Cardless ATMs: A step ahead of the scammers

GRAND RAPIDS, Mich. (WOOD) — Banks are using a new weapon in the fight against scammers: cardless ATMS.

Fifth Third Bank recently introduced the cardless ATM, which allows customers to use their smartphones and mobile banking apps to use teller machines without a debit card.

While a local IT security expert calls it a good step, he figures criminals already are looking for ways around it.

“The industry is going to have to continue to innovate, it’s going to have to come up with solutions like this that address these types of concerns,” said Mark Spaak, an IT security expert at Trivalent Group.

Cardless ATMs would have stopped the thieves who recently used skimmers — devices hidden in card readers — to steal thousands of dollars recently from Lake Michigan Credit Union customers.

“It’s actually a very innovative idea,” Spaak said. “The only areas where I see concern is this is predicated on a username and a password.”

Fifth Third’s cardless ATM works through a smartphone. Sol Hernandez, the branch manager at the Fifth Third on Chicago Drive SW in Wyoming, demonstrated on her iPhone X. Her phone recognizes her face to securely open the Fifth Third app. Otherwise, customers will need to type in their app’s password to get started.

In just a few steps, the phone’s camera reads a QR code on the ATM screen, and after entering your ATM’s password, you’re in, ready to make a withdrawal.

“It’s huge, right?” Hernandez said. “We see it in the news, not just for financial institutions but gas stations, right? Fraudsters are finding a way of committing fraud very frequently and finding different ways.”

But Spaak, the IT security expert, said the system isn’t foolproof.

“So fraudsters can still get in the middle,” he said.

He especially worries about customers with less-secure Android phones or people who lose their phones.

“If I lose my device, if maybe I’ve chosen to not have a good password set up on the device, if it’s lost or stolen, and somebody logs into that device, now they can conduct transactions on my behalf that I did not authorize,” Spaak said.

Even with the new cardless ATM, Fifth Third recommended tips to protect your money: Keep your phone secure with a passcode or facial or fingerprint scans; monitor your accounts and set them up to send you alerts with every transaction, and don’t do your on-line banking through a public Wi-Fi spot, like at the library.