In early 2022, banks will begin to implement the ability to withdraw money from an ATM from someone else's card - even if the person does not have the card itself. This was reported by the news resource.
The system will operate using QR codes. In the mobile application of his bank, the user will be able to generate a unique QR code and send it to his conditional friend. The recipient will go to a compatible ATM, scan the code and receive cash, which will be debited from the account of the sender of the code. Funding a card or account will work the same way. Experts believe that such a system has a lot of advantages: it is fast, convenient and sometimes can be very helpful to a person who is in difficult circumstances.
But is it safe? Experts name several risks. For example, a QR code can be intercepted - for example, a person can be photographed from a smartphone screen at the moment when he received this code. Another way is to send the received code "where to go" using virus software. In addition, the danger of "leaking" data through the bank employees is not excluded. Experts are even afraid of choosing a code or access key, despite the fact that the token will be generated once and automatically. By the way, it is not yet known whether it will be possible to use the same QR code again - logic dictates that it should be disposable.
However, the biggest vulnerability of such a system is fraud using social engineering. Attackers successfully force their victims to send their card details and make transfers to them even now. Usually, a fraudster on the phone accompanies a person to the very end of the scheme, which in itself is quite complex and includes many nuances. With the introduction of the ability to “cash out” a QR code, the task of attackers will be simplified - it will be enough to convince a person to create a code and send it to them. Perhaps some kind of transaction confirmation system can be effective to protect against this kind of criminal activity - for example, a push notification at the time of withdrawal, which will require explicit confirmation from the sender. Something similar is now in Umoney - the service sends a push within the application to confirm expenditure transactions using a wallet.
The system will operate using QR codes. In the mobile application of his bank, the user will be able to generate a unique QR code and send it to his conditional friend. The recipient will go to a compatible ATM, scan the code and receive cash, which will be debited from the account of the sender of the code. Funding a card or account will work the same way. Experts believe that such a system has a lot of advantages: it is fast, convenient and sometimes can be very helpful to a person who is in difficult circumstances.
But is it safe? Experts name several risks. For example, a QR code can be intercepted - for example, a person can be photographed from a smartphone screen at the moment when he received this code. Another way is to send the received code "where to go" using virus software. In addition, the danger of "leaking" data through the bank employees is not excluded. Experts are even afraid of choosing a code or access key, despite the fact that the token will be generated once and automatically. By the way, it is not yet known whether it will be possible to use the same QR code again - logic dictates that it should be disposable.
However, the biggest vulnerability of such a system is fraud using social engineering. Attackers successfully force their victims to send their card details and make transfers to them even now. Usually, a fraudster on the phone accompanies a person to the very end of the scheme, which in itself is quite complex and includes many nuances. With the introduction of the ability to “cash out” a QR code, the task of attackers will be simplified - it will be enough to convince a person to create a code and send it to them. Perhaps some kind of transaction confirmation system can be effective to protect against this kind of criminal activity - for example, a push notification at the time of withdrawal, which will require explicit confirmation from the sender. Something similar is now in Umoney - the service sends a push within the application to confirm expenditure transactions using a wallet.
