DBS Bank experienced unauthorized withdrawal from their customer accounts through the ATM machines. They are now looking for a way to enhance the security measures.
I wish to suggest the following method, which does not involve any change to the current magnetic strip card. I suggest that the ATM machine should ask the customer to use his registered mobile phone to dial a certain number of the bank. The bank will retrieve the mobile number, using caller ID, to "activate" the withdrawal.
For the crook to take out money, the crook needs to have the mobile phone as well. This will be a hindrance to the crook.
Currently, DBS sends a SMS to the customer and ask the customer to enter a PIN from the SMS to confirm the account. My suggested method is more practical and less costly (i.e. does not use SMS) and can also be used for internet banking.
Do you agree with my approach? Can you see any flaws or weakness?