US banks pilot mobile wallet authentication and issuance at the ATM

PARTNER NEWS: ATM manufacturer Diebold has teamed up with HCE specialist SimplyTapp to offer banks a way to use their ATM network to add a layer of card present security to their mobile wallet provisioning process.

SimplyTappCustomers using the service will first authenticate themselves at an ATM, using their debit card and PIN. Once authenticated, they will be able to set up a bank-branded NFC mobile wallet and add cards to it using the card present authentication provided.

America First Credit Union and Banco Popular de Puerto Rico will be the first to pilot the new service.

“Unlike other mobile wallets that do not need a card to be present — but instead allow consumers to take a picture of the card or manually enter the card’s digits to upload — Diebold’s patent-pending process requires the card to be inserted into the ATM’s card reader and be authenticated via PIN entry,” says the ATM manufacturer.

So called “yellow path fraud” was an early issue for Apple Pay and occurs when fraudsters are able to add other people’s cards to their mobile wallets because issuer checks are not stringent enough.

Multi-factor authentication

The new Xpression SafeLoad solution will enable financial institutions to utilize their existing ATM footprint via a software upgrade to “promote, deliver and enable a mobile wallet under the financial institution’s brand,” Diebold’s Douglas Hartung told NFC World.

“The consumer approaches the ATM, they insert their card and enter their PIN,” Hartung explained. “That results in a non-monetary transaction that authenticates that consumer. We’ve now authenticated that customer using standard multi-factor authentication.

“The consumer then gets a message at that ATM — something along the lines of that’s your Android phone, would you like to be able to do everything your friends do on Apple Pay, plus you can use it to get cash at the ATM next time you come back, all with the safety and security of the bank you know and trust?

“When the consumer says yes, they enter their mobile phone number. At that point, we’ve pushed together, in a single secure session, the card data, PIN block and PIN security with the mobile number. That information is transported through a VPN connection to our partners SimplyTapp, who are taking care of all the cloud-based card information and HCE-based security.

“The card information goes up to SimplyTapp. We kick out a text message to that mobile number with a link. The consumer clicks a link to install that bank-branded mobile application and that application is automatically connected back to the card credentials that are residing in the cloud.

“It takes less than a minute and the consumer now has that branded wallet on their phone that they can go and use wherever contactless is accepted.”

Pilot system

“This is a pilot system but it’s certainly much further down the road than just a concept,” Hartung continued. “The solution has been installed at both clients’ sites. The path we have gone down is this — to test the concept in our lab, make sure it works technically, then offer to replicate the trial in pilot participants’ labs. We have completed that.

“Moving it out of a lab environment into a production environment for employee testing, that’s kind of where we’re at right now. The secure onboarding or the safe loading of cards into the environment, in order to do that, that’s simply a software module change at the ATM terminal and ensuring that we have VPN connectivity from those ATMs back to the cloud. You can certainly install that capability on older ATMs.

“The pilot that we’ve built initially is based on inserting your debit card, securing it with a PIN, pushing that into the cloud and securing that wallet with that mobile. Once you’ve used the debit card plus PIN to create a secure authenticated session, there’s no reason why I can’t turn that card reader on the ATM into a card ripper.

“It’s about as complicated as asking the customer would you like to load another card. At that point, I’m just using a hardware component that already exists on that ATM to capture card-present-data off the second card.”

“We think about ATMs as an authentication terminal,” Hartung added. “We just happen to use cards and PINs traditionally, but there’s no reason it can’t be a phone and PIN or a phone and iris scan.

“It’s something we’re very excited about. We’ve been looking for quite a while at how do we get more innovative in terms of blending together, in some fundamental way, the usability of the mobile channel with the security and authentication of the ATM channel.”

Secure onboarding

“From our side, it’s pretty straightforward,” SimplyTapp CEO Doug Yeager added. “We are thrilled to work with Diebold. A lot of the challenges that have come about through digital onboarding, which does not include this card environment that Diebold is providing here, are around onboarding fraud and identifying the customer before activating their mobile payment wallet.

“From a security standpoint, it’s somewhat of a no-brainer for a bank. Diebold helps automate the process and almost makes it as though the issuer is simply signing a contract rather than doing a lot of integration work because the ATM can handle a lot of that integration work on its own.

“So, it’s pretty seamless to bring individual financial institutions up to speed with the newest payment technology, while at the same time offering the highest level of security for onboarding. That’s why we’re very excited about getting into market with this.”

A demonstration of the service working on an ATM can be seen on Diebold’s stand (booth #1831) at Money2020 in Las Vegas next week. A video will also be available at the SimplyTapp booth (Kiosk K7).

Further details can be found in the press release:

Diebold software innovation slashes fraud exposure through secure onboarding to digital payments

America First Credit Union, Banco Popular de Puerto Rico first to pilot contactless mobile payments with secure card onboarding via the ATM

NORTH CANTON, Ohio – Diebold, Incorporated (NYSE: DBD), in partnership with SimplyTapp, a mobile near field communications (NFC) payment and host card emulation (HCE) technology company, are continuing to securely connect the digital and physical worlds of cash with a secure, white-label mobile wallet offering. Through a highly unique and secure card onboarding process, XPRESSION™ SafeLoad, Diebold’s Mobile Cash Access solution reduces fraud by using the inherently secure architecture of the ATM network to onboard the user’s card through the use of standard card present PIN-secured technology.

Unlike other mobile wallets that do not need a card to be present—but instead allow consumers to take a picture of the card or manually enter the card’s digits to upload—Diebold’s patent-pending process requires the card to be inserted into the ATM’s card reader and be authenticated via PIN entry.

To enroll, the consumer approaches the ATM, inserts their card and enters their PIN as normal, which is the most secure transaction type available today. On the ATM screen, they are given the option to enroll in their financial institutions’ mobile wallet. Once they choose this option, they enter their mobile phone number and receive a text message with a link to download the application. Automatically, the consumers’ card data is securely encrypted in the form of tokens and transferred from the ATM to the card issuer’s secure, virtual cloud via SimplyTapp’s HCE solution. This allows the consumer to immediately start using the NFC tap-to-pay functionality on their phone, which can be done at the ATM or any point-of-sale device that accepts contactless payments.

In a recent study, 62 percent of consumers are concerned with mobile payments security[1], but overwhelmingly prefer and trust banks to manage their financial data[2]. This white-label offering enables financial institutions to securely promote mobile integration and control the user experience and data. It also empowers financial institutions to remain competitive by offering an exclusive solution in the growing payments space.

“Consumers these days carry cash, cards and a phone; how can they securely use these together? We brought our knowledge of authentication, security and ATM transaction processing to provide a better, more secure consumer experience,” said Alan Kerr, Diebold executive vice president, software. “From hardware and software to services and security, we have the knowledge and experience to orchestrate the most advanced experiences the industry has ever seen: secure, convenient card onboarding to a mobile payments app, followed by instant NFC access at both point-of-sale and the ATM.”

“SimplyTapp believes extending consumer relationships through mobile devices is critical to the future of banking,” said Doug Yeager, SimplyTapp chief executive officer and co-founder. “Together with Diebold’s secure self-service technology and our leading Cloud Token Solution, the need for highly secure authentication and card onboarding can now be fully realized at the convenience and familiarity of a bank’s ATM.”

Currently in live pilots with customers globally, the new solution creates a truly unique and secure mobile wallet application available at the ATM.

“Being based in the Salt Lake City metropolitan area, we have a deep breadth of experience with a number of mobile and contactless technologies,” said Brice Mindrum, America First Credit Union, head of mobile services. “We have been waiting for a mobile payment solution that also incorporates cardless access at the ATM in a way that supports and extends our brand to manage card onboarding more effectively.”

“This solution is part of a productive and ongoing co-innovation partnership we have with Diebold that helps keep us at the forefront of new technologies and supports our leadership position in our market,” said Rachid Molinary, vice president of digital strategy for Banco Popular. “This type of solution positions us to support our existing customers while enabling us to explore additional value-added services for unbanked and underbanked consumers.”

Diebold will showcase this solution at booth #1831, Oct. 26-28 at the 2015 Money 20/20 Conference in Las Vegas. Pending completion of successful customer pilots, this solution will be commercialized for market in early 2016.

[1] 2015 Federal Reserve Study

[2] Accenture report:

About America First Credit Union

America First is one of the largest, most stable, and most progressive credit unions in the country, and has remained a member-owned, not-for-profit cooperative financial institution since its inception over seven decades ago. From low-rate loans and free online services, to mortgages and free checking accounts, America First offers a vast array of tools allowing you to manage your money, in the manner you desire. For more information, visit, America First Credit Union on Facebook, Twitter, @AmericaFirst on Instagram and Pinterest.

About Banco Popular de Puerto Rico

Founded in 1893, Popular, Inc. (NASDAQ: BPOP) is the leading banking institution by both assets and deposits in Puerto Rico and ranks among the top 50 U.S. banks by assets. In the United States, Popular has established a community-banking franchise providing a broad range of financial services and products with branches in New York, New Jersey and South Florida, operating under the name “Popular Community Bank”.

About SimplyTapp

Founded in 2011 in Austin, TX, SimplyTapp’s mobile NFC payment technology enables credit card issuers and developers to leverage mobile devices for proximity payments and other real-world transactions. SimplyTapp’s technology powers payment functionality for Android, Windows or BlackBerry devices for card-issuing banks and provides a simple and secure transaction environment for industries including retail, transit, ticketing and hospitality. Visit SimplyTapp at

About Diebold

Diebold, Incorporated (NYSE: DBD) provides the technology, software and services that connect people around the world with their money – bridging the physical and digital worlds of cash conveniently, securely and efficiently. Since its founding in 1859, Diebold has evolved to become a leading provider of exceptional self-service innovation, security and services to financial, commercial, retail and other markets. Diebold has approximately 16,000 employees worldwide and is headquartered near Canton, Ohio, USA. Visit Diebold at or on Twitter:

Next: Visit the NFCW Expo to find new suppliers and solutions