In 2018, contactless ATMs began to appear in Russian cities. At first glance, such ATMs have some advantages: you can't forget the card inside, the plastic won't" jam " the device, and fraudsters won't be able to read the number. What are the disadvantages and risks of data theft, we will tell you in the article.
As SBC Technologies told FINUSLUGI, contactless ATMs use Near field communication (NFC) technology: "This technology is used for wireless data transfer between devices through magnetic field induction. Today, the technology is known to smartphone owners, and the use of NFC chips on devices allows emulating bank cards for contactless payments. The card number is transformed into a certain token (encrypted identifier), which is read during contactless operations."
"Previously, information on the card (number, owner's name and other data) was recorded on a magnetic strip. Now the chip and token are used instead of this band. After reading the token from the chip, the data is sent to the acquiring bank, which, through the channels of the International Payment System (Visa, MasterCard, MIR, etc.), authorizes the amount entered at the terminal for payment or issuance," SBC Technologies says.
"If there is a possibility of data interception, it is the same as in the case of using contact cards that are inserted directly into the ATM. The threat is quite insignificant. And most importantly: if this data is intercepted, it is useless without knowing the pin code. Therefore, what you need to pay attention to is the time of entering the PIN code. The user does not need to protect the card, but the PIN code. This is an important point when working with an ATM. It is necessary to check the keyboard that detects a press – the keyboard must be free of foreign objects. It is also necessary to cover the PIN code input with your hand to protect it from prying eyes or cameras. At the same time, contact or contactless doesn't matter," says Konstantin Yan, co – founder and CTO of CloudPayments.
According to our second expert, the risks for cardholders are minimal. This is indicated by two main factors::
"The card as a form factor is being replaced by the phone, and modern ATMs should meet this trend. More and more people want to pay contactless and faster. I think that such ATMs will be in demand, " comments Konstantin Yan.
The same position is held in Unistream. They called another advantage of such ATMs: an increase in the life of the card.
"A contactless ATM is a modern type of banking equipment, the main task of which is to make customer service more convenient and comfortable. Many large banks are now actively implementing contactless payment system technology in ATMs, as it has many advantages. Thanks to NFC technology, the client just needs to attach a card, smartphone or smart watch to the reader to withdraw, for example, cash, pay for services, or send a money transfer. In addition to ease of maintenance, the life span of the bank card itself increases, since there is no need to constantly insert the card into ATMs. This is especially true for those who constantly use the card to pay and withdraw cash.
If we talk about the security level of contactless ATMs, it is not lower or higher than that of conventional ATMs: like bank cards with chips, all contactless transactions are protected by the EMV standard, which is designed specifically to increase the security level of financial transactions, " comments Evgeny Stepanov, Deputy Head of the Development and Support Department payment businesses and Unistream bank payment agents.
Technology
Externally, ATMs are unremarkable, except for one small detail. Next to the keyboard, you can see a small box, often black in color,or a flat surface with a painted antenna. To get started, attach your bank card, wait for a confirmation signal, and enter your PIN code. Sometimes you will also need to attach a bank card to confirm the transaction.As SBC Technologies told FINUSLUGI, contactless ATMs use Near field communication (NFC) technology: "This technology is used for wireless data transfer between devices through magnetic field induction. Today, the technology is known to smartphone owners, and the use of NFC chips on devices allows emulating bank cards for contactless payments. The card number is transformed into a certain token (encrypted identifier), which is read during contactless operations."
How data is transmitted
Data is transmitted over a short-range radio link. The radio wave activates a chip on the card, and a small computer is turned on in the chip, which transmits data about the card and the settings set by the issuer to the ATM. The ATM then tells the card what kind of device it is and what it will do with the card."Previously, information on the card (number, owner's name and other data) was recorded on a magnetic strip. Now the chip and token are used instead of this band. After reading the token from the chip, the data is sent to the acquiring bank, which, through the channels of the International Payment System (Visa, MasterCard, MIR, etc.), authorizes the amount entered at the terminal for payment or issuance," SBC Technologies says.
Is it safe
Our expert believes that the problem is not the type of ATM, but the precautions of the cardholder."If there is a possibility of data interception, it is the same as in the case of using contact cards that are inserted directly into the ATM. The threat is quite insignificant. And most importantly: if this data is intercepted, it is useless without knowing the pin code. Therefore, what you need to pay attention to is the time of entering the PIN code. The user does not need to protect the card, but the PIN code. This is an important point when working with an ATM. It is necessary to check the keyboard that detects a press – the keyboard must be free of foreign objects. It is also necessary to cover the PIN code input with your hand to protect it from prying eyes or cameras. At the same time, contact or contactless doesn't matter," says Konstantin Yan, co – founder and CTO of CloudPayments.
According to our second expert, the risks for cardholders are minimal. This is indicated by two main factors::
- The range of the technology is 10 cm. It is impossible to intercept data at this distance with a 90% probability. Previously, fraudsters used overlays that copied card data from the magnetic stripe. The pads are not applicable to a contactless reader.
- PIN code protection. You can withdraw cash from such an ATM only after confirming the operation by entering the card's PIN code or digital fingerprint.
Will such ATMs be in demand?
Experts agree that such devices are a logical continuation of the development of contactless technologies. You can withdraw money using a bank card, or you can use your phone by attaching your mobile phone to the reader."The card as a form factor is being replaced by the phone, and modern ATMs should meet this trend. More and more people want to pay contactless and faster. I think that such ATMs will be in demand, " comments Konstantin Yan.
The same position is held in Unistream. They called another advantage of such ATMs: an increase in the life of the card.
"A contactless ATM is a modern type of banking equipment, the main task of which is to make customer service more convenient and comfortable. Many large banks are now actively implementing contactless payment system technology in ATMs, as it has many advantages. Thanks to NFC technology, the client just needs to attach a card, smartphone or smart watch to the reader to withdraw, for example, cash, pay for services, or send a money transfer. In addition to ease of maintenance, the life span of the bank card itself increases, since there is no need to constantly insert the card into ATMs. This is especially true for those who constantly use the card to pay and withdraw cash.
If we talk about the security level of contactless ATMs, it is not lower or higher than that of conventional ATMs: like bank cards with chips, all contactless transactions are protected by the EMV standard, which is designed specifically to increase the security level of financial transactions, " comments Evgeny Stepanov, Deputy Head of the Development and Support Department payment businesses and Unistream bank payment agents.
Conclusion
What is the result:- in such ATMs, there is less risk of forgetting the card or not getting the plastic back due to a technical failure;
- the technology has a small range, and it is difficult to intercept data;
- the risk of data theft remains, but fraudsters will not be able to do anything with the received information without a PIN code.
