Network News

X My Profile
View More Activity

Smile, You're on Criminal Camera

Security Fix recently highlighted a pair of surveillance devices that criminals had attached to an automated teller machine in Tyson's Corner, Va., to steal financial data from unsuspecting bank machine customers. A few readers responded by asking why they should worry if a camera records them entering their PIN since thieves don't have their actual card too.

Perhaps this picture below, compliments of Fair Isaac Corp., will help clarify the situation. Notice the two things that don't belong on this ATM: the beige wireless video recording box at the machine's left edge, and a card "skimmer" that reads and records the account data stored on the magnetic stripe on the back of each bank card. The thieves affixed the skimmer on top of the slot where a consumer would insert a card so it's able to nab the data as the card slides in. Working with numerous banks, Fair Isaac's Card Alert Fraud Manager unit monitors roughly 60 percent of ATM transaction traffic nationwide for signs of fraud.

Typically, data stolen using these devices is sold in shadowy online marketplaces catering to identity thieves. The data frequently is encoded onto counterfeit cards and used to withdraw money from the victim's account.

John Buzzard, client relations manager at Fair Isaac's card fraud division, said consumers should definitely do business elsewhere and alert the affected institution if they suspect something is amiss with an ATM. But the most effective step consumers can take to avoid being victimized by bank fraud is to regularly monitor their checking and savings accounts for inaccuracies or anomalies, he added.

"The real message here is to keep a good eye on your account balances," Buzzard said. "The idea of waiting for that paper statement to arrive at the end of the month to reconcile your account just not good enough anymore."

By Brian Krebs  |  April 18, 2007; 4:44 PM ET
Categories:  Fraud , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Data Breach Aided University Phishing Scam
Next: The Easy Way to Unclutter a New PC


At what point are the banks and credit card companies liable for the security of their products?

There's no way I'm going to log into my bank account every day to see if money is mysteriously disappearing from my account.

The actual real message here is that banks need better security. A secret account number, or even a PIN, is obsolete technology. Far better methods of authentication have been known for decades.

However, instead of moving toward better security, banks seem to be moving to worse security like RFID tags that transmit your credit number to anyone standing near your wallet, and fingerprint scanners that sacrifice privacy and can still be captured and reproduced.

Posted by: Tom Saxton | April 18, 2007 6:53 PM | Report abuse

Fraud crimes will continue to grow until we exploit ID KEY (memory stick) system which will make both the signature and PIN number systems reliable as follows. Details on ID KEY system on website

ID KEY will activate printer to print ID sticker (small sticker with person's image and name printed on it) which can be attached to the document and countersigned to personalise signature. Chip and PIN system does not make entire signature system reliable the way personalised signature system will and hence is not good enough in combating fraud crimes. Current signature system is like passports without photos and that is why it is so difficult to deter and prosecute fraudsters. Why would anyone get tempted to misuse this system when they know that in the event of crime we will know who they are?

ID KEY will be needed to activate ATMs, Why would anyone get tempted to use stolen or skimmed cards when they know that ATM will not get activated without the use of Card Key Code stored in ID KEY?

*Chip and PIN card system is boosting ATM fraud because fraudsters now have option to skim cards and pick PIN numbers even from retail outlets rather than only ATMs.

Systems like Chip and PIN, biometric ID cards etc. will not make signature and PIN number system at ATMs reliable the way ID KEY system will and hence these systems will only make bad problems worse by diverting fraud crimes to other sectors.

Posted by: Tom | April 19, 2007 3:59 AM | Report abuse

thank you very nıce muck vary very comment...

Posted by: nakliyat | April 19, 2007 4:50 AM | Report abuse

Credit card skimming at ATM machines has been around for ages. For those who are interested how it works, this segment from the BBC "Real Hustle" program illustrates how details are captured and a fake card created on a real-life example:

For further reading on ATM/Card related fraud, the Security Group at the University of Cambridge, has done a lot of work in this area and their blog is a good place to start, e.g.:

Chip and Skim:

Fraud or Feature:

they even demonstrated "Chip & PIN relay attacks":

Thought it might be useful.


Posted by: Igor Drokov | April 19, 2007 8:22 AM | Report abuse

Please remove Tom's thinly-veiled marketing propaganda re:"ID KEY".

Tom: lose the all caps, and lose the PR.

Posted by: John | April 19, 2007 3:15 PM | Report abuse

Having made a comment yesterday I am surprised to see that it has not been accepted for the publication.

As far as I am aware, the comment was useful and contained links to resources relevant to the article readers. Hence, it is disappointing not to see it published.

Best wishes,


Posted by: Igor Drokov | April 20, 2007 10:25 AM | Report abuse

As a Bank Security Officer, banks do not control ATM features. There is a monopoly of two entities in the ATM market that control what goes on the ATMS, NCR and Aptiva. Until they decide enough institutions want this, they will not do it for cost reasons. ATM's are extremely expensive as it is.

Posted by: Chris Chalkley | April 20, 2007 2:34 PM | Report abuse

q70a3baufjw9iyi bkbdro5b5wd [URL=] 1kxw4tiax6h8 [/URL] pioc6k01f

Posted by: giuqe651zi | April 29, 2007 9:12 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company