ATMs haven't changed all that much over the years. Bankers are a very conservative bunch. But now Diebold has deployed the first of a completely new kind of ATM designed to appeal to gadget-obsessed millennials.
The machine has no physical buttons or card reader. You do nearly all your interactions with it through the cloud using a smartphone. This video demonstrates it.
The new machine was announced in early 2013. but now there is one in operation at Diebold's own credit union, Diebold Federal Credit Union (DFCU).
All kinds of cool applications become possible in this scenario. One example they show is how a user can authorize a third party to withdraw a specified amount of cash from his account. In the app, you pick a person from a list which the app populates from the phone's contacts list, then designate an account and an amount of money. The app sends an SMS to that person with a six-digit code. The other person goes to an ATM and enters this code, at which point it dispenses cash.
Such ATMs should make skimming basically impossible. Customers conduct very little interaction directly with the ATM itself. New, stronger methods of authentication are possible: For instance, the user at the phone can prove that they are the one at the ATM by taking a photo of a QR code on the ATM display.
This design also makes the ATM itself much simpler, more of a thin client. With as much of the logic in the process as possible in the cloud, the code in the ATM itself could be simpler and more hardened and heavily scrutinized.
Another important part of this design is a mobile wallet provided by Paydiant that allows customers to pre-stage withdrawals. It also creates the possibility of using similar technologies for point of sale: Imagine the customer at the register paying by scanning a QR code generated by the point-of-sale system. The QR code, sent through the mobile wallet from the phone, authorizes payment which is confirmed to the register from the cloud. Or the other way around: The user could authorize payment of a certain amount in their app and generate a QR code which is scanned by the register, becoming the equivalent of a one-time credit card.
The US is only beginning to implement the infrastructure necessary for EMV (Europay-Mastercard-VISA), a smart card system that will prevent most of the payment card fraud we experience today. But the smart phone and the cloud are an infinitely more sophisticated solution and a lower cost one at that.
No card or PIN are required at the ATM or point of sale. But that makes authentication for the app and phone all the more crucial, lest anyone who steals the phone could gain access to accounts. Take a close look at all this. It's the wave of the future.