In today's digital age, systems and computing enable convenient and remote access to sensitive information and performance of sensitive transactions. For example, a user may operate a properly configured mobile computing device to conduct or engage in certain mobile or online banking activities that traditionally required the user to be physically present at a banking location. But while users may now remotely perform some banking activities using a mobile device, many transactions or other activities continue to require in-person authentication at a banking location, such as use of an automatic teller machine (ATM) to withdraw cash or conduct other in-person account transactions.
Traditional ATMs require entry of a personal identification number (PIN) to authorize and authenticate a user. Some methods of authentication may include a password or other biometric authentication information to authenticate the user of an ATM. These techniques, however, have considerable drawbacks. For example, passwords, shared secrets, and even biometric information are vulnerable to replication or fraudulent discovery, such as through data theft, social engineering, eavesdropping, or other criminal acts. Thus, use of these traditional techniques alone may not be satisfactory. Although security can be increased using additional security layers, simply supplementing conventional authentication techniques with additional conventional techniques may inconvenience authorized users, by creating a slow and cumbersome authentication process, requiring additional user-involved steps as part of the authentication process. Typical authentication processes also do not discern between certain user actions that are considered riskier or less frequent transactions, for which additional authentication steps may be desirable.
Thus, new techniques are desired to enhance security and increase confidence in authenticating the user of an ATM based on information not easily discoverable or replicated, and while not overburdening the user.