IT security for the daily life: withdrawing money at cash machines with ‘Google Glass’

Google Glass could join forces with QR codes to make ATM banking safer even for people who use „1234” as their favorite password. The idea from German researchers could help in the fighting against cash machine skimming scams by turning PIN codes into one-time passwords visible only to individual Google Glass wearers.

ATM banking usually requires people to swipe their bank cards and enter a set PIN code—a process vulnerable to so-called ATM skimming by crooks who try to capture PIN numbers with hidden cameras and fake keypads. By comparison, the proposed Google Glass process would have ATM machines request one-time PIN numbers for a customer’s visit and hide the PIN number within a QR code displayed on the screen. Google Glass could then decrypt the QR code using a secret key and display it for the individual customer’s eyes only.

„We know that you can use it to abuse data,” said Dominique Schroder, assistant professor of Cryptographic Algorithms at Saarland University, Germany, in a press release. „But it can also be used to protect data.”

The process developed by Saarland University and the Max Planck Institute for Informatics in Germany requires the Google Glass user to have cryptographic software called „Ubic” loaded onto his or her hardware. Ubic would store the individual’s secret key that „unlocks” the QR codes and finds the one-time PIN numbers generated during each ATM visit. That means other Google Glass users wouldn’t be able to see the PIN numbers hidden within the QR codes because their keys don’t fit.

A scammer could try to spy on a customer’s PIN number when he or she enters it into the ATM machine, but the one-time PIN numbers would be useless for subsequent transactions.

Banking with one-time PIN numbers and QR codes doesn’t necessarily require Google Glass—a smartphone with similar cryptographic hardware could also do the job by scanning QR codes. Still, the German researchers point out that Google Glass offers more privacy for users viewing their decrypted PIN numbers compared to viewing the numbers on a smartphone screen.

Whether or not it catches on, the Ubic experiment makes good use of existing Google Glass capabilities in combination with cryptographic methods, as spectrum.iee.org considers. After all, Google Glass already uses QR codes to connect users with hidden Wifi networks requiring encryption. But future Google Glass applications aimed at banking may also consider incorporating the growing array of biometric technologies intended for securing sensitive information.