Recently some banks added a cardless ATM service that allows customers to withdraw funds without using an actual ATM card. Bank of America advertises the service as “future has arrived” and offers a two-step identification system to access the account.
Another bank that has implemented this technology is Chase. The way it works is that a transaction is enabled by using a mobile phone and one-time code generated by a Chase app that needs to be entered directly into an ATM. That code can be used to cash checks, pay Chase credit card bills and mortgages as well as withdraw cash at the ATM. The so-called convenient technology opened a new avenue for scammers and thieves who use stolen customer bank account usernames and passwords to withdraw funds and commit ATM fraud.
The shift to a cardless ATM technology is aimed as part of a larger move to reduce the number of human tellers in the bank branches. Michael Fusco, a JPMorgan spokesman mentioned that “the eATMs will allow customers to access their accounts via a mobile app.”
Chase started implementing eATM technology at the end of 2016. They were soon faced with complaints from customers who became victims of ATM fraud. Back in early November of 2016 a man reported that $3,000 was taken out of an ATM in a city he doesn’t live in. The man drove to his local bank branch and was told that he was locked out of the account because his personal information, such as billing address and password had been changed. Apparently the scammer changed credentials to access online banking leading to blocked access to the app with this new ATM fraud scheme. He was able to log into the account and update the registered email address, so the owner of the account was no longer receiving notifications and alerts. The scammer could also disable all the text message and email alerts.
There were many cases of electronic ATM fraud reported since the end of 2016. However we have not found a public announcement from Chase Bank notifying its customers of ongoing ATM fraud schemes. No have they advised their customers to check their accounts often.
Another case of e- ATM fraud was reported this week in Miami, Florida. The victim learned about the missing cash by randomly checking her account that had a blocked web access. She called the bank and notified them of the issue. The bank verified recent transactions with her and she learned that $600 were withdrawn from the account without her authorization. The bank explained that the transaction was completed with eATM system and money was withdrawn without an actual ATM card. She is still not certain to whether or not she will receive the funds. The bank provided conditional credit, advised her to file a police report and will be investigating the matter further.
These technologies have had a soft integration into the banking system and many customers are not aware of the services. It is important for banks to educate and warn its clients of such technology loopholes in the system and provide immediate measures to secure their customers’ accounts and personal data, reducing ATM fraud cases. We will continue to monitor this matter and post updates as they become available.