Obviously, this isn’t exactly new, but given the after Christmas shopping season, this and other methods may be sitting just waiting for you.

Bank ATMs Converted to Steal IDs of Bank Customers

A team of organized criminals is installing equipment on legitimate bank ATMs in at least 2 regions to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM (see photos). If you see an attachment like this, do not use the ATM and report it immediately to the bank using the 800 number or phone on the front of the ATM.

The equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. A “skimmer” is mounted to the front of the normal ATM card slot that reads the ATM card number and transmits it to the criminals sitting in a nearby car.

At the same time, a wireless camera is disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries.

The thieves copy the cards and use the PIN numbers to withdraw thousands from many accounts in a very short time directly from the bank ATM.



  1. Gary Marks says:

    Holy ATM card sharks, Batman! Something tells me the Joker is behind this caper. We better get in touch with Commissioner Gordon before the good citizens of Gotham see all their money get the royal flush!

  2. tallwookie says:

    It’s got a green led on there – I suspect the Green Goblin

  3. Kurt Nelson says:

    Whats with you guys? You are just reposting and hijacking things off of Digg lately. Come up with some original content!

  4. Uncle Dave says:

    #3: not everyone reads digg, it’s a holiday week with little going on, and we take interesting things where we find them. And given how digg works, you’re assuming we didn’t get an item from elsewhere that happened to be on digg, also. For the most part, almost everything we post is ‘hijacked’ from somewhere.

  5. The Smart Guy says:

    #3, What’s Digg?

  6. Jägermeister says:

    #5

    Digg is like Slashdot.org for the ADD generation.

  7. Jägermeister says:

    #5

    Digg is like Slashdot for the ADD generation.

  8. Jonathan Fox says:

    #5 what is Slashdot for the ADD generation?

  9. Reality says:

    One method I saw online was in regard to using microfilm that is jammed into the card slot. The ATM user thinks the card has been eaten and when they leave, the thief comes in and pulls out the microfilm and that person’s card along with it. Somewhere in there, the thief offers to help and gets the info needed to access the card.

    Just be wary of any microfilm sticking out of the slots or stuck at the very top out of view.

  10. Haywood Jablome says:

    Silly me, I was thinking ATM was ass-to-mouth. Man, the influence or porn in our lives…

  11. Jägermeister says:

    #7

    The Jeopardy generation just woke up…

  12. PcMonster says:

    Microfilm?? Not quite, but close.
    The perps would insert a simple plastic device that would capture the card. Not letting it enter the card reader all of the way, but holding it in the slot enough that it was effectivly captured. The thief would come in as the person was trying to complete their transaction and say something like, “That happened to me and all I had to do was try my transaction again.” They would then try to see the persons PIN when they tried again. If successful the original customer would get frustrated and leave after several attempts and the thief would have the card and the PIN. It didn’t work as well as this method.
    I worked for Diebold for 7 years as an ATM technician among other things. The main way they combatted that particular scheme was to do away with the captive card reader and replace it with the swipe style reader.
    This article showed one creative way that thieves capture card info by adding the mechanism around the original swipe reader that reads the card info and the camera gets the PIN info. This method worked much better as the customer is able to complete their transaction with no problem. The theif also doesn’t have to enteract with the mark.

  13. James Hill says:

    My father was a Vice President over Risk Management for a very large insurance company, and dealt with these kinds of devices… and others… on a daily basis.

    A good standard rule to avoid this kind of thing is to use ATMs at financial institutions, preferably ones inside the building. ATMs at other locations (on the corner, in a gas station, etc..) are more prone to this kind of fraud, and may even be embraced by the institution the crime is happening at (paying off the gas station attendent, for example).

  14. xjonx says:

    #3 Not everone reads Digg anymore. I know I stopped when the left the tech blog style in favor of (un)funny video posts (from youboobe) and sports news garbage.

  15. Greg Allen says:

    This very thing happened to the ATM at my own bank (but not to me) here in Dubai. The stolen numbers ended up being used in the former Soviet Union which makes me think it was organized crime. Apparently it was installed for days.

    http://archive.gulfnews.com/articles/06/05/31/10043758.html

    My question at the time was — don’t those machines get serviced daily? How clueless was the service guy who didn’t notice the added skimmer?

    My larger gripe remains: I demand that the government force credit card companies to make more robust security for credit & debit cards. This is a decade overdue but the do-nothing no-good Congress sat on their hands.

    A four digit pin is way too lame! And worse is the three digit “security number” on the back! Three digits in the age of routine 128 bit encryption? ( PGP keys are 2,048) That’s less secure than your gym locker! It’s criminally negligent, IMHO.

    Of course we know why: it’s cheaper for the credit card companies to eat the losses than to fix the problem — even though this is horrible for us customers

  16. Julie says:

    I want to be there to giggle when they get the whole 10 bucks that’s ever in my account. 🙂

  17. gunny says:

    Is this for real? I seem to recall an episode of CSI which showed this very caper, right down to the camera-in-the-leaflet-holder trick. The details are identical. Methinks someone’s confusing CSI with network news again. Too much eggnog, perhaps?

  18. Reality says:

    #12 Yes, microfilm. You need to keep up on current events before you go around saying “close, but not quite” about something you don’t know anything about.

  19. James Hill says:

    #15 – Was it a bank or a credit union?

    The former have more lax review laws than the later.

    Also, you’re in Dubai. I’d feel safer at an ATM outside a liquor store in East St. Louis.

  20. edwinrogers says:

    #19. Visit Dubai. They practice Islamic law – nobody messes with the Man in the UoA.

  21. Greg Allen says:

    #19 and #20

    I’m pretty sure it was all banks — they don’t have credit unions here, that I’ a aware. They do have something called “Islamic banks” which somehow avoid interest payments.

    As for safety — Dubai is quite safe from street crime — It’s better than most any inner-city in America.

    However, because the UAE is a relatively new country, laws on banking, consumer fraud, contracts, etc are either non-existent or still fairly weak.

    That actually HELPS for free trade but it’s a buyer-beware economic system.

  22. James Hill says:

    #20 – Only if I’m taking it over. And according to #15, they do “mess with the man”.

    #21 – Nice try at justification. It’s safe, just without all the laws and what not.


0

Bad Behavior has blocked 5813 access attempts in the last 7 days.