Payment industry calls for EMV-compliant ATMs

A conservative approach to ATM technology at Australia’s big four banks has left them “a little bit behind the times”, payment industry experts have warned.

Although the industry held up chip and PIN technology by the Europay, MasterCard and Visa alliance (EMV) as more secure than magnetic strip cards, no Australian ATMs were currently EMV-compliant.

Matthew Kovac, regional communications director of German banking technology vendor Wincor Nixdorf, speculated that banks had been slow to deploy ATM upgrades as they did not typically consider the machines an important sales channel.

“Aussie banks are a little bit behind the times”, Kovac told iTnews. “There’s been a lot of issues with skimming.”

The European market boasted the most “progressive” ATM technology, Kovac said, noting an uptake of cash recycling and direct marketing technologies.

Since launching in Australia in 2008, Wincor Nixdorf grew to account for 16 percent of the local ATM market, to become the joint second largest device manufacturer according to a 2010 Edgar, Dunn & Company report.

Kovac attributed Wincor Nixdorf’s Australian growth to deals with credit unions and independent ATM brands, noting that while the big four banks – NAB, Commonwealth Bank, ANZ and Westpac – “generally see the advantage” of new devices, they tended to resist change.

The Commonwealth Bank was currently in a selection process for EMV-compliant ATMs to replace its 3,400 ATMs across the country by 2014, in accordance with EFTPOS’s June 2010 commitment (pdf).

“The challenge over time has been to prioritise the pieces we can deliver,” the bank’s executive manager of electronic crime, Matthew Keaney, told the Cards and Payments Australasia conference last week.

In late 2009, Keaney said the bank suffered from skimming attacks that targeted a particular type of ATM in non-branch locations.

“We were at a level that was completely unacceptable to the bank,” he said, noting that skimmer detectors, alarm systems and security processes had since been deployed.

According to Caroline Pearce, the Australian Payments Clearing Association’s head of fraud, risk and compliance, the industry needed to “lift our game” to combat a growing criminal threat.

The Association found debit card fraud to have increased 50 percent last financial year, costing the industry $0.59 per $1,000 for magnetic strip cards and $0.11 per $1,000 for chip and PIN technology.

Pearce attributed the rise to a “spike” in point-of-sale and ATM skimming; however, NSW Detective Superintendent Commander Colin Dyson expected more such incidents in the coming months.

“A Romanian crook told me that Australia is a target because of the level of technology in the banks,” Dyson said told last week’s conference. “In his words, we are a laughing stock,”

Visa’s regional risk management director Ian McKindley said ATMs remained a “real bugbear” in chip and PIN deployment, warning that a lack of EMV compliance in Asia Pacific could draw cybercriminals’ attention to the region.

Australia, New Zealand and Singapore were the only countries in the Asia Pacific region with EMV compliance plans, he explained.

“ATM fraud is the fastest growing [form of fraud] in chipped countries,” McKindley said. “By 2014, the rest of the world [will be] chipped for point-of-sales and ATMs. I’ve got a real concern about Asia Pacific.”

Sixty percent of participants in a recent Edgar, Dunn & Company survey planned to be EMV-capable by 2013, with most respondents expecting compliance to go a long way towards addressing the card skimming issue.