U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cardless ATMs will improve security of cash withdrawal

A unit of Canada’s Bank of Montreal will launch on Monday its network of cardless ATMs, a technological innovation to improve users’ security. Recently we have discussed different kinds of attacks against ATM machines, the majority of which were conducted by exploiting hardware skimming. Black box attacks and malware based attacks are a few sample of methods recently observed […]

Cardless ATMs will improve security of cash withdrawal

A unit of Canada’s Bank of Montreal will launch on Monday its network of cardless ATMs, a technological innovation to improve users’ security.

Recently we have discussed different kinds of attacks against ATM machines, the majority of which were conducted by exploiting hardware skimming.

Black box attacks and malware based attacks are a few sample of methods recently observed by security firms.

On the other side, financial institutions are trying to improve security of their services, the most popular countermeasure is based on the distribution of secure credit and debit cards using microchips to avoid card cloning.

Despite the level of security offered by Chip-and-Pin cards is considered very high, recently a group of researchers has demonstrated the feasibility of pre-play attack against this category of cards.

The Wall Street Journal revealed that the BMO Harris, a unit of Canada’s Bank of Montreal, will launch on Monday its network of cardless ATMs. The new generation of ATM allows bank customers to withdraw cash using their smartphones. BMO Harris is the first bank to offer cardless cash withdrawal technology to its users.

The Mobile Cash service will be available on 750 ATMs across the US, but the Wall Street Journal anticipated that the number of the ATMs will pass to 900 by June. Considering that BMO Harris Bank has more than 1,300 ATMs, the innovation proposed by the bank represents a significant effort to protect its customers.

To withdraw cash users need to sign into a mobile banking app dubbed “Mobile Cash“, hold their smartphones over the QR code on the ATM screen and get the money. According security experts of the banking industry, cardless cash withdrawal technology speeds up transactions and reduce the risk of frauds because no card information is stored on the mobile device.

cardless atms mobile

Resuming, an attacker needs to steal the victim’s mobile device and have to know his password in order to carry on a card fraud.

“This particular program offers a lot of benefits for our customers, both in terms of convenience and security. We think it’s going to be something that our customers just find extremely exciting as they use their mobile phones more and more for financial transactions, and frankly, their everyday lives.”

The process of cash withdrawal, also reported by TheHackerNews, in composed by the following steps:

  •  Download the digital banking app, Mobile Cash.
  • Sign into the Mobile Cash app
  • The app will ask you to Enter the amount you want to withdraw
  • The app will store the info until you get to the ATM
  • At the ATM, select a “Mobile Cash” option on the ATM screen
  • A quick response code, or QR code, will appear on the screen. Scan the QR code via your smartphone.
  • Collect your cash. That’s it.

A further defense mechanism consists is the possibility to remotely delete the app if the device is stolen or lost.

Let’s see how the banking industry will accept the innovation.

Pierluigi Paganini

(Security Affairs –  ATMs, banking)