ATM Hack: The Tip of the Iceberg

Two stories giving some perspective on the ATM break:

A security analyst says, “What’s really exposed are the retail systems that use the ATM system. It could have been an insider
it’s very hard to know. It was someone who had access to the [encryption] keys data. They were very skilled.”

“The analyst said the crime reflects the largest PIN theft to date and the financial industry will be hit by more PIN-block fraud in the future,” writes Consumerist reader Brian.

aviv.jpg“But Citibank is only the tip of the iceberg,” said Avivah Litan (pictured), a Gartner research vice president and apparently, the only person who knows anything and can talk to the press, “The scam — and scandal — has hit national banks like Bank of America, Wells Fargo, and Washington Mutual, as well as smaller banks, including ones in Oregon, Ohio, and Pennsylvania, all of which have re-issued debit cards in recent weeks.”

“This is the worst hack ever,” Litan maintained. “It’s significant because not only is it a really wide-spread breach, but it affects debit cards, which everyone thought were immune to these kinds of things.”

PIN block hacks are this year’s phishing.

[via Information Week] (Thanks to Brian!)


Edit Your Comment

  1. Hawkins says:

    I apologize if I’m being retarded, so maybe somebody can set me straight. But there’s something I don’t understand: Why the fuck were these people storing the PINs? The PIN is supposed to be transmitted to the bank for validation, but never retained.

    The article says:

    The problem is that retailers improperly store PIN numbers after they’ve been entered, rather than erase them at the PIN-entering pad.

    Presumably there are contractual requirements that dictate this. So why isn’t the party that’s storing the PINs being publicly pinata-fied?

    What possible reason would there be to store the PINs other than to DO CRIMES?

    Maybe somebody can ‘splain this.

  2. limiter says:

    Reading some comments on Slashdot it seems many banks are either not returning money in a timely fashion or they are not returning money at all. My ATM is linked with my checking account and losing $2000 would be disastrous. Taking Consumerist’s advice I have reset my ATM pin and canceled my Visa Check card. I shall start using credit cards (because of their limited $50 liability) from now on despite the inconvenience.