There are a number of reasons for the susceptibility of ATMs. One of the primary causes is that ATMs do not implement specific, unique software. Most use "publicly available operating systems and off-the-shelf hardware." (pcworld.com) As a result, criminals can easily construct their false machines and card swipers, and can work to find methods for infecting machines with malicious software. Another reason is cash machines around the world do not have the same safety measures; this is a likely reason crime across the many countries of Europe is prevalent. ATM users may be used to the security of specific machines and be unaware of the risks of strange machines. The fact that tampering occurs is also evidence that ATMs are not monitored carefully enough. Obviously the purpose of an automated machine is that it does not require non-machine supervision, but the use of security cameras and other monitoring techniques could prove a successful deterrent to these crimes.
Awareness is key in addressing these situations; customers must be aware that these crimes occur and take precaution against the most basic attacks at the very least. This involves taking care when entering one's PIN, only using machines in areas where it is fitting for machines to exist, checking what one is swiping one's card through, regular changing of PIN numbers, and so on. I think it would also believe it would be beneficial for European banking companies to create standards in regard to their ATMs. This could include machine appearance, safety/security measures, machine-monitoring techniques, etc. Overall, awareness is essential for both the company and the customer.
Sources:
Kirk, Jeremy. "European Banks Warned: Brace for Rise in Cash Machine Fraud" September 7, 2009. http://www.pcworld.com/businesscenter/article/171542/european_banks_warned_brace_for_rise_in_cash_machine_fraud.html
Collinson, Patrick. "Huge rise in cash-machine crime, watchdog warns" September 7, 2009. http://www.guardian.co.uk/uk/2009/sep/07/cash-machine-crime-increase-fraud
Posts
This doesn't directly build off of this post, but talking about PIN numbers links back to the lecture on passwords from Thursday. With technology in these ATM's that copies the magnetic strip of the credit card, the PIN wouldn't have to be physically stolen. It could easily be guessed because it is only made up of four numbers. This makes the PIN an extremely vulnerable authenification measure - you could say that the "something you have" (the card itself) is the more secure of the two authentification measures used in ATM transactions. With technology being as advanced as it is today, credit card companies should look into making PIN numbers more difficult to guess to prevent ATM crime.
ReplyDeleteI agree that PIN numbers should be longer than 4 digits. I also think it should be standard procedure to have a security camera on ATMs. It would be costly to constantly monitor them, but just the fact that one is there would deter people from putting false equipment over the top of legitimate machines in the case that they were being immediately watched. It would also be fairly simple to quickly review footage just when people are approaching to see if they attach a fake device. Of course, this doesn't solve the problem of entirely fake machines. Most banks at least in the US publish where their ATMs are located, so that could be researched if someone was unsure about an ATM in a more remote location. As a side, I wonder, do these false machines actually distribute cash when used?
ReplyDeleteIn response to TMGP, the articles reported that some of the fake cash machines do in fact distribute money to users.
ReplyDeleteI would agree with Luther that this article ties in with our password discussion very well. ATM's use 2 factor authentication for security, but even this doesn't seem to be enough. I don't know if increasing the number of digits would necessarily help only because if hackers can figure out 4 numbers, they can figure out 7 or 10 as well (though it might take longer). Instead, a new form of security may be necessary. As TMGP suggested, putting security cameras up would be a great deterrent, even if they aren't constantly monitored. Just having the camera there would scare hackers away. Also, banks need to monitor their ATM's more closely to ensure that devices have not been added. I'm curious as to whether a certain bank is being targeted or if it's just ATM's in general. And how does this compare to U.S. ATM security?
ReplyDeleteApparently, there is the same risk of ATM skimmers in the United States. I thought it would be relatively easy to spot these fraudulent machines if one was aware of the skimmer threat. However I found this report from the police the University of Texas. Look at the photographs; I would never be able to tell. Thieves utilize some extensive social engineering to hide cameras that capture PINs, or even pose as maintenance workers, or friendly neighbors telling you how to use the machine. According to some online advice, its best to use ATMs you are already familiar with. As far as PINs, you should cover the pad as you type or “pretend” to press other keys. The companies managing these machines need to step up, monitoring any illegal modifications and checking for irregular wireless transmissions coming from around the machine (as this is how the info is stolen).
ReplyDeletehttp://www.utexas.edu/police/alerts/atm_scam/
I think one of the biggest problems is lack of security near ATM's. If people are easily finding out the information that is required to receive cash, then obviously the system isn't working. While I agree that the pin number isn't sufficient enough to protect against the theft of someone's account, I do feel like it is necessary to heighten protection and the computer systems that operate these ATM machines. By using more sufficient computer programs, I feel that companies can protect against these fraudulent ATM users.
ReplyDelete