In late March, Wells Fargo announced that its 20 million mobile app customers would be able to withdraw cash from all 13,000 of the bank’s ATMs using nothing more than their smartphones.
With the move, Wells Fargo becomes the first national bank to roll out cardless cash access across its entire U.S. ATM network. Others had dabbled with it in select locations, but Wells is the first to implement the system so broadly.
If you haven’t used this type of service before, here’s how it works. Wells Fargo customers log into the bank’s mobile app and select the “Card-Free ATM Access” option in the “Account Services” section, then request a one-time eight-digit access code — good for only 30 minutes. When the customer arrives at the ATM, they enter the eight-digit code and their debit/ATM card PIN. Then they are directed to the main menu for their transaction, where they enter the amount they’d like to withdraw.
Wells has also announced plans to upgrade its ATMs later in 2017 so that customers would be able to simply hold their smartphones up to a reader on the ATM, enter their PIN and withdraw cash. More than 40% of Wells Fargo ATMs are currently NFC-enabled in this manner.
For Jonathan Velline, head of branch and ATM banking at Wells Fargo, the move is about offering customers more choice and convenience.
“Every time a customer walks up to an ATM or into a branch, chances are they’re carrying a phone, and we believe the real power of mobile is the ability to enhance the customer experience at our ATMs and branches,” says Velline. “Our customers who participated in the pilot have already shared stories of how this technology saved the day when they forgot their wallets or needed cash. Blending our mobile and ATM channels represents the natural evolution of account access.”
A Forrester research report found that such “cross-channel banking interactions” will see significant growth in the next five years. Peter Wannemacher, senior analyst serving eBusiness and channel strategy at Forrester, has predicted that “mobile will act as the ‘connective tissue’ in many of these cross-channel journeys.”
“There are many scenarios and mobile moments where cardless ATM transactions will prove their worth in convenience and value to customers,” he said of banks’ efforts to expand their mobile services by enabling cardless withdrawals.
A 2016 survey on ATM and self-service software trends points in a similar direction, with cardless and contactless transactions ranking high on financial institutions’ four-year wish list — 68% said they were pursuing such initiatives. Survey respondents also said the major focus of ATM software technology over the next four to five years would be integration with mobile devices, followed by adaptation of new concepts for the user interface and cross-channel integration. As for mobile-ATM integration services that their institutions plan to offer in near future, 51% of respondents named mobile ATM withdrawals via NFC; 39% thought their institutions would introduce mobile pre-staging of ATM withdrawals using QR codes, and 37% said they expected to see mobile ATM withdrawals with a one-time-use PIN.
However, not everyone believes that 2017 will be the year cardless cash ATM access replace plastic cards. Experts like Mark Shonebarger VP Retail Finance at Huntington Bank, say that without a “standardized methodology to accept mobile-based transaction everywhere” massive adoption is unlikely. “It can’t just be at one point or another, but it needs to be accepted at all points to be really useful.”
Cardless ATM access has been part of the future ATM forecast since at least 2011. Globally, it’s found successes in Australia with CommBank and WestPac, ICICI Bank in India, PKO Bank Polski in Poland, Baninter and Caixa Bank in Spain, the UK’s NatWest, and Turkey’s Akbank. In the U.S., banking giants including Bank of America, Citigroup, JPMorgan Chase have also run cardless cash mobile access pilots, and announced plans of their own rollouts for later in 2017.
It’s not just for major international and U.S. banks but community banks and credit unions as well. In 2016, FIS and CO-OP Financial Services joined forces to expand FIS Cardless Cash to credit unions using the CO-OP nationwide ATM network. Since 2015, Boston-based Avidia Bank and Salem Five customers have been able to withdraw cash at their branch ATMs using the community banks’ mobile app using their phones and a QR code.
The convenience and added security — whether via two-step authentication with one-time access and PIN, NFC and QR codes, or NFC and PIN — has only added to the allure of cardless cash access.
Are consumers really craving cardless cash access? How much time does it actually save customers compared to just using their debit card? Many say that for now, use is more of an “in case of emergency convenience option” rather than a customer go-to staple, which is one reason why adoption hasn’t been more widespread in the U.S.
When asked by ATM Marketplace what they would most like to see offered at the ATM, the top three consumer responses were multiple denominations (70%), real-time transactions(39%) and biometric ID (34%). Cardless cash ranked 8th on the list, at 14% after other priorities such as check cashing at ATMs (32%) and an email receipt option (29%).
But then again, few consumers would have said they were clambering for mobile banking back in 2007 — just before the iPhone was released. Ten years later, with adoption of mobile banking app skyrocketing, it would be impossible for many of today’s consumers to imagine a world where they couldn’t bank on their mobile devices. So this may be one of those instances where “the voice of the consumer” is something to ignore.
The challenge to the cardless shift is two-fold says James Phillips, VP of Sales & Marketing at Triton. First, banks’ cardless rollouts have — for the most part — been geared solely on their cardholder base; if people already have a card in their wallet that works, why change habits? Second, there are still too many different approaches to cardless cash, with no clear winner emerging as “the one” that consumers should count on for a consistent withdrawal experience.
“Every single cardholder in America knows he or she can walk up to any ATM — card already in hand — and get cash,” says Phillips. “There will be a winning technology, but until that occurs cards will continue to dominate.”
Suzanne Galvin, the executive heading up the strategic and product management functions for U.S. Bank, agrees. She says that the processes surrounding cardless ATM transactions will become more available and more streamlined in 2017, but banks and credit unions won’t be getting rid of the classic ATM/debit card quite yet. “Cardless ATM transactions are about giving consumers — particularly Millennials — an additional convenient option for accessing their cash.” In other words, a supplemental alternative and not a true replacement.
There’s no shortage of ATM fraud schemes including ATM skimming, PIN compromise, deposit-related fraud, cash trapping, dispenser jackpotting, transaction reversal fraud, card trapping, eavesdropping, card data malware, shimming chip card data, network packet sniffing, as well as other network compromise and remote network compromise for card data. And with every new technology release there’s bound to be some security growing pains.
So what about cardless ATM withdrawals? Does it afford the same level of security as chip-and-PIN? That depends. According to KrebsOnSecurity, cardless access definitely cuts back on ATM skimming, but it also presents new opportunities for criminals.
“Identity proofing remains the weakest point in mobile banking,” Avivah LItan, a fraud analyst at Gartner Inc. told Krebs. “Asking for the customer’s username and password to onboard a new mobile device isn’t enough.”
That’s why some financial institutions are looking at biometrics as an additional option for authentication in ATM transactions.
Mobile phones have plenty of potential security exploits, and banking providers are generally unable to provide patches. To help mitigate risk, Krebs recommends using two-step or two-factor authentication — such as the requirement to send a text-message with a one-time code to a mobile device, which would thwart attempts from thieves trying to log in from an unknown device or location. In addition, Krebs suggest that consumers should also be asked to secure their accounts with a special passphrase or code that needs to be supplied whenever authenticating an interaction with representatives over telephone.