Apparently if you use the Citibank ATMs at the local 7-Elevens in New York, you may want to change your Personal Identification Number. A security hole was exploited by 3 individuals who took over 2 Million dollars in a 5 month period.They are now facing federal charges for the crime.
The theives connected to the back end computer where they collected the PIN numbers as they were being transmitted. What is worse is it seems that these ATM’s – which use Windows software – don’t encrypt the PIN numbers when sent, so it’s easy to intercept.
Now don’t blame Windows for the error: a PIN number should be encrypted before sent and it seems these machines sent these numbers without. This is an oversight that will most likely be corrected and checked for in any ATM in the future.
Still, it does raise concern over how an ATM operates. I can easily purchase and set up an ATM machine in any location to make some money. If you watch CSI, you might remember the episode where Nick Stokes uncovers a card skimming operation – an overlay to the card reader and a small camera to watch the PIN being entered.
This, however, is something scarier because all the thief has to do is intercept the signal from ATM to bank. Some ATM’s still run over phone lines. All you need is a recording device hooked up to a tapped line and you could get the card number and PIN of whoever uses the machine.
Something to think about when you make your next transaction. Most importantly, its more reason to watch closely to what your account activity is. You never know when someone else is watching it, too.