Sister CISA CISSP

Nov 23 2009   5:39PM GMT

Buy Your OWN Automatic Theft Machine



Posted by: Arian Eigen Heald
Tags:
Automatic Theft Machines
Data Breaches
Eigen's Rules of Thumb
Hardware & InfoSec
Identity theft
Stupid Technology

Is it really a surprise that ATMs can be bought on eBay or Craigslist? Given the amount of ATMs that pop-up at convenience stores, movie rentals, grocery stores and gas stations, it stands to reason that those machines have been bought, or rented, by the store owners. Who have, I’m sure, not gone through a check for their criminal history. And certainly want to find someone to buy their machines when, for some reason, they will not be using them anymore.

About a year ago, I wrote a post on how store ATMs actually keep a record of names, account numbers and amounts.

Turns out an enterprising security guy bought a machine on Craigslist from somebody going out of business, who didn’t bother to clear the last 1,000 transactions from the machine. Ooopsie.

He got a very nice (now on YouTube) video from one of the local news stations, which I highly recommend watching; you can see how skimmers and cameras are getting smaller and smaller.

Rule of Thumb? Don’t use any ATM that isn’t attached to a bank – and not very often, at that. Leave your debit card at home. You can lose too much money from your account and then have to fight with the bank to get it back. Use your credit cards and let the credit card companies and the bank duke it out.

(What’s wrong with cash?)

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: