safety returned to the ATM channel.”

Information Security Buzz