In the last few years Kenya and other countries have been faced with ATM fraudsters who, whatever method they use, steal the ATM card numbers and the corresponding PINs. The methods used vary from outright use of force and robbery to the use of devices that can obtain these information at the point of use. For the varying other methods ATM fraudsters use to obtain the critical information on an ATM card read here.
As a solution to the ever increasing ATM frauds that has caused banks to lose millions to billions of dollars the world over, banks have decided to move away from the magnetic strip cards to chip based cards. A chip based card is different from the magnetic counterparts in that instead of the standard magnetic strip that contains the account information, the information is now stored on a chip embedded on a card, similar to the small chip on your standard SIM card.
Today the chip based ATM cards are being taunted as the most secure. One important aspect of chip based ATM cards that make them more secure is that information is stored on them on an encrypted format; so that even if a fraudster was to get a copy of the information from the chip, he will need to have advanced super fast computers to decrypt the information. However, as we know that encrypted information are crackable, it is only a matter of time before fraudster come up with clever techniques for decriptying the information stored on a chip based ATM card. See here no how older SIM cards could be easily hacked.
So what would be the most secure method for the banks? Personally I feel that cardless techniques could be better and here I propose two: 1. Biometrics and 2. Mobile Phones
There are a number of biometrics that can be used to store user information then linked to bank accounts which later can be accessible at ATM points. An immediate thought is the use of fingerprints. But since there have been issues with biometrics, the implementation of biometrics should go hand in hand with PIN authentication. For instance the fingerprint will be the user ID but the password still remains the standard PIN.
2. Mobile Phones
Already M-PESA has made it possible to withdraw money from ATMs without using a card. As it works, one withdraws money from his/her M-PESA through the ATM Withdrawal M-PESA sub-menu, M-PESA sends a text message containing the withdrawal code, then the withdrawal is input in them ATM to withdraw the money.
There was this time that I really needed to withdraw money at night but I had just lost my ATM card. All the bank agents by that time had closed shop so there was no way I could get money through the mobile-banking platform. I went to an ATM point, stood there for a long time wondering why the hell hasn’t the bank thought of making the ATM a mobile-banking agent.
This is how it would work. You enter into your mobile-banking platform by dialing the bank’s USSD code, you withdraw, you get the withdrawal code on your phone’s screen, enter the code to the ATM together with your ATM card PIN, and viola you get your money.
How secure is mobile based ATMs? I think more secure than the chip based ATM cards.