Apparently if you use the Citibank ATMs at the local 7-Elevens in New York, you may want to change your Personal Identification Number. A security hole was exploited by 3 individuals who took over 2 Million dollars in a 5 month period.They are now facing federal charges for the crime.
The theives connected to the back end computer where they collected the PIN numbers as they were being transmitted. What is worse is it seems that these ATM’s – which use Windows software – don’t encrypt the PIN numbers when sent, so it’s easy to intercept.
Now don’t blame Windows for the error: a PIN number should be encrypted before sent and it seems these machines sent these numbers without. This is an oversight that will most likely be corrected and checked for in any ATM in the future.
Still, it does raise concern over how an ATM operates. I can easily purchase and set up an ATM machine in any location to make some money. If you watch CSI, you might remember the episode where Nick Stokes uncovers a card skimming operation – an overlay to the card reader and a small camera to watch the PIN being entered.
This, however, is something scarier because all the thief has to do is intercept the signal from ATM to bank. Some ATM’s still run over phone lines. All you need is a recording device hooked up to a tapped line and you could get the card number and PIN of whoever uses the machine.
Something to think about when you make your next transaction. Most importantly, its more reason to watch closely to what your account activity is. You never know when someone else is watching it, too.
Actually, it wasn’t Citi that was hacked, but the ATM network provider “taking” the card data from the ATM, and passing it through “to the bank”, so the headline is somewhat misleading.
The fault is with the independent ATM agency, not the bank itself.
From the Boston Globe: “That responsibility falls on two companies: Houston-based Cardtronics Inc., which owns all the machines but only operates some, and Brookfield, Wis.-based Fiserv Inc., which operates the others.”
I know we all hate banks, but call them wrong strong and hard when they are, not when they aren’t. (just my opinion)
Eddie