Withdrawing Cash With A Smartphone Could Beat The Card Skimmers

Withdrawing Cash With A Smartphone Could Beat The Card Skimmers

The U.S. loses more money to card fraud than the rest of the world combined — something that’s mostly down to the magnetic stripes that make their cards incredibly hackable. Although more secure technologies are coming, they will require time and money to adopt. But one kindly Canadian bank has a secure system that only needs a smartphone and a QR code.

Magnetic stripe cards, the kind that are ubiquitous in everything from credit cards to hotel keys, are incredibly easy to clone. It just takes one pass through a reader to take all the information from the chip, and one further pass to put that data onto a fake card — and thereby get a working clone of your credit card.

One of the easiest ways to clone cards is to graft a nearly-undetectable skimmer onto an ATM, which lurks undetected whilst accumulating thousands of card numbers. That makes ATMs a great target for hackers, and therefore first in line for a security upgrade.

The system that BMO Harris Bank has come up uses a smartphone app, and a QR code on the ATM screen. The customer uses the app to choose their amount of money in advance, then walks up to the ATM, and chooses the option for mobile money. The ATM screen displays a QR code, which you scan with the app, and the machine spits out sweet sweet money.

The beauty of the system is that it’s secure — a fraudster would need your particular smartphone and the app password to impersonate you — and has no physical contact between any card and the ATM, meaning there’s nothing for a card skimmer to clone. Win-win.

According to the WSJ, the service will initially be available on 750 ATMs, with 900 online by June. While that’s a drop in the bucket compared to 425,000+ ATMs in the country, it’s a health percentage of BMO’s 1300 machines. Moreover, a successful trial may well persuade other banks to add support for the system. Just don’t lose your smartphone — and set your password to something other than ‘password’, ok? [WSJ]

Images by Catatronic