washingtonpost.com
Regulators skeptical about PIN technology designed to thwart ATM robberies

By Michelle Singletary
Thursday, May 13, 2010; A12

I've played out in my head many times what I would do if I were abducted and forced to withdraw money from an ATM.

Well, first, if the lowlife took me to an automated teller machine not owned by my bank, I'm sure an alarm would go off, because I never use other banks' ATMs to withdraw money. The machine would say "What?!?" and immediately spit out my card.

Okay, that wouldn't really happen, but it's my delusion.

I've also thought about entering the wrong PIN so many times that the ATM would freeze. But that would surely anger my abductor.

I've even imagined pushing a panic button on the ATM that would summon the police.

Interestingly, the Credit Card Accountability Responsibility and Disclosure Act of 2009, or Credit CARD Act, contained a provision for the Federal Trade Commission to study and report to Congress on the cost-effectiveness of making available emergency PIN technology so that a banking customer who is under duress could alert a local law enforcement agency electronically.

This week, the FTC issued its report, more than two months overdue. With a lot of "we don't know," the agency couldn't recommend anything.

Specifically, the FTC was asked to look at "emergency PIN" or "reverse PIN" and "alarm button" technologies. An emergency PIN would allow a customer in trouble to enter some variation of the regular PIN to summon police. With a reverse PIN, a customer could punch in the number backward, which would alert authorities that a robbery was in progress. So if your PIN was "1234," you would hit "4321." The reverse PIN has been rumored for years to be installed on ATMs, but this is an urban legend.

The FTC discussed another emergency PIN system that has been unsuccessfully marketed to banks. "ATMOnGuard" requires a customer to punch one number after the PIN. The additional number would indicate whether the transaction was being conducted under duress.

Really, all the electronic-alert options sound feasible to me.

But it took the commission 38 pages to conclude that the available technology probably wouldn't "deter any type of ATM crime, and in some instances may actually increase the risk of danger to ATM customers." Oh, and even if the technology were effective, the cost of implementing an emergency PIN system could be substantial, although the agency could not provide any estimates.

Although news reports of ATM customers being robbed might seem frequent, there are few statistics that track ATM robberies in which a victim is compelled to withdraw funds. What evidence there is suggests that the majority of ATM robberies occur after the victim has withdrawn funds, which means an emergency activation system involving the keypad wouldn't help.

The banking industry hasn't been convinced that ATM emergency-alert systems would work, either.

"The findings of the FTC report confirm what we have been saying for years," said Margot Mohsberg, a spokeswoman for the American Bankers Association. "The reverse-PIN technology does not improve the safety of ATM users. . . . We are always looking for new ideas to improve the safety of our customers, but research by several banks across the country has found that the reverse-PIN technology does not do this."

Mohsberg said banks that have looked into the available technology concluded that it doesn't improve customer safety. On the contrary, she said, the institutions thought the technology could further endanger customers by giving them a false sense of security.

Mohsberg raised some good questions:

What if a customer fumbles trying to remember the PIN backward?

If the customer were able to enter the coded PIN, would there be enough time for the police to respond?

"The best thing a person can do in an attempted robbery is hand over the money, get as far away from the robber as possible, and when you are in a safe place, contact the police," she said. "No amount of money is worth endangering your life."

The concerns raised in the FTC report and by the banking industry are reasonable. It's just that we've become so used to technology solving so many of our problems that it seems implausible that we can't find a safe technological way to thwart this particular crime.

Ultimately, in my ATM attack scenarios, I just hand over the money and pray that I'll be let go unharmed. It is just money.

Readers can write to Michelle Singletary at The Washington Post, 1150 15th St. NW, Washington, D.C. 20071.

Comments and questions are welcome, but because of the volume of mail, personal responses are not always possible. Please note that comments or questions may be used in a future column, with the writer's name, unless a specific request to do otherwise is indicated.

Post a Comment


Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.

© 2010 The Washington Post Company