Scientist from Pune in India have an interesting idea to use one time passwords to withdraw money from the ATM machine. Bad enough, the one time password is to be sent via SMS. I understand it. Banks are great in saving money. A bank does not want to give ATM cards to the customers, as those cards cost money. Well, sending an SMS also costs money, but the bank could request a fee from the customer each time the customer withdraws money. This fee can directly be used to cover the costs for the SMS.
The next interesting thing is, that the customer should authenticate at the ATM with his fingerprint. Perfect: The bank does not have to enroll anything to the customer.
The customer will bring his own mobile phone and tell the bank the phone number.
If the customer wants to use ATMs, the customer will also register at the bank and give his fingerprints to the bank. Not speaking of how secure fingerprints really are. If the mobile phone is lost or stolen, attackers will also get the fingerprint , . So this idea is merely a one-factor-authentication: The possession of the phone!
Besides – Finally everbody gets the customers fingerprints: the state for the ID cards, the bank for withdrawing money – who is next?
Such an authentication scheme will not increase security, it will only help the bank – to save money.
Many people are thinking of biometrics when talking of next level authentication. I don’t see it that way. privacyIDEA tries to avoid compromising your personal identity and anyhow provide you with a secure multi factor authentication solution.
Keep your fingers to yourself!