is there any reason why ATMs don't support throw-away passwords for withdrawal without card yet?

carrying around a debit card is kind of inconvenient. It could get lost or make you target of “drive by ATM withdrawal” in Brazil or similar place. So, why doesn’t the bank allow customer to generate a bunch of preauthorized withdrawal transactions with an upper limit on the sum and then carry them out whenever he feels like at the ATM using social security and a one time password? The authorization part could be done either online or at ATM when for whatever reason the customer is willing to bring the debit card with him.

The people in a position to implement this are old enough to remember passbooks and banking hours, again which the inconvenient of carrying a single plastic card in a wallet full of other plastic cards is trivial.

Not convenient for us, granted. But very convenient for the bank.

The card is a very simple way for the bank to know who it is dealing with, and then the password is a verification of that. Without the card, you’d have to type in your account number or something. Sounds to me somewhat less secure than the current system.

I look forward to when ATMs in relatively safe parts of the world go to fingerprint or iris scan & PIN systems. Carrying cards is so 20th century.

There were several times when my kids were teenagers and there was some sort of minor emergency where I gave them my card and PIN so they could use it for one withdrawal. Your suggestion would make this impossible.

I don’t find carrying a debit card inconvenient at all. In fact, I find it makes it more convenient for me to carry less cash. If I lose my debit card, I call the bank and they cancel it and issue me a new one. If I lose cash, I’m out the money.

BTW, I’ve been using debit cards for 13 years now and have never lost one.

Two reasons, both WAGs:

  1. Banks like (and/or are required to implement) two factor authentication. Single factor auth doesn’t sufficiently cover their arses or doesn’t meet regulations.

  2. The one-time passwords you describe would be a kind of virtual bearer instrument - you could give the password to anyone over the phone or in email, and they can go straight to an ATM and withdraw $50. A piece of paper with a one-time password written on it is a kind of pseudo-currency (albeit with certain risks and limitations). That opens all sorts of interesting possibilities that the banks don’t want to or aren’t permitted to participate in.

Who’s going to memorize a bunch of one time use numbers? Especially when they’re going to all be several digits long (Without the security of a card, you’re going to need safer numbers).

What you’d end up with is people carrying a sheet of numbers around in their pocket, all of which could be used to withdraw money.

You shouldn’t have written that out loud.

What regulations? What arse-covering? If somebody spies your PIN and copies your card, or copies your card and breaks the PIN (because the PIN encoding system is no longer very secure), will the bank have to eat the damage or you? (In Germany, the courts rule in favour of the banks.)

The PIN and debit card is NOT two-factor, since the debit card only provides info about the account, it’s not verification that the person who has it in his possesion is authorised to; and the PIN is stored on the magnetic stripe itself (coded, sure, but that can be broken, as the tech people have repeadtly proven).

When the tech people suggested adding a chip to the debit cards to prevent card-copying (which works because it only needs the info on the magnetic stripe), the banks said “but that costs too much - we couldn’t get the new cards for a few cents, we would have to spend 1 Euro or more! Oh noes, we would go bankrupt from the costs!” and the customers said “Dudes, this is about our safety, what’s a little extra cost?” and the banks said “Shrug, not our problem if you are robbed, why should we pay extra?”

So, why should the banks offer an additional service that costs money to provide, and that not many people need (because memorizing a safe number is a pain in the ass?)

For starters, the SSN can not be used as an identifier, so you’d need to develop some other large number format, preferably one that has some internal “error correction” so it’s possible to determine if the number itself is real before looking at the password.

Oh wait, we already have that - credit card numbers are validated with a mod-10 checksum. The problem is that most people can’t easily memorize sixteen digit numbers such as the ones on their credit cards, so they have to write them down. What’s the benefit to carrying a slip of paper vs a normal debit/credit card?

Like I’d want my bank to have my fingerprints and iris scan… :dubious:

I don’t think so. I think it’s more convenient than memorizing disposable numbers.

However, some companies are experimenting with letting you use your cell phone serve as an authentication for their ticketing system, typically by creating a scanable barcode or QR code. There are also systems that allow you to use your phone to interact with machines wirelessly. I see more of this in the future.

Finger print scans are way too vulnerable, especially in public applications.

Iris recognition has lighting requirements, which would be problematic on outdoor ATM machines.

Can’t they just add lights?

I’m not at all in favor of iris scans or fingerprinting for casual id purposes, but this seems like an exceedingly minor issue.

I can’t speak for Germany, but this hasn’t been true in the United States for quite some time. There may be some legacy institutions that write your initial PIN encrypted on the magnetic strip, but most don’t do that anymore and in general when you change your PIN at an ATM it is not written to the magnetic strip. PIN verification is done against an encrypted value stored at the issuer, and is almost never done locally at the ATM.

This isn’t exactly what you’re asking about, but I think it’s worth mentioning that Citi, and possibly some other credit card companies, offer Virtual Account Numbers. You can go to their website or use an installable Windows app to generate temporary numbers. These can only be used by the first merchant you charge something with, and everything goes on your bill as if you had used your regular card. You can also set optional time and dollar limits.

These are great for shopping online or over the phone, but of course they don’t work anywhere that you need to present a physical card. It would be nice if there were some printable equivalent.

Pretty much so - Something called the “natural” PIN for your account is generated by encrypting the account number with the bank’s PIN generating key and a little mathematical hand-waving later, a four or six-digit PIN is born.

You don’t know what your natural PIN is, and probably don’t want to. You want to know “your” PIN. So you punch in your PIN on the Atalla terminal at the banker’s desk when you first set up the account, and what you’ve entered is mathematically compared against the natural PIN and the difference, or offset, is encoded on the magnetic stripe. Your self-selected PIN and the natural PIN are not encoded on the card.

At the ATM, when you enter your PIN, the ATM mathematically combines your entry with the PIN offset it read from the mag stripe and sends that down the wire to the bank. Your PIN is not transmitted. The bank decrypts that against its PIN generating key and if the result is the natural PIN, it allows the transaction.

Seconding what gotpasswords said, with a more rudimentary explanation (I have the frustrating responsibility of explaining “security stuff” to non-security people).

In the security world, we believe in multi-factor authentication.

Authentication is generally classified as “something you have, something you know, something you are.” Your ATM card is something you have, but you also have to know the PIN to acheive multifactor (PIN being something you know).

Biometric solutions have to walk a tightrope - they’re prone to false positives and false negatives (Type I and Type II errors). So if my fingerprint/iris/whatever is similar enough to yours, I’ll pass. Or if your hand is sweaty or you have an eye condition, you’ll fail even though you’re legit. Plus biometrics is a relatively expensive thing to deploy (instead of older-school tried-and-true tech). If you look at places that have good security implementing (and needing) biometrics, the authentication is usually accompanied by an access card and/or PIN.

If someone just finds your card, you don’t want that to be sufficient for them to drain your account. Similarly (since a lot of people write PINs down and such), just having a PIN (even if it’s a one-time) is insufficient. This doesn’t just protect the banks - a multifactor authentication is typically viewed in courts as an acceptable equivalent of a “signature,” so if you just have single factor, you could drain your bank account and claim it was compromised by an attacker (imagine how much they’d charge in fees to cover their losses); or someone could compromise your account and you’d be held liable because the single factor was “acceptable.”

And, FTR, a username and password is SINGLE FACTOR (I get sick of explaining that, but a username is not “something you are,” nor is it “something you know”).

We have these already. They’re called cheques. Sure you can’t do them over the phone, but it’s not that different a concept.

re: chips on debit/credit cards: I’m pretty sure these are being mandated in Canada, with all cards and readers expected to be compliant within the next couple of years.

The real answer to all of these suggestions is that they would be expensive for the bank to do, and they don’t see any equivalent gain in more customers or more profits to justify that expense.