-1

Some ATMs allow depositing money on an account, without prompting for a PIN number. This is probably a convenience to users, but I believe it is also a basic breach in security.

The tradeoff between convenience and security is quite hard (e.g. unlocking smartphones with fingertip scanning or NFC payments), but I can see scenarios where a password is desirable on deposit. The main scenario is to deposit "dirty" money on a stolen-card account to shame the owner (false bribery, false laundering, etc.).

I wonder why some ATMs do not require the PIN on deposit, except the user experience reason.

Eric Platon
  • 107
  • 3
  • 1
    Despite the question having little to do with information security, I am confused. I can go to a post office and transfer cash to your bank account. No one would verify my identity (at least not in Japan). Why are you concerned with ATMs? – techraf Mar 25 '16 at 07:54
  • 1
    I may be misunderstanding the [on-topic page](http://security.stackexchange.com/help/on-topic). Anyway, the question is about understanding the tradeoffs on access protection to an account through an ATM. I guess this is about risk management, and things to consider. Valid point on going to the post office to achieve the same scenario, thanks. – Eric Platon Mar 25 '16 at 08:05
  • 2
    @techraf is correct Eric. Depositing into a bank account is not an action that typically requires authentication when you are dealing with a teller at a bank. Anyone can deposit money into your account. – Neil Smithline Mar 26 '16 at 01:33
  • Thank you all for your feedbacks. Brad Metcalf's answer is inline with the opinions here, yet I am not sure whether to mark it as the one, given that the question has been deemed poor/off-topic in the first place. I have written a question on meta, and then backed off. I am instead flagging the question to delete it. Again, thank you all for the feedbacks---food for thoughts. – Eric Platon Mar 27 '16 at 23:39
  • 1
    This question has to do with banking processes, and security is only tangental. Getting money into your account needs to be easy (think "direct deposit"), just like getting out of a burning building needs to be easy. Security needs to protect risks. What risks are there in lowering the threshold to add money to your account? – schroeder Mar 28 '16 at 04:55

1 Answers1

2

Because you are not adding security by requesting a PIN. You are simply adding an unnecessary step. Anyone can deposit money to an account be either having an routing number, going to a bank branch of the customer and requesting it, etc. If you were to change the behavior of this and enforce it everywhere you would break wire transfers, direct deposits, automatic payments, etc.

If someone received such "dirty" money the issue is easily solved by reporting it to their bank or the proper authorities as soon as it occurs.

Bacon Brad
  • 3,340
  • 19
  • 26