ATM card-less cash withdrawals: Use your phone

“From today,” announced the RBS Group yesterday, “RBS and NatWest customers can choose to ditch their debit cards in favour of their mobile phones.” Meet ‘GetCash’, which is a method of cash withdrawal from an ATM using a mobile phone rather than a bank card. It is an extension to the existing RBS and NatWest mobile banking app rather than a new separate app. There are no further details on the RBS app description, although NatWest’s mobile banking app description does provide some further details.

“With Get Cash,” says NatWest, “you can choose an amount from £10 to £100 cash you would like to withdraw from within the app. We will then provide you with a secure cash code that will be valid for 3 hours and can be used at any RBS, NatWest or Tesco cash machine to withdraw your cash. You can use this cash code yourself or text it to someone else. You can also request more than one cash code a day but only have one cash code at any one time.”

"This has never been done anywhere in the UK,” said Ben Green, head of mobile at NatWest and RBS, “and yet is a really simple and secure way to help our customers get cash whenever and wherever they need it.” Green cites the common problems of leaving your bank card at home, or needing to get cash to distant children in a hurry. “GetCash,” he says, “means these problems have been solved in a totally secure and painless way.”

It’s an attractive idea; but note the repetition of ‘secure’. Mobile phones are not secure. Noting that consumers are attracted to the whole concept of mobile banking, Rob Wilson, market unit leader at Tradedoubler, commented, “What they need is a payment method that has been designed for phones, that is easy to use and feels secure. Security is a key concern, and this needs to be addressed by banks and retailers alike.”

Alan Goode, the founder and MD of mobile security research and consultancy firm Goode Intelligence, explains both the advantages and concerns. “GetCash,” he told Infosecurity, “is a great example of leveraging the mobile device to provide banking customers with a convenient method for obtaining cash from ATMs. It is also a great way of transitioning bank customers along the path to mobile payments – replacing cards and cash at ATMs and Point of Sale (POS) terminals.” Goode notes that this will benefit both the customer and the bank. But, he adds, “We must be extremely cautious in adopting new financial services on the mobile device, and have to weigh up the advantages of convenience versus security.”

It’s that word ‘security’ again. “Alarm bells ring when I see a code generated on a mobile device being live for up to three hours – especially when this code is linked to £100.” Goode notes the ease with which mobile phones are lost and stolen; and notes that the combination of a £500 device with £100 cash is an even bigger incentive for thieves. “My advice,” he told Infosecurity, “is to protect these devices with strong PINs and password, to investigate ways to better protect access to the device (which could include biometrics), and to invest in mobile security solutions that can locate, lock, wipe and detect the growing levels of financially-motivated mobile malware. And last but not least,” he added, “raise the level of awareness – these are no longer just phones but small computers that have become our prime device in our daily lives.” Small computers that are increasingly providing easy access to our cash.

What’s Hot on Infosecurity Magazine?