Business: Financial: Banking
SMS-operated ATMs   (+5, -3)  [vote for, against]
tell the ATM how much money you want before you get there

For some reason, I've found that the number of people in the queue for the ATM is directly proportional to the urgency of my need for cash (I need to buy a train ticket before the train leaves, for instance).

For every ATM ninja, who knows the menu structure and is in and out with their cash like Gordon Gekko, there's always someone who has to check their balance, futz with the menus, and generally just bimble around cluelessly until I have to gnaw on my fingers to stop myself from screaming at them.

It would be good if I could just SMS the bank to let it know the amount I wanted. I could do this in the queue, or even walking towards the ATM, or on the bus, or wherever. If I didn't have enough, it would send me back a polite message to that effect.

Otherwise, the next time I put my card into any ATM, I'd just have to type in my PIN and the machine would immediately spit out the right amount of cash and give me back my card. And I'm outta there.

Used by everyone, this would speed up the queues just that crucial little bit, and let me catch my *&%kin train.
-- bumhat, Jan 23 2006

RFID technology for ATM and other banking http://news.bbc.co....usiness/4624316.stm
Not SMS related, but an interesting article none-the-less [jonthegeologist, Jan 23 2006]

Cell phones are ridiculously insecure. Anyone with an open platform phone and a bit of software can crack the encryption in a few hours. Criminals can then check your balance, ring up thousands for your next ATM visit, then jump you.

This might be a bit far fetched, but another security flaw nonetheless.
-- Aq_Bi, Jan 23 2006


security hasn't stopped other convenient inventions (online banking) ... it's a good idea [+] Security is a geneal problem of the age we live in.
It reminds me of an idea of using your cell phone screen as a e-ticket. You buy the ticket through SMS and then just show the screen to a scanner (displaying a unique bar code) ... saves you from having to carry cash in the first place
-- ixnaum, Jan 23 2006


[miasere], let's just say if this does ever happen under the GSM standard, I would be sorely tempted to become extremely rich extremely easily. You may or may not be aware that one of the things that makes encryption very easy to crack is the presence of a known piece of plain text in part of the encrypted material.Something like [account number], [PIN], [Amount] would be marvellous.In fact, now I think about it, I'm not even sure SMSs are encrypted at all! Bottom line: under current architecture, this is unworkable unless you very quickly wish to have no money. 3G or 4G may be secure enough to make this viable.
-- DocBrown, Jan 23 2006


Certainly. It goes like this:
1) Hoover up SMSs sent in vicinity of cash machine. The SMS must include card number and PIN for three reasons:

- To be able to confirm that the person asking is an account holder (otherwise all you've done is provide a means by which Johnny Crook can easily check whether a particular machine is knocking over today).
- To validate the transaction (without account details, all the cash machine can say is that it has a certain amount of money in, not that customer x is allowed to take a certain amount).
- To connect the SMS sender to the card that is subsequently entered. The machine can reply to the sender, but if the initial SMS doesn't contain details that identify the card holder, then the cash machine's reply would have to include a token of sorts which the sender would enter when they get to the machine. This would slow the process down, whereas the intent was to speed it up.

2)After doing a bit of harvesting, I return to base, run a search algorithm to find messages sent to the cash machine's number (takes seconds). I decrypt these and I'm then in possession of a list of account numbers and PINs.

3)Using a magnetic card writer I reprogram a bank card (taken out under a pseudonym of course) to the details of my first victim.

4) Depending on my wont, I either make a few large withdrawals, a big purchase or two or just slice a bit off here and there.

I repeat the exercise. Again and again and again until my wealth borders on the grotesque. I am caught out (probably) when investigators point out that anybody commissioning a solid-gold lifesize replica of Jabba's Sail Barge is probably supplementing his lowly monkey salary somehow...

There are a few little kinks in there, but that's the outline. Who's in?
-- DocBrown, Jan 23 2006


[DocBrown]

Correct me if I'm wrong, but the problem is authenticating the cash-request SMS. It's possible to solve that problem by transmitting only a cash amount; you don't have to send the PIN or account number.

The SMS request doesn't go to an individual cash machine, it goes to the bank. The ATM just checks it online after PIN authentication. You could therefore SMS, say, as you got off a plane, then go to the first cashpoint you see anywhere in town.

As for how you authenticate the SMS message, therein perhaps lies the rub. Perhaps every customer is assigned their own SMS text number to text to (is that possible ?); the bank keeps secret the mapping (sms number -> account ID). The text number to send the SMS to is treated like a PIN number, i.e. given only to you. So all a thief would see is a stream of cash amounts going to random text numbers.

If someone nicked your phone and card, all you'd have to do is borrow someone's phone and text '0' to your number. This would lock the card - as long as you could do it before the thief got to an ATM. This mirrors how it is anyway when someone nicks your card.
-- bumhat, Jan 23 2006


How bout you SMS a number for the cash amount, your bank knows what number its coming from and maps that to your account. When you insert you card (at the machine) and type in your pin, a prompt comes up "Did you ask for $XX?, a statement, and $XX to your savings account?" Yes or no, simple answer. No, you have to go through the menus, yes, you've just saved a bit of time.
-- iamnafets, Jan 24 2006


Mr [hat] with great respect, I think you are wrong, and here is why:
- If you only transmit an amount, even if this is not sent to a specific machine but to the bank itself you still run into the problem that whilst the bank probably has £30 to spare, it's not possible to guarantee that the next cash machine you visit has.
- It would be possible to give each customer an SMS number to text to, but it would be a terrifyingly inefficient scheme (a personal telephone banking number basically) and it would still be easy enough to capture the numbers.
- Once you'd captured the numbers you could apply a bit of basic knowledge about human nature (people are probably going to text while waiting in the queue) and come up with a scheme. Something like capture numbers over a week or so, take note of regular customers (easily IDed by recurrence of number over the air at certain time of day), then one day transmit texts to their secret numbers requesting max. amount. Assuming £500 and 10 customers, you now have £5000 in a concentrated area for your "local representatives" to acquire.

As before, it would need tweaking, but it does make it easy for criminals, if you provide them with a method to ensure someone is carrying an amount worth taking. [iamnafets]'s suggestion is wide open to abuse. Just quickly, because I should be getting along, it'd be a cloned phone sending the bank a message, customer enters PIN, gets mugged by crook who knows they're now carrying the maximum withdrawal.
-- DocBrown, Jan 24 2006


As long as the amount withdrawn per day is still limited, security doesn't seem like a big problem. In fact, if SMS were *required*, it could act as an additional level of security.
-- Ford, Oct 14 2008



random, halfbakery