How secure are cardless cash machine withdrawals?

Woman on mobile phone NatWest's mobile app allows customers to withdraw money from a cash machine without a bank card

Related Stories

Are systems used to allow customers to withdraw money from cash machines without their cards as secure they could be?

NatWest recently launched two new systems, Emergency Cash and Get Cash, which generate a security code allowing customers to withdraw money from cash machines. But one NatWest customer lost more than £900 when fraudsters stole his money via this new platform.

The NatWest advertisement publicising the cash machine security code system suggests if you have lost your card, you have no need to worry, and uses the slogan "helpful banking."

But Tim from London had a very different response from NatWest after he found that fraudsters had taken £950 from his account in August using a security code downloaded using a NatWest app.

Start Quote

She said you've been defrauded by an iPhone application for emergency cash”

End Quote Tim, NatWest customer

The money disappeared in 11 cash machine withdrawals in just three days, each one not exceeding the £100 limit NatWest imposes per cardless cash machine withdrawal.

Tim had never heard of the Emergency Cash nor Get Cash systems and banks rarely discuss with customers how a fraud has been carried out, so when Tim phoned to report the fraud NatWest refused to tell him what had happened.

But his bank statement had "emergency cash" next to each transaction and in another call to the bank, Tim got some clarity: "She began to read my file aloud. She said you've been defrauded by an iPhone application for emergency cash. None of this I knew."

Refund refusal

Tim was registered for online banking, but not mobile banking, so he could not have used the app which was used to make the withdrawals.

And making 11 cash machine withdrawals in three days - six of which were in just one day - was not Tim's normal spending pattern.

Start Quote

I am not in a position to refund the disputed transactions”

End Quote NatWest letter

NatWest quickly accepted he had not made the withdrawals, and Tim thought a refund would be straightforward.

But NatWest then accused him in a letter of giving his personal details to a fraudster via a phishing email: "Customers are required to keep their card details and Pin secure at all times. After taking the circumstances of the fraud into account, I am not in a position to refund the disputed transactions."

But although Tim has received such emails, he has never sent his banking details to anyone.

After Money Box contacted NatWest, it said it would refund Tim the £950 as a gesture of goodwill.

Security measures

But Tim says he still wants to know how a fraudster managed to sign up for mobile banking on his account, download the app, and carry out 11 cash machine withdrawals: "It's a huge liability which you don't actually know about. I had to find out what Emergency Cash was. I don't want it as a facility."

Start Quote

We are fully committed to the prevention of fraud and have stringent security procedures in place in this regard”

End Quote NatWest

NatWest said it had strong security measures in place for its Emergency Cash and Get Cash withdrawal systems but admitted fraudsters had in some instances been able to withdraw money using both systems: "We are fully committed to the prevention of fraud and have stringent security procedures in place in this regard. The Get Cash app is only available through the mobile banking App, not as a standalone application.

"Enrolment for the app requires the customer to first register for online banking, then mobile banking and can then proceed to download the app for their mobile."

It said applicants for mobile banking, needed to supply a combination of card and personal details, and their online banking number.

A letter is then sent to the customer's home address alerting them to the fact that mobile banking has been activated.

Tim still does not know how fraudsters were able to obtain these details and NatWest will not tell him.

Dr Steven Murdoch, from Cambridge University's Computer Lab, believes any criminal who finds a way round the security - like the man who defrauded Tim - would be amply rewarded: "I'm sure a lot of fraudsters are thinking about using this application because it's now relatively easy for banks to identify fraudulent transactions and reverse them, even several days after they've happened.

"They can use it to get cash I that's what's going to make it a priority for them."

Money Box is broadcast on Saturdays at 12:00 GMT on BBC Radio 4 and repeated on Sundays at 21:00 BST.

You can listen again via the BBC iPlayer or by downloading Money Box podcast.

Have you had experience of the Emergency Cash system? Let us know your views

If you are happy to be contacted by a BBC journalist please leave a telephone number that we can contact you on. In some cases a selection of your comments will be published, displaying your name as you provide it and location, unless you state otherwise. Your contact details will never be published. When sending us pictures, video or eyewitness accounts at no time should you endanger yourself or others, take any unnecessary risks or infringe any laws. Please ensure you have read the terms and conditions.

Terms and conditions

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

Features & Analysis

Elsewhere on the BBC

  • getawayDigital detox

    If you can’t shake your device addiction on your own, there’s a getaway for you

Programmes

  • Hitch-hiking robot HitchBOTClick Watch

    Hitch-hiking robot HitchBOT completes a 6,000 km (3,700 mile) trip plus other tech news

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.