Stealing the personal identification numbers of financial accounts can be a jackpot for hackers if it wouldn’t be so hard to pull it off thank to security technologies and data encryption.
Hackers creativity tend to be more and more complex when it comes to intercept PINs at ATMs as Bryan Sartin, director of the team at Verizon Communications (VZ) that investigates data breaches declares “It just blows you away how sophisticated these folks are in thinking this stuff up”.
The process of stealing PINs from ATMs (and similar machines) evolved from the old-school methods which required fitting phony number pads and card readers to retrieve debit card PIN data from the ATMs and gas pumps to an Ocean’s Eleven approach.
This change in how things used to bedonewas determined basically by two things: the risk frauds had to take when exposing themselves as they had to set up the equipment and then come back to remove it (obvious without being caught) and by wireless internet connections used by banks nowadays.
Even if banks use wireless internet connections to monitor ATM cash flow and update software, hackers found new ways to filch PINs remotely,according to a Verizon report.In a moment of inspiration the wind of change determined themto get jobs with technical-support companies which means access to the ATMs. After that, they can install malware that transmits PIN data to an e-mail address or a phone.
In April, the Regulators at the Federal Financial Institutions Examination Council drew attention on small and midsize ATMs banks which are preferred targets for criminals who hack bank Web pages to boost ATM withdrawal limits and then clean out customers accounts.AvivahLitan, an analyst at researcher Gartner, says the remote hacks of web-connected ATMs is a fast-growing problem. In March, for example, theFederal Bureau of Investigation announced charges against 17 peoplein an alleged skimming schemestretched from Bulgaria to Chicago.
David Robertson, publisher of the Nilson Report,states that the memory chips and transmitters that enable PIN hacking are getting thinner and lighter to avoid setting off security equipment installedat retail stores in the past few years by card companies.In many cases, hackers gear can’t be detected by the software that remotely monitors the weight of POS (Point Of Sale)terminals: “They’ve done it in a way that suggests a very serious effort to try to crack this industry”, Robertson declared.
Even if it is hard to say exactly how much has been lost from ATMs skimming due to these type of attacks, the U.S. Secret Service estimated annual lossesat more than $1 billion in 2008, its most recent published figure. Since then Sartin’s team concluded that U.S. companies were the targets of 130 skimming breaches.
Robertson explains that U.S. consumers carry old magnetic-stripe cards which are more vulnerable to PIN capture than cards with RFID chips, which verify that the original card is present for every transaction. “There’s nothing about PINs in 2014 that’s different than PINs in 1994,” he says. “ATMs are in need of even more defense.”