Forget PINs, Next Generation ATMs are Set to Replace PINs with Fingerprints

These are the words of Shepherd-Barron, who led the engineering team of the first ever implementation of an Automated Teller Machine, which was installed at the branch of Barclays Bank in North London, United Kingdom. That time, no one would have thought that an idea, derived from chocolate bar dispenser, would change the way people withdraw cash from their bank account. Now ATMs have become much more than their original purpose of cash dispensing. They offer a plenty of banking and financial services, eliminating the need of an employee to do the job. Customers can withdraw or deposit cash, manage their bank account, access different services offered by their service provider, transfer money to other accounts and much more.

In the beginning, ATMs were mostly installed inside or near a bank premises, but with continued improvements in their design and security, they can now be seen even on unattended locations. ATMs are mostly put on the locations frequented by large numbers of people. They can be seen in shopping malls, airports, railway stations, office buildings, gas stations, etc. On the basis of location of installation, ATMs are categorized in On-Premises and Off-Premises ATMs. As the name suggests, on-premises ATMs are installed in the bank premises. On-premises ATMs offer additional functionality in comparison with off-premises ATMs. Being more advanced, on-site ATMs are more expensive than off-premises machines. On premises ATMs are installed to compliment services offered by the bank. These machines greatly reduce human efforts that would have taken considerable time and manpower otherwise.

Having a lot of cash at its disposal, ATMs have always been a target of fraudsters and hackers. Due to this fact, ATM security has been a prime concern among banks and financial institutions. First cash machine installed by Barclays Bank used carbon-14 marking for security. This machine required paper checks issued by the bank cashier or teller. This method was eventually replaced by a six digit PIN number in later models. It is not easy to hack ATMs online and threats to ATM security come mostly with physical presence of fraudsters. They, however, may install equipment on ATM machine to steal information of ATM cards and withdraw money somewhere else. These criminals take advantage of technology as well as skills to dispense money illegally, which is debited in some other customer’s accounts.

Criminals have devised various methods to steal money from ATMs. Since they cannot just take money out of an ATM due to heavily secured cash compartment, they rather steal card information of other customers. Stealing ATM card information is much easier than breaking into the ATM itself. Card skimming is one of these methods criminals commonly use. Card skimmers are installed on ATMs card reader slot. They have electronic circuit to read the information on magnetic strip of the card and this information is stored on card skimmer’s memory. This information is later copied by the criminals after removing the skimmer from the ATM. Card skimmers are designed to be a perfect fit over original card reader slot, so that customers can easily fall prey to it. If card slots feel bulky or loose, there are chances that it is a skimmer device.

There are also fake key pads available in the dark web marketplaces over the internet, which can be placed over the original key pad of the ATM, which logs all the user inputs. These logged inputs are then misused by criminals to steal money from the user account. Fraudsters can also install a small camera just above the keypad of the ATM, which keeps recording user inputs, that includes your ATM PIN as well. Customers are often advised by their banks to hide keypad with their other hand while entering the PIN. In some cases, entire front of the ATM is replaced with a fake front, which looks exactly like a real one. In case of a fake ATM front, it becomes nearly impossible to know if the ATM has been compromised. Money does not dispense out of the fake front and it also keeps recording user inputs.

If we try to figure out root cause of security loopholes in authentication process at an ATM, it comes down to the information contained in the ATM card. Criminals are after information stored on your ATM card. They want to know what is on the magnetic tape of your card and the secret PIN that grants access to your money. PINs have served the purpose of card security very well until recent years. Cases of stealing money from ATMs have noticeably increased after the year 2000 as fraudsters started to have technical advantage at their disposal. Till that time PINs posed as the ultimate safety tool for ATM cards.

Banks and financial institution have been looking for ways to redefine the way customer identities are authenticated at ATMs. Their efforts zeroed in on biometric security. PINs, being the information that can be stolen by others, offer a meagre security for ATM cards. In present scenarios of payment card security, threats are getting increasingly complex, which has rendered PIN base card security inadequate. Fraudsters are leveraging technology to steal money which is not always detectable. You cannot check the entire ATM before withdrawing money specially when you are already in a hurry and there are other people waiting in the queue. Fingerprint authentication offers a viable solution to loopholes of ATM card security.

In a fingerprint secured ATM, customers only need to rest their finger on scanner surface after presenting the ATM card, and identify gets verified instantly. There is no need to enter PIN while struggling to hide the keypad. Fraudsters can steal or copy PINs, but they cannot do the same with fingerprints. Spoofing fingerprints is a fairly complex process, which is not always a 100% success. Live finger has many optical, electrical, and mechanical properties that cannot be presented by a fake replica or a spoof. With the technological advancement, researchers are hard at work to address current inadequacies of biometric systems and immunity against spoof attacks is their top priority. With fingerprint biometrics, customers feel more secured as their inherent characteristics become their identity and not a possession (like ATM card) or knowledge (PIN).

Fingerprint biometrics is already in testing for credit cards as mastercards has already announced a biometric credit card back in April 2017. The testing of the card is underway in South Africa and it is also set to launch in other parts of the world in coming days. Mastercard’s Enterprise Risk and Security Department chairman Ajay Bhalla said that consumer now consider biometric transactions more secure. Whether it is to unlock a smartphone or do online shopping, biometric recognition is now proven to be a better technique. It is now possible to make secure payments using this technique.

Adoption of biometrics in banking and financial institutions around the globe is an increasing trend and more and more financial outfits are opting biometric to secure their customer authentication practices.

Banks and financial institutions have been using technology to streamline their operation and improve security at the same time. There are many banks and financial institutions around the globe that have already introduced fingerprint ATMs and customers are taking advantage of biometric technology to safeguard their money. This trend is more evident in developing countries while many developed countries are yet to ride the biometric wave. Many financial service providers have already integrated mobile biometrics with their smartphone apps to authenticate customer identity. In present scenario of ATM card security, the day is not far when next generation ATMs will completely replace PINs with fingerprints.