Thursday, April 9, 2015

Who needs a card to use an ATM?

SMS sent to initiator with 2nd part of 8-digit code
Do you really need to have an ATM card before using the machine to withdraw cash?
Is it possible to give a user a mobile money 'feel' that is enabled by an ATM machine?
I was intrigued this morning when I learned of Fidelity Bank's cardless ATM transaction. It's a transaction that enables an individual to transfer money from his or her Fidelity account, so that a non Fidelity Bank customer (recipient) can withdraw the money, using the bank's ATM!
How it works?
The initiator sends a short code to their telco (for now, this works for MTN and Vodafone subscribers). This connects them to their account(s). After choosing the account, they enter the phone number of the recipient, then specifies the amount to be transferred.
A SMS is sent to the recipient with the first part of an 8-digit code, needed for the withdrawal. The 2nd part of the code is sent to the initiator.
This is a security measure. The recipient therefore has to contact the initiator for the second part of the code.
Recipient at the ATM
The welcome screen has an option 'Cardless transaction', that the recipient chooses.
He/She then enters their phone number, followed by the 8-digit code, then the amount that was transferred.
The recipient has to withdraw ALL the amount that has been transferred.
Then viola!
Mobile banking has come to stay, and technologies/innovations such as this are welcome interventions.

I stumbled on this info while researching on ATM usage in Ghana. It was an assignment for the workshop I'm attending.

Related stories:

How do you tell stories through research?


  1. Peter Frank EshunApril 11, 2015 at 6:29 PM

    Thats ok stuff. They are simply working around the ATM's logic to allow a cardless transaction. Well, as much as this appears to be innovative, i wish to point it out that it is not exactly a breakthrough! Matter of fact, the initial ATM was supposed to be cardless, however, it was redesigned to allow card use as a way of implementing a two factor authentication. Meaning, it is not enough for a user to enter some codes, additionally the user must physically have a card at the time of transaction. This is an added security feature and the same concept is applied to the use of hard tokens for internet banking platforms. Without the hard device, it is not possible for any body to login to the platform irrespective of knowing the password. Lets consider currently how online payments are made. To initiate a payment, one doesnt require a card, they only need card details, ie cardholder name, expiry date, card number and CVV. Once your financial institution validates these details, the payment is good to go. How is this different from traditional atms, not different really! The atm card has all these details and the atm card reader reads all the details required and then proceeds to authenticate the information by returning or accepting the card. Without any scientific thinking, these details can and should be easily keyed in by the user without a card, but this poses huge risk. So now that technology has advanced such that it is becoming increasingly difficult to clone cards thus making atms transactions quiet safe, returning to the era of no cards, isnt a breakthrough - infact it is backwards! And has enormous security concerns. In the case of Fidelity, it is outrageous that you need to depend on a code provided verbally or in text to cash out money. Looks good but poses serious security breaches since the whole process is prone to simple social engineering attacks.Disclaimer: This is my take and my personal view, I may not necessarily be right but I do have four years experience in online payment solutions specializing in over 30 payment platforms across Africa

  2. Thanks for the education Peter. I guess there's a lot that consumers do not know, or take for granted. As a people (Ghanaians), we seem content so long as something works for us.
    This cardless ATM transaction can be a case of compromising security for convenience, no?