Wells Fargo: All ATMs Will Take Phone Codes, Not Just Cards

Given the prevalence of smartphones nowadays, Wells Fargo has announced plans to upgrade all 13,000 of its ATMs next week to allow customers to access their money using their cellphones instead of traditional bank cards. Wells Fargo would be the first to upgrade all of its ATMs with the feature across the United States. ABC News reports: To access their money, customers would get unique eight-digit codes from their Wells Fargo smartphone app, and enter the code into the ATM along with their PIN number. The machines will still accept debit cards as well. One limitation of the one-time code, though, is that it won't work on the secure doors that many branches have for non-business hours that require a customer to swipe an ATM or debit card to gain entry. Wells Fargo said those secure doors are found at a small percentage of branches, mostly in major metropolitan areas like New York City or Chicago. Wells said it plans to roll out another upgrade to its ATMs later this year, which will allow customers to access the ATMs by holding their smartphones up to a reader on the machine, instead of entering the eight-digit code. It would be similar to using Apple Pay or Samsung Pay, the bank said.

Wells Fargo

[DogDude]

I wouldn't trust Wells Fargo any further than I could throw any of their crooked executives. Even if my credit unions offered this, I wouldn't link my cell phone to my banking info. That seems like an extremely bad idea.

Re:

[Anonymous Coward]

I wouldn't trust Wells Fargo any further than I could throw any of their crooked executives. Even if my credit unions offered this, I wouldn't link my cell phone to my banking info. That seems like an extremely bad idea.

It will probably also require a $9.99 monthly 'service charge', and automatically deduct a $1.99 "teller fee" each time you use it.

Re:

[R3d M3rcury]

A customer at Well Fargo actually has to go down to the bank to deposit checks. For me, it's a simple matter of snapping a picture of the checks with my phone.

The Wells Fargo app has that, too. [wellsfargo.com]

Re: Wells Fargo

[nehumanuscrede]

Right there with you man.

There is exactly zero chance I will put anything from my bank accounts within reach of a Smartphone. Ever. For any reason.

I will not login to a banking site with one and will never trust the banking apps nor the overall security of the phone to ever even consider it.

Re:

[mjwx]

I wouldn't trust Wells Fargo any further than I could throw any of their crooked executives. Even if my credit unions offered this, I wouldn't link my cell phone to my banking info. That seems like an extremely bad idea.

Banks in Australia have been offering this for years. You get a code sent to your phone and just plug that into an ATM to get $50.

I agree that tying your bank account to your phone is a phenomenally stupid idea, people seem to be doing it in droves. Until the cost of fraud outweighs the profit, nothing is going to change.

Re:

[Gussington]

I wouldn't trust Wells Fargo any further than I could throw any of their crooked executives. Even if my credit unions offered this, I wouldn't link my cell phone to my banking info. That seems like an extremely bad idea.

We've had this for years. Why are US banks stuck in the 20th century?

As someone that's been waiting over 5 years for...

[Anonymous Coward]

an ATM card, this is just crap. They can't get working ATM cards to their customers, like myself that has had an account for just over forty years, so why add technology and complexity before fixing their basic problems?

Re: As someone that's been waiting over 5 years fo

[Anonymous Coward]

They bought-out Wachovia in 2008, and I still have several friends that don't have working ATM cards yet, including myself. Taking almost nine years is just ridiculous.

Re: As someone that's been waiting over 5 years f

[Anonymous Coward]

To be fair, the purchase wasn't finalized until Oct 15, 2011 so we've only been waiting on working ATM cards for a little over five years.

Card Skimmers?

[irrational_design]

This sounds like a solution to the card skimmer problem.

Re:Card Skimmers?

[TWX]

If they wanted to solve the card-skimmer problem then they'd install circuitry to detect a skimmer placed on the cardslot and they'd show a picture on the ATM screen of what the cardslot should look like. They could even go so far as to make a device that slips out through the cardslot and damages or destroys card skimmers, deploying it between however many uses of the ATM, or they could use a system that retracts the card reader and cardslot into the housing of the machine between uses and allows for automatic inspection and confiscation of skimmer mechanisms.

There are plenty of ways to solve the skimmer problem without resorting to using cell phones and pushing the security responsibility to the accountholder, but they all require effort and money.

Re:

[Rick Schumann]

Two ways they could solve the 'card skimmer' problem:
1. Train bank employees that service the ATM to look for and recognize card skimmers. I'm surprised if they don't already do this. ATMs have to be reloaded with money, have jams cleared, etc, on a regular basis. If bank employees aren't routinely looking for these, then there's something seriously wrong with their procedures.
2. Install software on the ATM itself that scans Bluetooth for card skimmers, and SHUT DOWN if it detects one. I can't see it bein

Re:

[Highdude702]

then i make hardware and software to make the skimmer look like a phone, now nobody with a phone can use that atm machine. they can and will easily skim information. they need to find a new secure way, and cell phones isnt the way.

Re:

[TWX]

Bank employees aren't usually the ones servicing the ATMs, there are crews that drive around and do that, usually with names like BRINKS on the side of the truck. As far as I am aware, the local bank employees have no access into the ATMs.

You probably wouldn't want your average teller to have access to the ATM anyway, tellers make terrible money compared to the standards to which they're held. They have all of the downsides of having to maintain some of the highest standards of grooming of any workplace (

Re:

[cdrudge]

Train bank employees that service the ATM to look for and recognize card skimmers...

ATMs are refilled at most daily? How many cards can a skimmer get if they install it right after an ATM is reloaded. A busy location may be dozens and the skimmer could easily be pulled off prior to the next reload time if it's a normal routine.

Also most of the credit union locations I'm a member of have an ATM mounted on the side of the building. All the reloading is done from the inside of the bank. No employee would need

Re:

[Rick Schumann]

You and another commentor in this thread are ignorning the point: Banks SHOULD have someone auditing their ATM machines, daily, if not several times daily, to ensure there are no unauthorized devices attached to their ATM machines. There is no excuse for not doing it. If Brinks or some other company is who is serving the machines then THEY need to be trained to do this, plain and simple. Laziness is not an excuse, it's part of the problem.

Wells Fargo ATM swap

[emil]

All the Wells Fargo ATMs in my city were recently swapped with flush card slots. There is no protrusion from the slot, and anything mounted over it would be immediately noticed.

Re:

[SpeZek]

What's to stop the skimmers from installing a screen + buttons over the regular screen, capturing your code, and then using the underlying machine to then access your account?

Re:

[KingMotley]

It is a one time use code, so they can have it all they want after I'm done.

Secure Doors

[xaosflux]

Almost all of the "secure door" readers are actually very dumb, and will let basically any card with any kind of account number on the mag stripe open the door. I've opened them with gift cards and rewards cards. The doors are not normally networked to any sort of identification system. They are usually tied to a motion sensor and will not not open if someone is still in the enclosure, and will record the stripe data that is presented to them.

Re:

[Anonymous Coward]

I can confirm this. I've even used my NYC metro-card to open a door.

Re:

[Anonymous Coward]

I used to work IT at a bank. I usually used my library card to open the doors.

Re:

[R3d M3rcury]

Agreed. My Student ID or pretty much anything with a magstripe worked fine.

Bosco

[93 Escort Wagon]

One limitation of the one-time code, though, is that it won't work on the secure doors that many branches have for non-business hours that require a customer to swipe an ATM or debit card to gain entry. Wells Fargo said those secure doors are found at a small percentage of branches, mostly in major metropolitan areas like New York City or Chicago.

George, tell him your code. Shout out your code, man!

Re:

[freeze128]

I was thinking more of the episode of Friends where Chandler was stuck in an ATM vestibule with a model during a blackout. It's ridiculous because the electronic locks should ALWAYS allow egress in the event of a power failure.

Re:

[Highdude702]

Youre thinking Hollywood. not NFPA.

They're not the first.

[tmshort]

Bank of America already offers this

http://promo.bankofamerica.com... [bankofamerica.com]

Re:

[ginoledesma]

I've found this pretty useful. The person ahead of me had their card swallowed for whatever reason (maybe incorrect PIN entered one too many times), so using the contactless method was a relief.

One limitation I've found is that Bank of America has restricted this to withdrawals only. To deposit cash or checks, you'd have to insert your ATM card still.

Surprised it took So long

[Anonymous Coward]

In Poland it is available since 2015.

NÃw probably over 90% of ATMs and 75% of account owners can use the feature.

It is called BLIK.

You can albo use ot at majority of stores , largest online Exchange as wellness as at Aliexpress

Commonwealth Bank of Australia has had Cardless ca

[feebz]

Although I can only use my banks ATM for Cardless cash, there are ATMs available almost all the time. It's the only way I will withdraw cash (though there was once a month or 2 ago where I was forced till use card) cant be skimmed. There have been many times where I forgot my wallet but almost never my phone. A most excellent advancement in tech.

Note to muggers

[ThatsNotPudding]

Try not to get too much blood on the victims' phone; it will degrade the signal.

Re:

[Enigma2175]

"Personal" isn't a useful modifier for identification -- how many time are you asked for your group identification number?

Every time I go to a new doctor or dentist.

LOL wow.

[Highdude702]

So if I have control over your phone, I can tell the app, without you knowing to give me a code. While standing at an atm, and withdraw your money.. HAHA have you guys seen the security on cell phones lately?

Re:

[Anonymous Coward]

Why is this at the bottom of the comments list? For shit's sake /. ....

For those of you who think that's not possible, malware could just as easily wait for the compromised phone to get near the reader, determine it's a financial transaction, (if it's got root, it could even read the data before it's sent out), and then send the proper (fraudulent) transaction command to the ATM, while presenting the user an on screen error, telling them to try their transaction again. (Ten bucks says people will fall for i

Re:

[Pubstar]

Something tells me you're new here.

Re:

[Highdude702]

I find it hilarious. I'm kind of sad I decided to change my life and go legal completely. I would have a lot more money to build Ryzen pc's with lol. Now is ripe time to learn hacking if you don't already know it.

Re:

[Highdude702]

Because in this situation the NEGATIVE is far more important than the little bit of positive.

Re:

[Xarius]

You'd need to pass the app's security too. If you're able to do that then yeah, you're right you can go to an ATM and withdraw the money.

You can also do anything else you want with the bank account.

If someone has rooted your phone and has your online banking credentials, this ATM scheme is the least of your problems.

Re:

[Highdude702]

Once i have as i previously said "control over your phone" Also known as a Root, that apps security answers to me not the other way around.

Re:

[Gussington]

So if I have control over your phone, I can tell the app, without you knowing to give me a code. While standing at an atm, and withdraw your money.. HAHA have you guys seen the security on cell phones lately?

Phone app needs PIN, Card needs PIN. I'll leave this space below for you to explain how this is any less secure:

Re:

[Highdude702]

exploit in phone app. no pin needed. have you ever heard of auth bypass?

Re:

[Gussington]

exploit in phone app. no pin needed. have you ever heard of auth bypass?

The App has it's own PIN, it isn't the phone PIN. And even if you manage to bypass that somehow, you also need your account PIN at the ATM along with the 8 digit code, ie 2FA. You know someone has actually thought about this before you came along...

Re:

[Highdude702]

2FA isn't as secure as you would think. And you already know people's phone app pin will be the same as the card pin. Comes back to people are lazy. If phone pin can be in any way extracted from the 2FA app(think steam) it's insecure. And chances are it can be extracted with skill.

Re:

[Gussington]

. And chances are it can be extracted with skill.

Of course with enough skill you can do almost anything. But part of the game is making it not worth the effort.
We've had this feature here for years without issue. The limit for withdrawal from memory is $200. Why would anyone sufficiently skilled bother risking jail for $200 when they can earn that much in an hour with a legit job?

No phone, no cash?

[Zemran]

As long as the old system continues to work it will be fine but if this is made standard I would have to find a different bank as I am not going to go back to using a smart phone. I rely on my phone too much to endure the ridiculously short battery life on smart phones so I would be forced to choose between my work and the ATM system.

Don't forget Wells Fargo's criminal behavior

[Required Snark]

Wells Fargo is in a steep decline right now due to it's recent credit card scandal. They were caught pressuring clients to get too many credit cards and even opening fraudulent account without customer's consent. [cnn.com] Besides big financial penalties their new credit card applications are down %55 [cnn.com].

So take this with a grain of salt. It is part of a new advertising push to help shore up their image and recover from their self imposed failure. It's not about innovation as much as it is about trying to erase the past.

So

[Impy the Impiuos Imp]

So, instead of popping in a card and 4 digit pin, I have to fumble around with an app then punch in a clumsy, 8-digit ramdom code I will have to mentally triple-check?

Might I suggest "The Inmates Are Running The Asylum [amazon.com]"?

To borrow from the book, bank card + computer = computer

Re:

[Gussington]

So, instead of popping in a card and 4 digit pin, I have to fumble around with an app then punch in a clumsy, 8-digit ramdom code I will have to mentally triple-check?

If it makes you feel better, we've had this in my country for years and the sky didn't fall on anyone's head. It merely offers another way of accessing cash. You can still use your card if you prefer.
An example of how this is beneficial to some people some time I had this very day today. My teenager daughter broke her phone and needed $100 to get it fixed. Rather than wait for me to get home from work and take her down to the nearest mall to see a phone repair shop, I sent her a code which she could use at

SHORT Wells Fargo stock NOW!!

[laurencetux]

given the combo of WF being crooked and the many hacks on cell phones now a days i would give this about 45 days after 75% of the atms are upgraded before there is a massive breach (and a couple Giga-Bucks go "missing")

Re:

[Gussington]

given the combo of WF being crooked and the many hacks on cell phones now a days i would give this about 45 days after 75% of the atms are upgraded before there is a massive breach (and a couple Giga-Bucks go "missing")

Panic! Be Afraid! Fear!
Hate to burst your bubble, this is old tech commonly used in other countries without the catastrophe you anticipate.

Re:

[laurencetux]

yes and even if they literally had access to a set of printed manuals and a Senior Tech they still will muck it up somehow.

Wells Fargo could not pour sand out of their boots securely even if instructions were printed on the heels of said boots.

Just ask any Older Winston Salem residents about Wacovia and what they did to the city (and then got bought out to Double Down on the Derp).

Been around in South Africa for almost a decade

[NakNak]

Sometimes we forget how medieval the US banking system is. Then something like this comes around.

Every major bank in South Africa has offered cardless ATM services for so long I can't even say for sure when the last one came online. But the first seems to have been by 2008 at the latest [moneyweb.co.za].

I use it at least once a month to pay a casual worker who has no bank account. It has also saved my bacon when I forgot my wallet (but not cellphone with banking app) at home. And I've employed it twice when I suspecte

Re:

[Gussington]

Sometimes we forget how medieval the US banking system is. Then something like this comes around.

These stories are quite frequent here, and generally have the same responses.
We've also had this for years. I wonder how such an advanced economy like the US can have such backwards banking tech.

Bank of America started that conversion last year

[digitalFlack]

Since Summer of 2016, I've been using my iPhone Apple Wallet at Bank of America ATMs in the San Francisco/Silicon Valley area and Chicago. January road trip between Buffalo, NY and El Paso Tx, (don't ask) I used it a few times also, but don't remember the cities.

I don't carry an ATM card anymore, even for back up.