Cash withdrawals using ATM or ATM-cum-Debit cards have skimming and cloning risks associated with the process, where thieves place a small device, known as a skimmer, on an ATM card swiping mechanism, which steals the information stored on a card’s magnetic strip as the card is swiped at the machine during a legitimate ATM transaction.
Along with the skimmer, the thieves also place either a camera inside the ATM or hack the bank camera to capture the ATM PIN of the card user. With the stolen card data, the thieves create cloned cards and using the PIN, they either purchase things or withdraw cash.
“With ATM Debit Cards, its what I have (the physical card) and what I know (ATM PIN). The Debit card (now moving to EMV) is hard to clone. Also I enter the ATM PIN on a secure PIN PAD which is tested for physical and logical security. So the fraud patters have been to have PIN Capturing cameras on top of the ATM machines, etc,” said Dharshan Shanthamurthy, Chief Executive Officer, SISA Information Security Inc.
To eliminate the risks of skimming and cloning, the country’s largest scheduled commercial bank, State Bank of India (SBI) has introduced YONO Cash to facilitate cardless cash withdrawal through the YONO App, which can be accessed through Android and iOS-powered mobile phones, and on the web through a browser, allowing for a seamless omni-channel customer experience.
Customers can initiate the cash withdrawal process by installing the YONO App and setting a six digit YONO Cash PIN for the transaction and another six digit reference number for a transaction, which customers will get after initiating the cash withdrawal process on their registered mobile number via SMS, that has to be used within 30 minutes along with the PIN at the nearest YONO Cash point to get the cash.
How to use your mobile phone to withdraw cash through SBI YONO:
Step 1: Download YONO App in your Android or iOS-powered mobile phone.
Step 2: Use your SBI Account details to log in.
Step 3: Set a six digit YONO Cash PIN.
Step 4: You will get a six digit reference number in your registered mobile number after initiating cash withdrawal process.
Step 5: Visit the nearest YONO Cash point within 30 minutes of receiving the reference number and withdraw cash by using the number along with the YONO Cash PIN.
The SBI has enabled 16,500 ATMs for this service, which are named as YONO Cash Points.
As the new cash withdrawal process is a secured transaction with 2-factor authentication, the SBI expects YONO Cash to up the ante on customer delight by virtue of its security feature and the convenience of card-less cash withdrawals.
“With Yono Cash, the entire experience is pushed to the phone with the PIN being used on the app and in addition getting a OTP on the phone. This system is convenient from the user standpoint. So phone replaces the card,” said Shanthamurthy.
However, the users should keep their mobile phones clean of malware, so that their own devices can’t be hacked. Otherwise, despite the SBI’s effort to eliminate risks, you may still fall prey to frauds, if you compromise the security feature of your phone.
Shanthamurthy, however, expects that SBI has put all the systems in place to check and prevent any fraud. “Considering that the phone is a general purpose instrument, used from games to social media (with no download restrictions), its important that the security is robust at the backend. I cannot comment on what SBI has done in the backend but I would assume that they would have additional fraud analytics put in place in the backend including device fingerprinting as we are seeing increase attacks on mobile app transactions,” he said.