Though this article looks dated (2018) it is a current notification—-
As of May 2018, the FBI has seen an increase in cyber criminals exploiting the cardless ATM feature of mobile banking applications to compromise accounts and fraudulently withdraw cash from ATMs. Cardless ATM transactions use a code and a mobile phone for authentication rather than a debit card’s magnetic strip or EMV chip. Cyber criminals used SMS and email phishing campaigns to collect victims’ banking credentials, or SIM swapping to intercept communication, which criminals then used to withdraw cash. FBI reporting showed a significant decrease in the duration of this fraud scheme, from credential acquisition to ATM withdrawal, indicating criminals are quickly adapting to financial institution security measures. As more financial institutions adopt this feature, the exposure of loss increases.