Security Problems in A.T.M.
Notice this news in New York Times, “Citibank A.T.M. Breach Reveals PIN Security Problems“. Three hackers broke into Citibank’s network of ATMs inside 7-11 stores in California and stole customers’ PIN codes. This news reveals the serious security hole in banking.
Hackers are targeting the ATM system’s infrastructure, which is increasingly built on Microsoft Corp.’s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption — which means encoding them to cloak them to outsiders — some ATM operators apparently aren’t properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.
The responsibility doesn’t lie on Citibank, because the bank doesn’t own or operate these Citibank-branded ATMs inside 7-11 stores (nearly 5,700 in US), but on the companies which own and operate them.
The reasons why this news caught my attention are (1) Windows OS 🙄 and (2) the lack of security in the middle companies. The consumers’ PINs were stolen from machines that showed no signs of fraud. Even consumers’ cautiousness can’t prevent that happened.
This reminds me of the leak of customers’ information in some big online book shops here. These frauds used that information and tried to cheat the customers to transfer more money into a stolen account. To avoid this happening, the online stores ask the customers not to use “easy” passwords, not to open suspicious emails and not to enter password in public PC. These are good advices, but they should also think about whether the information was leaked out from their web sites or during the transit to the delivery companies.