Seth Rabinowitz recalls the time he used his HSBC ATM card on a Sunday afternoon in São Paulo, Brazil, at an ATM outside a bank that seemed closed, because it was after regular hours. "It rejected my PIN and spit out the card. I tried again. Same thing. The next day, I used a different card at a different ATM to get some cash, thinking the first ATM card I used the day before would then be locked for faulty PIN entry and I'd call the bank later to unlock it -- it's a hassle to call customer service at certain banks from certain foreign countries ... doable, but a hassle with which one might tend to procrastinate," says Rabinowitz.

A couple of days went by; then, he checked his online statement. "I saw $8,000 deducted from my account in three days from ATM withdrawals," says Rabinowitz.

This was a couple of years ago and Rabinowitz says HSBC still is not able to tell him how the fraudsters were able to exceed his $800 daily ATM limit at all, let alone so drastically. After a week-long investigation, HSBC (HBC) credited him for the $8,000.

"It turns out this ATM -- and the bank -- never open, and this ATM was set up just to collect the magnetic strip number and a PIN," says Rabinowitz, a lead consultant for Silicon Associates in Beverly Hills. "The fraudsters then create a new plastic card magnetized with an exact magnetic duplicate, and of course they've also recorded the PIN. They likely worked in the banking/ATM network, so they were able to get the funds out using the 'new' card fairly easily."

Stories like Rabinowitz's are not rare. ATM skimming is responsible for in excess of $1 billion in losses annually, says Robert Siciliano, a McAfee consultant and identity theft expert.

The problem is growing. "According to IBM's 2010 Trend and Risk Report, there has been a surge in skimming -- it occurred five times as much in 2010 than in 2009, and all indications are the trend is continuing in 2011," says Jeremy Miller, director of Kroll's Fraud Solutions practice.

The Mechanics of a Skim Scam

Typically, skimming at an ATM occurs when a thief has installed a small, almost unnoticeable "skimmer" to the machine that can read the magnetic stripe on a card. Sometimes, the device is rigged to "capture" your card, holding onto it instead of just reading it, so that when you walk away to report the problem, the thief can simply step up and take it. To obtain your PIN, thieves use a number of ingenious techniques: cameras to record you punching it in, devices installed in the pad that record your keystrokes, and the tried-and-true "shoulder surfer" method, explains Miller.

Nor is skimming a problem restricted to ATMs: Thieves can rig any device that is meant to read a card with a magnetic stripe, targeting gas stations, checkout lines grocery stores, restaurants, etc. Sometimes, it is the employee that skims cards, although last year saw a surge in point-of-service skimming incidents that couldn't be traced back to any employee or insider, says Miller.

Skimming today is far more sophisticated than in the past. "Skimmers can include Bluetooth and texting technology that send the data to the criminal anywhere. Keypads can be compromised by devices that overlay the exiting pad and transfer the data remotely," says Siciliano.

There are many ways to get duped, he warns. With "ghost ATMs," a card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction.

Then there are "dummy ATMs." In some cases an ATM is bought on eBay or elsewhere, and installed anywhere there is foot traffic. The machine is set up for one purpose -- to read data. The machine might be powered by car batteries or plugged into the nearest outlet, says Siciliano.

There are also some decidedly low-tech skimming techniques. "A criminal might decide to steal either an ATM or POS terminal. Cash can be pulled from the ATMs, but both types of machines could store card numbers if misconfigured. A stolen machine is also valuable in order to learn about weaknesses or ways to physically attack it," explains Charles Robertson, Ph.D., a researcher and analytics specialist at high-tech security company Verafin.

With so many means of attack, there is a glut of card information on the market. Lazy criminals can simply buy card data, starting at $1 or less. Quality costs extra, but in the underground marketplace, there are products for everyone, says Robertson.

How to Protect Yourself


With so many tricks out there, how can you stay a step ahead of the bad guys?

First and foremost, pay attention to your statements, and check your account every two weeks, says Siciliano. In addition to monitoring your statements, you can also sign up for alerts that will tip you off when certain types of transactions occur.

Raise your awareness about everything when you go to an ATM. "Look for red flags, anything out of place -- your card sticks, odd looking configurations on the ATM, wires, two-sided tape," says Siciliano. Use strong PINs -- mixing uppercase and lowercase, alphabetic and numeric -- online, and when possible, for telephone banking.

Privately owned ATM's are the highest risk because skimming devices can easily be added to the inside of the ATM by its owner. And if an ATM is in an obscure place, it can more easily be tampered with, says Michael Gier, host of the Web TV show at www.ProtectYourself.tv.

Even bank ATM's are at risk because crooks can add fake card readers over the real card-entry slot, says Gier. However, such ATMS are checked more often by branch employees who would notice anything unusual, like a change in the appearance of the PIN pad or something inserted in the magnetic stripe reader, says Suzanne Lynch, assistant professor of criminal justice and director economic crime management program at Utica College in New York.

Look at the face of the ATM. If you see anything suspicious, such as a card reader that is loose or a different color than the rest of the ATM, or that looks as if it was added later because it covers part of the machine that includes text or the logo, do not use the machine, says Miller.

He also advises covering the PIN pad with your hand while entering your number to block cameras that can capture a PIN.

A Cautious Approach

The Better Business Bureau offers a few tips too. "Inspect the ATM. Avoid using ATMs in poorly lit or low trafficked areas. Look for new or suspiciously placed cameras and unusual signage. Don't hesitate to walk away and use another ATM if something appears out of the ordinary. Protect your PIN. When entering your PIN, cover the keypad with your other hand to protect your private information from any cameras in the vicinity. FICO also recommends you periodically change your PIN," it advises.

The ATM Industry Association has much to say on this topic: "Be especially cautious when strangers offer to help you at an ATM, even if your card is stuck or you are experiencing difficulty with the transaction. You should not allow anyone to distract you while you are at the ATM. Check that other individuals in the queue keep an acceptable distance from you. Be on the look- out for individuals who might be watching you enter your PIN. Follow the instructions on the display screen, e.g., do not key in your PIN until the ATM requests you to do so. Do not be in a hurry during the transaction, and carefully secure your card & cash in your wallet, handbag or pocket before leaving the ATM."

Gier keeps it simple, "The best option when possible is to not use ATMs."

Rabinowitz's $8,000 adventure changed his behavior permanently. "I do a couple of things differently," he says. "I am irritated that PIN pads have minimal physical physical shielding (the tiny 2-inch walls that surround the keypad) if any, and I'm more sensitive to that now. I always take my free hand and place it directly above my typing fingers where I am typing in my PIN. Otherwise, it's possible a security camera could record you putting in your PIN, and obviously a thief can recognize the pattern from the video."

He avoids going to standalone ATMs in stores, especially convenience stores. He uses his credit card whenever possible, even for small transactions.

"I still have confidence going to an ATM though, that's actually attached to a branch of a bank, physically, as long as it's in the U.S.," says Rabinowitz, "but I try to avoid needing cash off hours and would rather take the opportunity to interact with one of my banks during normal business hours anyway. I go much less frequently to any ATM."








Increase your money and finance knowledge from home

Building Credit from Scratch

Start building credit...now.

View Course »

Banking Services 101

Understand your bank's services, and how to get the most from them

View Course »

Add a Comment

*0 / 3000 Character Maximum

85 Comments

Filter by:
chishmishdeez

Why did not he carry traveller's cheques ?

September 05 2011 at 12:48 PM Report abuse rate up rate down Reply
theloanarrangers

Type your comment hereIn 1999 I co-founded a wireless tech company that had, as one of it's proprietary IP products, a tested in-market device that triple encrypted and wirelessly sent the input data from ATM's, (including 'stand alone types), in very secure fashion. The machines were installed and successfully used by a major US-based bank, riverboat casinos, etc. Because data was sent wirelessly, no cable was connected to the machines to tie into so criminals were not able to 'read' the inputs/outputs. Customers and their PIN numbers, indeed, their accounts, were safe.Foolish, nefarious, greed-driven parties broke up the company, (even as they tried to steal and hawk the tech on the street). The above article is well-meaning, but 'the elephant in the room' that neither the writer nor contributors noted is that most ATM's have a phone line exiting out the back that transmits the customer's information to bank servers, (just look behind any ATM that's not flush against a wall or inbuilt and you'll see the exposed line). This is the real danger of ATM's. Anybody that can spell RadioShack can tap into that line and rip data. The banks know this but they are complacent, because it's not their personal data that is being stolen.... it's yours. Gary, theloanarrangers a0L

September 02 2011 at 11:05 PM Report abuse rate up rate down Reply
606899067

Digital cameras are a real boost for the modern day photography. The digital format of the imaging makes the object appear glitterier, more prominent, and more beautiful. And while considering digital cameras, the discussion is incomplete without Canon. One can check out the latest displays from Canon at www.rightgadgets.in/it.asp?C=Canon&it=Canon-Camera&ct=2 for more details.

September 02 2011 at 9:13 AM Report abuse -1 rate up rate down Reply
jmeehan102

Just use CASH!

September 02 2011 at 1:31 AM Report abuse rate up rate down Reply
Darby&Allen

LEAVE CARDS AT HOME WHEN YOU COME TO NEW ORLEANS.

September 01 2011 at 4:45 PM Report abuse +1 rate up rate down Reply
Darby&Allen

I found a better way,instead of using debit pin,just push credit,this way it blocks the business from getting personal info,also don't give email when they ask,New Orleans would steal anything anytime,protect yourself from street ghetto hustlers...........................

September 01 2011 at 4:40 PM Report abuse rate up rate down Reply
Bonita

I prefer to add cash to a purchase rather than use the ATM, it saves the little fees that can add up and avoids multiple entires of my pin. Thanks for the article I am sending it to all of our kids and friends . with travel and school we are on the road and away from our home banks often now a days.

September 01 2011 at 5:21 AM Report abuse rate up rate down Reply
bptr9

I have another way to stay safe from this: Be poor as fk like me so there is never any oney to steal.

September 01 2011 at 3:48 AM Report abuse +1 rate up rate down Reply
Diane Todd Fahey

very interesting. hope this posts on my site for all to see and be aware of

September 01 2011 at 3:08 AM Report abuse rate up rate down Reply
smm092181

The Whole point of a Debit card is so you do not have to Carry cash!

Also use your Visa Debit Card as a Visa because it is Safer because your purchases will be Backed by Visa. The EXPERTS Say that when you use your Debit card with the Pin you Open up a Gateway so that a thief is able to steal your Pin Number. I saw this on My Local News and on CNN about 6 Months ago.

ALSO HERE IS SOME WORDS OF WISDOM STAY AWAY FROM WELLS FARGO AND BANK OF AMERICA THEY ARE THE BIGGEST RIP OFF BANKS IN THE USA try to use a Local State Bank or Credit Union in your Hometown. Also For the People in Nevada That is reading this Wells Fargo is going to start charging its Customers a $3.00 Monthly Fee to Use a Debit Card That is $60.00 Per year to use your own Money So I urge all of you nationwide with a WELLS FARGO ACCOUNT TO SAY BYE BYE SO LONG AND GET RID OF THEM!! because if this program is successful here in Nevada it might launch Nationwide. I ALSO URGE EVERY AMERICAN TO DUMP BANK OF AMERICA OR (BANK OF AS*HO*LES AS I CALL THEM) IF WE AS AMERICANS STAND TOGETHER AND TEACH THESE BANKS NOT TO TREAD ON US AND IF WE AS AMERICANS UNITE AND START DEMANDING THE RESPECT THAT WE DESERVE MAYBE THEY WILL WAKE UP AND LISTEN!!

That also Goes for washington PEOPLE NEED TO WAKE UP AND GET INVOLVED IN POLITICS AND STUFF!! Start writing your congressman Lets as Americans Establish a rapport with our elected officials!!!!
THE PROBLEM WITH SOCOETY IS PEOPLE ARE STUCK IN THEIR OWN WORD AND THEY DON'T CARE USE THIS AS YOUR WAKE UP CALL AMERICA!!!
GOT TO GO FOR NOW


See full article from DailyFinance: http://srph.it/qQ5xXt

September 01 2011 at 3:05 AM Report abuse +2 rate up rate down Reply