Business Insider tells us that Citibank is experimenting with new technology for withdrawing cash:
New machines being tested by Citigroup Inc. could change the entire process by eliminating the need for debit cards, Peter Rudegeair at the Wall Street Journal reports.Citigroup is collaborating with ATM-manufacturer Diebold to make a machine that scans customers’ eyes or a code on a smartphone to withdraw cash.
The new technology aims to make transactions more secure. No debit cards means no card skimming — when someone puts a fake card reader over an ATM’s real card reader — which accounts for over 80% of ATM fraud.
No debit cards also means no screen or touchpad on the ATM.
Rather, the customer would log in to their bank’s mobile app and select how much money they want to withdraw. They would then approach the machine, which would spit out the exact amount of cash requested after scanning their iris to confirm their identity.
If the way we use ATM’s does change, it wouldn’t be in the near future.
Citigroup is still testing the technology and deciding whether or not to proceed with such a costly and time-consuming transition.
As we’re seeing with the recent shift to EMV technology — which will require consumers to “dip” their new, microchip-embedded cards, rather than swiping them — these changes take time.
Experts expect the EMV transition to be a several-year-long process. If Citigroup decides to start rolling out these new machines, there could be a similar timeline.
I am still against using biometrics, and this case is no different. I certainly agree it would be nice to be able to get your money without needing a card and PIN. Cards can be lost, PINs can be leaked or forgotten or too-easily guessed.
Personally the only time I ever use ATMs is if I’m traveling. At home I just go to the bank and stand in line for a real teller. It really doesn’t take that much longer, there’s no “convenience” fee or bank charges, and besides I usually have something else to do at the bank. That’s how I get my money without an ATM card or PIN.
There are several problems with retinal scanning, ALL of which need to be addressed BEFORE this technology rolls out to the masses:
- Retinal Image Storage – Images of our retinas identify us.
If When someone figures out how to replicate our retinal image to fool the scanners, we can’t just go change our retina like we can a password. There are two sub-issues here
- Images need to be securely hashed like passwords are supposed to be hashed today. Hashing is a one-way encryption algorithm. When you enter your password on a site, the server sends it through the mathematical meat grinder hundreds or thousands of times and compares it to the result of meat grinding your password when you first signed up. Secure sites never actually store passwords because password databases are leaked all the time. Something similar needs to happen with retina scans, and the algorithms to do so need to be publicly reviewed by cryptographers.
- How are these retinal images/hashes being stored? Are they properly encrypted? How easily will they be stolen? And
if when they are stolen, how fast will the criminals be able to decode it and use the information?
- Diebold Itself – Diebold is a historically unreliable, perhaps criminal, company. Just do a search on Diebold voting scandal and see how (purposefully?) lax their security has been on their voting machines. The issue of electronic voting is still not resolved, nor probably will it ever be. This is a negligent choice of vendor.
- Privacy Law – This is the wrong time in history to be foisting biometric technologies on people. When the government thinks it should be able to collect all of your personal emails, phone calls, metadata, GPS locations, health records, and everything else, the last thing they need easy access to is your biometrics. I can practically guarantee that they are salivating over your retina scans if you’ve ever got them done at the eye doctor (if they don’t already have them). So I can guarantee there will be easy access to them if the TBTF banks have them. I remember asking my optometrist what kind of people refuse the retina scans and go for the drops. She said, “only FBI agents and you.”