cross-posted from: https://fedia.io/m/privacy/t/346211
I need to check the balance of my bank card. It’s apparently becoming quite rare for ATMs to support balance inquiries. So as I try many different ATMs to check the balance, some ATMs demand PIN entry before you even see the service offers. So I enter my PIN and then it only gives a cash withdrawal option, at which point I eject.
Couple problems here:
anti-fraud AI sensors can be very fragile & trigger happy. If my card is inserted into several different ATMs with & no transaction is initiated, I am of course concerned that my account will be frozen due to fraud false positive.
some ATMs automatically print out your balance on the receipt if you ask for a receipt. Some show it on the screen Some ATMs will only print the balance on the receipt if you specifically requested the balance in your session. Some ATMs are completely incapable of balance inquiries (at least for cards from other banks). Consumers seem to have no way of knowing what kind of ATM they are dealing with in advance, which forces us to experiment.
Questions:
when an ATM demands PIN in advance, does that mean the transaction will signal the bank even if the session is terminated when the menu shows no balance inquiry option? IIUC, the PIN can be verified using the cards EMV chip without using the network - but is that necessarily the case?
when an ATM shows the menu options before asking for a PIN, can we count on no signal being sent to the bank?
One of my accounts got frozen for fraud. I called the bank, complained, demanded answers. The bankers themselves are kept in the dark and left guessing about what happened. One banker said “you asked for more than the daily limit 2 or 3 times, which failed, then you went to a different ATM and tried again. Since you went to a different machine, that likely looked like fraud”. (of course I tried a different machine – why would a legit user keep trying the same machine?)
Every region has a different norm. Smartphone banking may not have caught on in the US but the European normal is quite different in the banking sector.
Europe even has cashless banks (not joking). These are “banks” that actually have no vault, only computers, and do not handle cash. No cash deposits. Withdrawals only possible at ATMs. If your ATM card fails and you need cash, you go to the bank and a banker walks with you to the ATM so the banker can withdraw the cash using a special card. It’s normal in Scandinavia but I think it would be shocking if a US bank were to operate this way. A cashless US bank would be an embarrassment.
The #WarOnCash have made bigger strides in Europe than the US.
If you want to withdraw $15k in banknotes in the US, it’s normal. In Europe it’s not only abnormal but sends red flags. I know someone who tried to withdraw €15k from her bank account and the bank called the police and arrested her. She was not charged with anything but they fully documented the attempt and released her. That was in a country where cash transactions greater than €3k are illegal. Spain, France, and Belgium all have cash limits like this. Netherlands is next. (to be clear, I think a €15k withdrawal would not be illegal on the part of the consumer but it likely exceeded the ToS of the bank and also triggers suspicion… some of the details are murky)
In my region it’s illegal for a bank to offer 1FA logins. So the banks give you an RSA token of sorts… a hardware device. Some banks have opted to use mobile phones for 2FA instead of buying and maintaining special purpose devices for everyone. Then they leaped to the assumption that everyone has a smartphone. From there it’s natural for them to figure there’s no longer need to maintain a website.