Barclays trialling cash withdrawal via smartphone

Security experts warning it's not a good idea.

Barclays is testing a new feature for cash withdrawals which should eliminate skimming at ATM machines, the BBC reported recently. The idea is similar to contactless and mobile payment systems – you wave your smartphone close to an ATM machine and, when prompted, type in your PIN code in either the smartphone or the ATM.  

The bank says that way it will make it much harder to hijack card details. The new feature is being tested for Android-powered devices only, with iPhones being out of the picture. Apple has limited the use of iPhone NFC chips to their own Apple Pay technology, making it impossible for Barclays to use the device.  However, those that don't have an Android phone will be able to use an NFC-enabled card. A wider rollout is expected next year. Currently, the feature is being tested at 180 branches in the northern part of England.  Security experts, however, are warning that this approach is far from secure. "There could be malware on your phone, which is recording the Pin as it's typed in - that would be a new risk," Dr Steven Murdoch, a cybersecurity expert at University College London told the BBC. 

"The malware might also be able to copy your credentials from one phone to another, allowing the other handset to make a withdrawal. Barclays probably has defences against that, but those defences are unlikely to be perfect." Barclays, on the other hand, says the system will be secure. 

"We have no higher priority than the protection of our customers," a spokeswoman told the BBC. "Our Mobile Banking app has the British Standard Institute Secure Digital Kitemark, which is subject to independent testing, to make sure customers' financial and personal details are protected."  Fujitsu has welcomed the move, saying British banks are learning from other financial institutions. 

“As technology continues to change banking, Fujitsu expects to see self-service devices, such as ATMs, take on a new importance within branch operations,” said Anthony Duffy, Director of Retail Banking in UK & Ireland at Fujitsu.  

“The ATMs that Fujitsu manufactures and deploys can already provide a wide-range of added-value services, such as deposit acceptance, bill payment and transaction management. Some banks use Fujitsu’s biometric offering to authorise cash withdrawal by “reading” the veins contained within the palm of a hand. Making the customer experience easy, if not pleasurable, will form an increasingly important part of the banking proposition”.   

Image Credit: Shutterstock/nenetus