NCR Makes 2D Barcode Secure Enough for ATM Cash Withdrawals
In recent posts, I have discussed some of the headwinds NFC faces in respect to achieving mainstream adoption. One of the most critical challenges facing NFC is that many of the applications it enables are achievable via other, more established technologies such as QR codes and 2D barcodes, usually with less cost and integration complexity to boot. To counter this criticism, NFC proponents are quick to point out that these competing solutions have their own shortcomings, particularly in respect to their lack of security. However, as NCR has demonstrated with the recent introduction of its Mobile Cash Withdrawal (MCW) software for ATMs, inadequate security is not always the Achilles’ heel of these NFC alternatives—it depends on how the technology is integrated as part of the broader solution.
NCR’s MCW software, which is slated for pilot testing later this year and expected to be released in 2013, requires no special hardware and can operate on any manufacturer’s ATM. The solution works as follows: A consumer wanting to withdraw cash initiates a request using NCR’s mobile banking app, which operates on Android and iOS platforms—this step can be done anywhere. At an ATM within their banking network, the customer uses their mobile device’s camera to capture the 2D barcode displayed on the ATM, which is encoded with the location of that particular ATM. This information is then transmitted to the bank. After verifying the transaction, the ATM dispenses cash.
NCR claims the entire process from scanning the barcode to taking cash from the ATM could be as brief as 10 seconds. Improved security over traditional card-and-PIN withdrawals is an added bonus. Since no card or PIN is required, the MCW solution effectively neutralizes skimming fraud, whereby criminals rig ATMs with unauthorized recording devices in order to steal card/PIN data.
While QR code and 2D barcode will never offer the same level of security inherent to NFC, as NCR has demonstrated with its MCW software, it is possible to implement these less secure solutions in a way that minimizes (or eliminates entirely) their exposure to security threats. If other mobile application developers leveraging QR code and 2D barcode can devise implementation schemes similar to that of the MCW solution, these technologies will present an even stronger challenge to NFC. We expect this increased competition will be particularly noticeable in the realm of secure applications such as payment, ticketing and security/access control, where alternative solutions such as QR and 2D have generally been disregarded due to security concerns.