How secure is contactless cash?
By Teamspirit on Wednesday, 23 November 2016
This week Barclays announced that it will launch the UK’s first contactless cash withdrawal service - from next month, customers will be able to take out up to £100 from in-branch ATMS by tapping their smartphone against a reader.
A key objective of the facility is to improve security when withdrawing money and Barclays hopes to reduce crimes associated with traditional slot-in card machines, such as fraud and theft as a result of skimming or entrapment devices. Clearly the service will banish fears of your card being swallowed by an ATM, but there are obvious risks involved when handing total banking control to your smartphone.
Initially the trial will run in the north of England ahead of a wider rollout across 180 UK branches in 2017, limited to Android smartphones. Customers will have to log in to their mobile banking app, select the amount of cash they wish to withdraw and insert their PIN before tapping the device against the reader within 30 seconds. Alternatively, they can also touch a contactless debit card against the reader before entering their PIN on the machine as normal.
This is not the first instance of cardless withdrawals – four years ago RBS introduced its Get Cash initiative, allowing customers to take out cash using a code messaged to them. This was briefly halted in 2012 following a phishing campaign, and it is cybersecurity risks which will pose the greatest threat to Barclays now. Will smartphone malware be able to access personal details? Could credentials be copied from one handset to another to take money from accounts?
Customers are embracing contactless payments for day to day purchases, but we will have to wait and see if this trust in mobile banking extends to accessing physical cash in hand.