Good read from Krebs on Security on Cardless ATMs

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
mrmass
Posts: 122
Joined: Thu Jul 26, 2018 6:35 pm

Good read from Krebs on Security on Cardless ATMs

Post by mrmass » Mon Nov 05, 2018 7:45 am

It highlights the potential issues with cardless ATM machines
https://krebsonsecurity.com/2018/11/sms ... tm-profit/

jebmke
Posts: 8466
Joined: Thu Apr 05, 2007 2:44 pm

Re: Good read from Krebs on Security on Cardless ATMs

Post by jebmke » Mon Nov 05, 2018 8:14 am

from the article
In January 2017, KrebsOnSecurity told the story of a California woman who saw nearly $3,000 drained from her account via a cardless ATM operated by Chase Bank.
They didn't go into detail but it seems to me that the card-less risk notwithstanding, the person was not using good practices.

First, one of the best defenses is to keep a separate low-balance account that is only used for ATMs. Many banks will allow you to have more than one account and transfer money between them instantly.

Second, don't most banks have daily limits on ATM withdrawals? I wonder how long this went on before she noticed it.

Third, many banks have alert systems that can be set by the account holder to provide email or other alerts for various transactions. This isn't fool proof. If someone hacks your email or phone, they have access to the alert and can delete it.
When you discover that you are riding a dead horse, the best strategy is to dismount.

Afty
Posts: 846
Joined: Sun Sep 07, 2014 5:31 pm

Re: Good read from Krebs on Security on Cardless ATMs

Post by Afty » Mon Nov 05, 2018 12:33 pm

Interesting. Apparently "cardless ATM" means that you simply log into your banking account via the bank's phone app, then use the app to generate a QR code that is read by the ATM before it dispenses your money. This means that anyone who gains access to your login credentials can withdraw your money from an ATM. Seems like a bad idea.

User avatar
telemark
Posts: 2331
Joined: Sat Aug 11, 2012 6:35 am

Re: Good read from Krebs on Security on Cardless ATMs

Post by telemark » Mon Nov 05, 2018 2:45 pm

jebmke wrote:
Mon Nov 05, 2018 8:14 am
First, one of the best defenses is to keep a separate low-balance account that is only used for ATMs. Many banks will allow you to have more than one account and transfer money between them instantly.
But if the thieves have your account and password information, as they did, they can just transfer the money into the ATM account.
Second, don't most banks have daily limits on ATM withdrawals? I wonder how long this went on before she noticed it.
According to the story, she was on vacation in Mexico at the time.

jebmke
Posts: 8466
Joined: Thu Apr 05, 2007 2:44 pm

Re: Good read from Krebs on Security on Cardless ATMs

Post by jebmke » Mon Nov 05, 2018 3:50 pm

telemark wrote:
Mon Nov 05, 2018 2:45 pm
jebmke wrote:
Mon Nov 05, 2018 8:14 am
First, one of the best defenses is to keep a separate low-balance account that is only used for ATMs. Many banks will allow you to have more than one account and transfer money between them instantly.
But if the thieves have your account and password information, as they did, they can just transfer the money into the ATM account.
Second, don't most banks have daily limits on ATM withdrawals? I wonder how long this went on before she noticed it.
According to the story, she was on vacation in Mexico at the time.
Fair points. I suppose this adds another good reason why I keep my checking account pretty empty most of the time. I'm not keen on doing anything financial or involving sensitive information on mobile devices in general.
When you discover that you are riding a dead horse, the best strategy is to dismount.

Post Reply