ATMs that do not require more card bring more convenience, but also require customer safety precautions. According to experts, there are vulnerabilities in the smartphone and biometrics technologies that could pave the way for attacks. Depending on the case, the user may be at even greater risk than traditional access.
READ: How to check FGTS balance
In Brazil, for example, major banks already offer access through the fingerprint, allowing withdrawals and transfers. Thinking about it, the dnetc Here's how these modern boxes work and present risks, and give you tips to prevent potential fraud.
Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc
ATM that runs without card can be risky Photo: Reproduction / Pond5
How Cashier Without Card Works
The country's major banks already offer card-free ATMs, all with some biometric system. Most use fingerprint reading, such as Banco do Brasil, Ita and Santander, where the customer can perform transactions on the account just by touching a sensor on the machine. Ita also asks for biometric reading in place of the password even when using the physical card. Most different is Bradesco, which uses a handheld scanner that tracks the vein pattern to free access, similar technology seen on LG's G8S ThinQ smartphone.
In general, institutions offer limited services during cardless access, such as restricted withdrawals per day and blocked loans. On the other hand, the customer can free up more resources by using biometrics in conjunction with the card. Classic access without biometrics can even offer fewer teller advantages, depending on your bank and account type.
In the United States and Europe, for example, there are hardly any boxes using biometrics. Most of the machines in these countries have an approximation identifier that is compatible with both type cards. contactless as with smartphones that bring NFC. In this case, an Apple Pay iPhone or an Android Pay Android (or Samsung Pay) can replace the card for withdrawals and other operations.
Users may see cardless ATMs as safer because, in theory, a stolen card would be of less use to the criminal. However, this is not always true. In some cases, using only the card or biometrics may give access to the same operations. In addition, the bank does not always require fingerprints in conjunction with the plastic: even if the user has the biometrics registered, the card can be used with a password.
Accessing your account without a card does not necessarily mean greater security. Photo: Reproduction / Caixa EconĂ´mica Federal
About three years ago, experts also warn that biometrics is not theft proof. In 2016, researchers at Michigan State University demonstrated that it is possible to reproduce fingerprints only by high-resolution photos. Fingerprint readers, therefore, tend to offer less security than vein screening, iris or other types of biometrics. On the other hand, sensors that read fingerprints are cheaper and easier to use.
In the case of boxes accessible only with the mobile phone, the risk is the level of security that the user applies to the smartphone. If the phone does not have sufficient protections, a criminal who steals the device can have access to bank withdrawals without major problems. The same goes for the bank application: if there is no system that enforces login on another device, the user can become a victim even if it has not been stolen.
If you registered your fingerprints with the bank, ask if the institution allows you to use this access mode only in conjunction with the card. This way you prevent anyone from withdrawing values ​​from your account by stealing the card or applying a more sophisticated scam involving the copy of your fingerprints.
Card and biometrics access may be a safer option for logging in. Photo: Playback / Pond5
If your bank allows you to override the cashier password with your mobile phone, make sure your phone has a password lock. A strong combination of numbers known only to the user offers more security than digital unlocking or face recognition with the exception of iPhones from iPhone X, which feature Face ID technology, which is harder to fool.
It is also important to make sure that the bank only allows the official app to be installed on one mobile phone at a time. In addition, it is important that there is some kind of face-to-face authentication at the ATM or branch to allow access to a new device. This method is more secure than the traditional form of two-factor authentication with SMS, which can be more easily defrauded by a criminal.
When choosing to use less secure methods, such as fingerprint-only looting, it is important to be aware of notifications to discover any suspicious movements quickly. In addition, it is a tip to set operating limits on this mode to reduce losses in the event of fraud.
