Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
July 17, 2017
Staging the ATM
As the installation of the first automated teller machine (ATM) recently reached its 50th anniversary (48 years since the first U.S. installation), the core functionality of the present-day ATMs has changed very little. They remain primarily designed to provide customers with cash at their convenience, but now most full-function ATMs also accept deposits with image capture and currency counting capability. Sure, the machines of today are much more technologically sophisticated and reliable than the initial ones that were more mechanical in operation. The industry, however, has undergone some major changes.
Accessed by a magnetic stripe or chip card and authenticated using a PIN, the ATM has served consumers and financial institutions well. The 2016 Federal Reserve Payment Study showed that ATM withdrawal volume remained flat from 2012 through 2015 at approximately 5.8 billion transactions valued at $700 billion, or an average transaction value of $122.
Banks in a number of South American and Asian-Pacific countries have installed biometric sensors in their ATMs either to eliminate the need for payment cards and PINs or to serve as an additional authentication factor. However, a couple of major U.S. banks have taken a different path in a quest to eliminate the payment card and PIN; they have developed a staged transaction process using the customer's mobile phone. While there are some variations from bank to bank, the process generally works as follows:
- The customer opens the mobile banking application using the normal authentication process.
- The customer selects the ATM withdrawal option then identifies the ATM location and amount of withdrawal.
- When at the designated ATM, the customer selects the function button on the ATM for a cardless transaction.
- The next step depends on the particular bank.
- Some banks display a 2D barcode on the ATM screen, which the mobile phone's camera reads to validate the transaction and dispense the requested amount of cash.
- Other banks, to complete the transaction, may require the customer to enter both the normal payment card PIN and a numeric token value that the application sent to their phone when they made the transaction selection.
This technology offers banks a number of financial benefits over biometric readers. The barcode or token process requires only software development within the mobile banking application and ATM, so banks don't have to purchase, install, and maintain biometric hardware sensors. A drawback is that only the ATMs of the customer's own financial institution supports the staged transaction. In addition, card readers will have to remain a key component of ATMs to service customers of other banks as well as the bank's own customers who wish to continue to use their cards. Because criminals continue to insert card-skimming devices and cameras to capture card data and customer PINs—an industry-wide and global problem—the new functionality will only minimize, not prevent, such fraudulent activity.
Many financial institutions seem to be making a concerted effort to migrate customers from payment card-based transactions to options such as mobile pay wallets and now staged ATM transactions. Mobile wallet adoption rates by consumers have been low to date, so it will be interesting to see if the adoption rate of cardless ATM transactions will be any different. What do you think?
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- The Future of Wearables
- My Fingertips, My Data
- Why the Explosion in Household Payments?
- ACH and Consumer-Only Payments: Will the Twain Ever Meet?
- No Magic Bullet for Preventing Data Breaches
- A Record-Breaking Season of Hurricanes and Data Breaches
- Fed Payments Webinar Series Launching
- The Rising Cost of Remittances to Mexico Bucks a Trend
- Identity Theft Part 2: Prevention
- Identity Theft: A Growing Epidemic
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud