Thales eSecurity Blog

From the first ATM to contactless cashpoints: the evolution of digital payments

Fifty years ago today the world’s first automated teller machine was installed – to great success, I would say. Not only is its acronym – ATM – so commonly used that it has its own dictionary definition, but also its association with ease and convenience inspired copycat concepts beyond the banking industry (you can buy cupcakes from an “ATM,” for instance).

City dwellers can find an ATM on almost any street corner, and I don’t see them going away any time soon. But today consumers are finding the convenience they once relied on with an ATM in their mobile devices. Apps like Venmo, Paypal, and the newly introduced Zelle lessen the need for an ATM card, the possibility of a transaction fee, and the handing over of cash to a friend after a dinner out.

The power and limitations of ATM technology

Originally the ATM was designed to be a quick and secure way for people to get cash. (Not so long ago, cash was the quick way to pay for goods and services.) Soon thereafter banks saw an opportunity to build out the machines’ capabilities, offering consumers the option to deposit checks, pay bills, review investments, buy tickets and partake in other activities via the ATM.

Scammers, of course, found their way into ATMs with the card skimmer and cameras, a combination that would capture consumers’ card information and PIN, allowing them to run up unauthorized charges or withdrawals. This, as we’ve seen elsewhere in IT and cybersecurity, is the downfall of combining convenient access devices with human imperfection. Consumer service points offer convenience, but it’s critical that they also provide security commensurate with the environment.

The new ATM? Your mobile phone

At this point it’s easy to start seeing the parallels in how ATMs at one time offered convenience with how mobile phones now offer convenience. Everything I just listed – check depositing, bill paying, etc. – you can now do on your phone.

And just as you could (and still can) find an ATM for cash and other services most anywhere, you can now use your phone anywhere (or, for better or worse, everywhere).

Banks are showing that they’re willing to play both a short and a long game when it comes to these technologies. Financial institutions still rely heavily on ATMs – but now they’re integrating them with new technology. Wells Fargo, for instance, has both introduced a “cardless ATM” (to which users gain access by inputting a one-time access code from the bank’s mobile app) and put its name behind Zelle (the new peer-to-peer payments technology I mention above that essentially cuts out consumers’ need for cash withdrawals).

Security then and now

Undergirding all of this innovation is security. The Personal Identification Number – or PIN, as we know it – was the security measure of choice when the ATM was introduced.

However, the industry has some work to do when it comes to helping consumers feel that the use of, or access to, their sensitive financial data is safe on their mobile devices. When we recently surveyed 2,000 consumers from both the UK and the US, it was revealed that over two thirds worry about making purchases using contactless technology or their mobile phone. Their biggest fear when using digital payments is having their financial data stolen by hackers.

Our task, as security and financial services experts, is to answer these consumer questions in a convincing way:

  • How is my personal information protected on the device?
  • How is it protected as it travels to the bank or merchant?
  • How do they know it’s me?
  • Is the personalization process for mobile applications protected?

I know the answers to these questions. Consumers need to know them.

The future of digital payments

I think consumer education is very achievable – and, of course, necessary, because I believe digital payments are going to grow exponentially. We already know from the Federal Reserve Payments Study 2016 that total noncash payments increased at an annual rate of 5.3 percent by number or 3.4 percent by value from 2012 to 2015.

The future of payments will be an underlying component of the mobile commerce experience. Eventually, physical ATMs will go away, and focus on mobile devices will be on the purchase process, not the payment. Consumers will (and, in many cases, already do) have both the “store” and the “ATM” on their phones. It’ll be a seamless process (it could also be very dangerous for shopaholics).

There will be a strong dependence on security to make all of this happen, and ensure it is reliable and low-risk. But the security will rise to the occasion – the market will force it to.

To learn more about how Thales eSecurity secures mobile payments, click here.