from the step-zero-have-no-money dept.
chicksdaddy writes: Security Ledger has a piece that looks at the efforts of a string of startups to secure ATM transactions from skimmers and malware-based attacks. Step 1: get rid of the ATM card. The article profiles a couple different companies. One, Trusona, has technology that can uniquely identify standard issue ATM cards by analyzing the unique distribution of Barium Ferrite particles on their magnetic strips and using it to connect the card to the customer. The company combines that with card swipe biometrics to thwart malware-based replay attacks. The article also mentions upgrades that will allow banking customers in the U.S. to use a mobile application to withdraw cash from ATMs without a card or PIN, and a prototype from Diebold that combines proximity based sensing (via NFC) with iris scans to authenticate customers and authorize transactions. Cool as it sounds, its worth remembering that most ATM attacks are decidedly "low tech." A survey by the ATM Industry Association in 2015 listed "physical attacks" and those using "explosives" as the second and third most common type of ATM attack after card skimming.
The computer can't tell you the emotional story. It can give you the exact
mathematical design, but what's missing is the eyebrows.
- Frank Zappa