ATM of the future: No cards, no buttons

ATM of the future: No cards, no buttons

Summary: Diebold has deployed the first of a completely different kind of ATM. The device has a minimal user interface; instead the customer uses a smartphone app.

SHARE:
18

ATMs haven't changed all that much over the years. Bankers are a very conservative bunch. But now Diebold has deployed the first of a completely new kind of ATM designed to appeal to gadget-obsessed millennials.

The machine has no physical buttons or card reader. You do nearly all your interactions with it through the cloud using a smartphone. This video demonstrates it.

The new machine was announced in early 2013. but now there is one in operation at Diebold's own credit union, Diebold Federal Credit Union (DFCU).

All kinds of cool applications become possible in this scenario. One example they show is how a user can authorize a third party to withdraw a specified amount of cash from his account. In the app, you pick a person from a list which the app populates from the phone's contacts list, then designate an account and an amount of money. The app sends an SMS to that person with a six-digit code. The other person goes to an ATM and enters this code, at which point it dispenses cash. 

Such ATMs should make skimming basically impossible. Customers conduct very little interaction directly with the ATM itself. New, stronger methods of authentication are possible: For instance, the user at the phone can prove that they are the one at the ATM by taking a photo of a QR code on the ATM display.

ATM.Scan.QR

This design also makes the ATM itself much simpler, more of a thin client. With as much of the logic in the process as possible in the cloud, the code in the ATM itself could be simpler and more hardened and heavily scrutinized.

Another important part of this design is a mobile wallet provided by Paydiant  that allows customers to pre-stage withdrawals. It also creates the possibility of using similar technologies for point of sale: Imagine the customer at the register paying by scanning a QR code generated by the point-of-sale system. The QR code, sent through the mobile wallet from the phone, authorizes payment which is confirmed to the register from the cloud. Or the other way around: The user could authorize payment of a certain amount in their app and generate a QR code which is scanned by the register, becoming the equivalent of a one-time credit card.

The US is only beginning to implement the infrastructure necessary for EMV (Europay-Mastercard-VISA), a smart card system that will prevent most of the payment card fraud we experience today. But the smart phone and the cloud are an infinitely more sophisticated solution and a lower cost one at that.

No card or PIN are required at the ATM or point of sale. But that makes authentication for the app and phone all the more crucial, lest anyone who steals the phone could gain access to accounts. Take a close look at all this. It's the wave of the future.

Topics: Security, Apps, Banking, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • The problem: lack of security

    The results of an interesting research were published about three months ago. The research used iPhone/iPad devices to test a total of 40 home banking apps from the top 60 most influential banks in the world. The results were outrageous, showing the great lack of security of the banking apps.

    The research is quite technical, but it is worth reading: http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.html
    Rub2014
  • unless it says no windows,

    nothing changed. No security or privacy at all.
    GrabBoyd
  • Portugal

    Portugal has been on the avant-guard of ATM technology, over the years. Not much security issues reported. We can almost everything through ATM/Mobile.

    Pay bills, transfer money, and so on. The withdrawal is almost the only thing we can't do :)
    fjnrebelo@...
    • correction

      lack of withdrawals through mobile/net application, of course :)
      fjnrebelo@...
  • Not for me

    I don't own a smart phone and I don't want one. I have a wonderful LG phone with a very large keyboard for texting. I can make calls, send and receive texts and or photos. What else do I need a phone for?

    I own a tablet for reading and vacation use (e-mails and FB) and a fairly powerful desktop system where I spend my day online. Just because new tech looks bright and shiny doesn't mean that you throw out the older stuff that most people are still happy to use.
    noraadrienne@...
    • welcome to 2014

      It's not a phone, it's a pocket computer that can also make phone calls.
      Why do you need a pocket computer?
      Well.......
      warboat
  • Where is the incentive?

    We all have read that many banks are running Windows XP for their ATM. They are not worried about the end of XP because the use of XP on the ATM is well secure. Even the last security report form an Anti-virus security was a lot about nothing. At the end you have to break into the ATM to install the malware. What was the point? If you already spend time and effort to break into the machine, might as well take the cash.

    This new feature from Diebold does not increase the service to a bank. It limit them. Not all people have a smart phone. What is the bank to do with these customers? Do then need to install two ATM (at an increase cost) for the people with smart phones and another for the ones that do not have one and do not want one? What happen is your phone is stolen? Many report are coming in of an increase of stolen smart phones.
    jazzy2945
    • it eliminates skimming and cards altogether

      If you're willing to use a smartphone there's nothing you can't do with these ATMs. They eliminate skimming and other physical security attacks. They allow many new uses such as the one-time codes I described in the story ("pre-staging" withdrawals).
      larry@...
      • it will facilitate a different kind of skimming

        Hackers can just place a burner smartphone which spoofs commonly used free wifi hotspots and with auto wifi switching that is commonly set by users, it will automatically use that free wifi hotspot and then all your internet traffic is subject to sniffing and man-in-the-middle attacks at the ATM.
        warboat
        • no

          Even if it were as easy as you indicate, bank apps use SSL so the burner still wouldn't be able to capture any traffic.
          larry@...
  • And if the phone battery dies...

    ...you can't buy a charger unless you have cash on hand. But... that's why you were at the ATM in the first place.

    Maybe the ATM can have a universal charger connection, just in case.
    DittoHeadStL
    • interesting idea

      I'm not really all that bothered by the possibility of people running out of battery and not being able to run the app. It's your fault you ran out of battery (really).

      But having a USB power-only port in the ATM would be a good idea. Cable ends would be asking for vandalism I suppose, but maybe
      larry@...
    • er, no!

      If an ATM allows phone charging, then there will always be some iphone5 user standing there charging up and asking you to ignore him while you do your ATM thing.
      No way!
      warboat
  • Security , security , security

    Once again as I always say check you APPS permissions. All smart devices are running on multiple versions of OS. I have a smart phone that runs on a different version of Android than two tablets I use. I gave my older tablet to someone else. Just about every APP that you download wants full administrative access to your device , all phone calls , texts , emails and data. They also want to triangulate you via soft and hard GPS. These devices are open portals to having your information stolen and also allow access to anything you connect to. They get constantly updated every week and now hackers have found chunks of old code left behind that they can access your device with. I spent years in Data and communications plus corporate security. The day you feel safe is the day you get hacked. Stores like Target and Shopping markets thought they would never get hacked and yet they did and still do. Last but not least is the fact that where I live we have a lot of cell phone dead zones or not all carriers so unless the ATM's put in Wi-fi that is accesable to everyone then not all people can use that ATM. This also means it would be unsecure for all transactions so , so much for security.
    cavman
  • No security improvement

    With the number of people each year who get mugged for their phones would you really want to wave yours around every time you try to withdraw money?

    The more ideas that people come up with to add functionality to phones: debit cards, credit cards, admission tickets, travel tickets, etc; the more they become a target for thieves.
    Ian Sargent
  • And people who do not OWN a smartphone?

    Are they too dispensable to society to be allowed to bank with an ATM? Many lower income people now are being paid with prepaid debit cards. How will THEY withdraw cash? And how about people who leave their phones at home and need cash? Far fewer people would leave their wallets, with ATM cards, at home! Is this a scheme to make sure that ALL users of old dumb cell phones MUST upgrade to a smart phone? Or to put the poor more deeply in debt in order to use their benefit cards?

    The same handicaps to the poor resulted from mass marketing of cell phones originally: with fewer people needing to use pay phones, phone companies began to remove them. Some anti-poor-people legislators even suggested removing them from neighborhoods with high drug traffic because drug deals were arranged by having someone call a pay phone. Never mind the non-cell-phone-owning HONEST people who need to call a cab, or God forbid, call 911. Or the non-PHONE-owning people who go down the block to make ALL their calls. Some cities compromised by making pay phones invalid for incoming calls, and subsidized the installation of these "crippled" pay phones.

    So this is the next step: if you cannot afford, or have left at home, or lost, or incurred damage or malfunction to, a smartphone, you will have no way to get cash. Instead, how about adding the interaction by mobile phone as an OPTION to traditional ATMs? One benefit is that people who DO have smartphones, and DO have the cyber skills to use them, could set up for their withdrawal BEFORE getting out of the car, then have 60 seconds to place their thumb on a fingerprint reader and get their cash. Others could use their cards as they do now.
    jallan32
  • Complexity?

    I've stood behind people at ATM's before that don't seem to have mastered the ability to type in a 4-digit pin.... I can't imagine how complexities of smartphones will add to the length of the queue.

    I guess it'll be a welcome change for muggers since it's often quite difficult to snatch an expensive smartphone from someone whilst they use an ATM at present.
    Mouseboy007
  • What if you don't have a smartphone?

    NOT everyone have a smartphone!
    NOT everyone can AFFORD to owh a smartphone!
    EVERYBODY need to be able to access their bank account.

    Personaly, I don't have one, don't want to have one and definitively don't need one.

    It's not everybody who will agree, or can pay, to get one to be able to access some ATM.

    So, unless the bank agree to provide his customers with a smartphone for FREE, they will alienate them.
    Kualinar