Comments on: ATM Fraud in Broad Daylight http://www.securitybreaklive.com/atm-fraud-broad-daylight.html IT Security Investigations and Insights by Steve Dispensa Fri, 27 Feb 2009 22:10:22 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Daisy http://www.securitybreaklive.com/atm-fraud-broad-daylight.html/comment-page-1#comment-17 Daisy Fri, 27 Feb 2009 22:10:22 +0000 http://www.securitybreaklive.com/?p=40#comment-17 Althouth this is not related to skimming, we had several reports of the following scam across South Dakota yesterday. I'm wondering if anyone else had this happen to them. Our internal research determined the calls were targeted at Verizon Wireless users. The calls originated from this New York phone number 718-814-1436 with a recorded message stating that debit/credit card was compromised press 1 to activate. Althouth this is not related to skimming, we had several reports of the following scam across South Dakota yesterday. I’m wondering if anyone else had this happen to them. Our internal research determined the calls were targeted at Verizon Wireless users. The calls originated from this New York phone number 718-814-1436 with a recorded message stating that debit/credit card was compromised press 1 to activate.

]]> By: Van http://www.securitybreaklive.com/atm-fraud-broad-daylight.html/comment-page-1#comment-12 Van Thu, 26 Feb 2009 15:53:32 +0000 http://www.securitybreaklive.com/?p=40#comment-12 FYI, this isn't just a problem in the US. I live in Costa Rica and there have been several reports of this happening, especially in areas that are high traffic for tourists. FYI, this isn’t just a problem in the US. I live in Costa Rica and there have been several reports of this happening, especially in areas that are high traffic for tourists.

]]> By: Rivka Tadjer http://www.securitybreaklive.com/atm-fraud-broad-daylight.html/comment-page-1#comment-5 Rivka Tadjer Fri, 06 Feb 2009 16:05:54 +0000 http://www.securitybreaklive.com/?p=40#comment-5 Good Morning America just ran this segment on ATM card cloning--- 130 ATMs in 49 citiies, including New York, Chicago, and Atlanta. RBS Payment systems had to cover losses of 100 customers, whose money and identity were stolen. The criminals--in some cases, ironic ones, not smart enough to avoid the ATM bank security cameras--installed skimmers at the ATMs, just like you talked about Steve, grabbed the mag stripe data, cloned the card, used it across town to steal money. Here's the segment: http://abcnews.go.com/Video/playerIndex?id=6810099 The advice the correspondent gives is to check an ATM you use for a skimming device (she wiggled the swipe slot to see if it was the legit, solid one, or one that sits on top), and to cover the keypad with one hand while you key in your PIN with the other, so overhead cameras can't see your PIN. That's it? That's the advice? They need to know about two-factor authentication, for sure. The correspondent did tip to the fact that 65 other countries use chip-embedded cards, not mag stripes, which are more secure. She makes the point that American banks haven't adopted the chip yet because of the cost of replacing the ATM machine readers. Two thoughts I'd like to open up for discussion: One, why aren't all mag stripes protected with some sort of two-factor authentication by law? PCI doesn't cover this! And two, would the chips really be failsafe? Who knows of encryption hacking in Europe on chip-based cards? Good Morning America just ran this segment on ATM card cloning—
130 ATMs in 49 citiies, including New York, Chicago, and Atlanta. RBS Payment systems had to cover losses of 100 customers, whose money and identity were stolen. The criminals–in some cases, ironic ones, not smart enough to avoid the ATM bank security cameras–installed skimmers at the ATMs, just like you talked about Steve, grabbed the mag stripe data, cloned the card, used it across town to steal money.

Here’s the segment:
http://abcnews.go.com/Video/playerIndex?id=6810099

The advice the correspondent gives is to check an ATM you use for a skimming device (she wiggled the swipe slot to see if it was the legit, solid one, or one that sits on top), and to cover the keypad with one hand while you key in your PIN with the other, so overhead cameras can’t see your PIN.

That’s it? That’s the advice? They need to know about two-factor authentication, for sure.

The correspondent did tip to the fact that 65 other countries use chip-embedded cards, not mag stripes, which are more secure. She makes the point that American banks haven’t adopted the chip yet because of the cost of replacing the ATM machine readers.

Two thoughts I’d like to open up for discussion:

One, why aren’t all mag stripes protected with some sort of two-factor authentication by law? PCI doesn’t cover this!

And two, would the chips really be failsafe? Who knows of encryption hacking in Europe on chip-based cards?

]]>