Tag Archives: ATM

Always Looking…


A while ago, I was listening to an episode of This American Life. I had to use Google to find the show because I couldn’t remember most of the show but I did remember one part of the episode. A guy comes home from a party and goes to use the bathroom. He lifts the toilet seat to find a rat looking up at him from inside the toilet bowl. A rat. Ira Glass, the show’s host goes on to inform us that finding a rodent in a toilet is not as unbelievable as one might think. It turns out that there are circumstances under which rodents can find their way into the pipes that become one’s toilet bowl. I can’t rightly remember exactly what these circumstances are because I was panicking too much to pay any real attention.

I am terrified of rodents. I can squash a cockroach without a second thought, I have been known to allow snakes to slither across my arm but the sight of a rodent has been known to reduce me to tears, while taking cover on whatever higher ground I can find. So, upon hearing this story, my deep-seated fear led to a modification of my habits.

I am a terrible sleeper; I have long been a terrible sleeper. Once I have woken up in the middle of the night, my body will use any excuse to decide that it cannot go back to sleep. Therefore, on the occasions that I need to get out of bed, on order to get water or use the bathroom, I do everything in the dark. I don’t want the stimulation of light. I even keep my eyes closed as much as possible. However, post This American Life, I have changed one thing. Now, I flash the bathroom light on for just long enough to lift the seat and inspect the toilet bowl for any intruders.

Similarly, the first time I read about ATM skimmers led to more research and various modifications in my behavior. ATM skimming is hardly new, but technology has helped criminals get better at it. ATM skimmers are basically machines that read and steal the information on the magnetic strip of your credit or debit card. This information is then used to steal your money. Thieves attach skimmers to the face of an ATM and, as a result, when you stick your card into what you believe is the ATM, you are actually passing it through a card reader that is recording all the information on your card. Older model skimmers used to be clunky and unwieldy and all but the most distracted ATM users could spot that something odd was attached to the ATM they wanted to use. Nowadays, however, the attachments are more sophisticated and harder to spot. Often, the skimmers are paired with a hidden camera that is there to record you entering your PIN, giving them all the information that they need in order to clone your bank card.

When I use an ATM, before I use it, I go through a routine that may look odd to anyone passing by. I move my hand over the card slot and try to see if I can move it or if it is firmly fixed in place. I look it over and step back to see if I can spot anything out of place. I also look around to see if I can see a camera. Once I have done the physical check of the ATM, I slide my card in and make sure that I cover up, as much as possible, the keypad as I enter my PIN. I am pretty sure that it is not a foolproof method of avoiding card skimmers, but I do know that taking these precautions has helped people spot these machines and avoid getting their money stolen. Just a few days ago, a card skimmer was discovered at a subway station in Manhattan. In addition to the precautions I take when I use the ATM (this would also apply for those of you who drive and use the Pay-At-The-Pump facility to pay for gas) I also check my bank and credit card accounts just about daily. I have already shared my story about how I learned how important it is to keep track of my finances. The risks brought about by card skimmers increase the need to check up regularly on finances.

So I continue with my little tics. I flash the light and lift the seat carefully. I shake, rattle and roll before I use my card to get money out of the cash machine. So I do a little dance before I get things done, but it is way better to be safe than to have your bottom engaged in combat with a rodent, or to find that your accounts have been cleaned out by a wily crook with a card skimmer and a tiny camera.

Tagged , , , , , , , , ,

Money For Nothing


A few weeks ago, a story broke about arrests made related to a series of incredible ATM heists. A group of criminals struck twice, in over 25 countries and took in over $45 million. The thefts were incredible, not only because they took in so much money, but also because of how well-executed they were, with the thieves striking quickly and efficiently, in so many cities across the globe. How were they able to do this?

They began with prepaid debit cards. Computer hackers hacked into the systems of two prepaid debit card processors and stole debit card numbers. The first time they stole five prepaid debit card numbers from a processor in India and the second time they stole twelve account numbers from a United States based processor. After stealing the numbers, they raised the limits on the debit cards, or removed them completely. This was possible, in part, because prepaid debit cards start out as a blank slate, unconnected to an individual’s account. The limits are set by the amount of cash paid into the account. This information is what was manipulated by the hackers. The hackers then sent the card information to their team members who were scattered around in over 25 countries around the world.

In the same way that a hotel programs a key card for a guest’s room, these criminals programmed the magnetic strips on blank cards, using a machine known as a skimmer, and cloned the prepaid debit cards. In fact, even hotel key cards can be used to clone debit or credit cards, as the technology used to create bank cards is the same technology used to make hotel room cards – not very comforting, is it? Finally, armed with cloned prepaid seemingly limitless debit cards, teams went out onto the streets and withdrew cash. A  lot of cash. During the first heist, using five prepaid numbers, the thieves withdrew $5 million from ATMs in 20 countries. During the second heist, using twelve prepaid accounts, the thieves withdrew $40 million from ATMs in 26 countries in under 10 hours. This is not the first time that this has occurred – theft using prepaid debit card information has happened several times – but this is the grandest scale to date. In a highly coordinated and organized action, the teams of people went from ATM to ATM, swiftly withdrawing funds. They knew which ATMs had the highest maximum withdrawal limits and they knew the most efficient routes to take in order to maximize their intake in the least amount of time. The New York Times reported that from the ATM cameras, one can see a crew member’s backpack getting heavier and heavier, as he went from one machine to the next. There is something to be said for the criminal network; reporting on the shutdown of Liberty Reserve stated that the ATM thieves laundered some of their ill-gotten gains through the shady currency exchange business. When MasterCard, noticed that something was amiss with their prepaid debit cards, they contacted the Secret Service who, among other things, investigates various financial crimes.

The thieves likely targeted prepaid debit cards because of several weaknesses that they were able to exploit. Regular debit cards are connected to a person’s checking account meaning, generally, that a thief is limited to stealing the victim’s checking account balance and not much more than that. A credit card, though a thief can try to go to town with it, is connected to individuals who will notice pretty quickly if a lot of money is taken out of their account. Also, because credit cards come with the history of the user, credit card companies tend to flag them if they notice behavior that is out of the ordinary. The prepaid debit card is a different animal. Prepaid debit cards are a very convenient way for people, who do not wish or are unable to use bank accounts, to go cashless. For a small fee, cash is simply loaded onto a card that will then work as a regular debit card, until the money pre-loaded onto the card is used up. Because it is not connected to a person’s account or spending history, if this card is manipulated, it will take a while before anyone notices that something is amiss.

Because of the nature of the prepaid debit card – that it is not connected to an individual’s account – the thieves needed to steal only a few numbers and raise the limits on a few cards to very high levels. Because only a few were taken, again, it decreased the risk of the theft being immediately noticed. When credit or regular debit cards are stolen, thieves tend to have to steal great numbers of them if they want to make a lot of money out of them. Once a lot of cards are stolen, the chances that someone will notice go up a lot.

As I mentioned before, debit and credit card technology itself is not secure. The magnetic strip technology used on credit and debit cards in the US, is the same technology used to program hotel room keys. The technology has not changed in decades and the machines used to clone credit and debit cards can be bought for $25. The US is the only nation in the G-20 that still uses this magnetic strip technology. The other members use newer chip technology that is more secure.

There are several benefits to the prepaid debit card, some of which are:

  • They can be cheaper for some than having to pay all the fees involved in having a bank account;
  • Despite the skimming and cloning risk, they tend to be safer than holding large amounts of cash;
  • They are good for travel, especially since traveler’s checks are no longer as widely accepted as they used to be and debit cards can be used wherever credit cards are accepted;
  • They are great gift cards as they are not limited to a particular vendor.

One challenge for the issuers and processors of these prepaid debit cards is to make them more secure so that they do not end up losing more and more money to heists such as these ones. Though US banks may believe that newer card technology is too expensive, as thieves steal more and more, they may decide that the benefits of the technology outweigh its costs.  There is also the challenge of protecting the banks and processors against hackers. There have been arrests of the team members who made the ATM withdrawals, and one has even been found shot dead, however the hackers are still at large. They are probably the most dangerous, for without them the prepaid debit account information could not have been stolen and manipulated. That is an ongoing battle that financial institutions and law enforcement fight; as our systems become more sophisticated, so too do cyber criminals.

Tagged , , , , , ,