Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Eigen's Rules of Thumb, Hardware & InfoSec, Identity theft, Stupid Technology
Is it really a surprise that ATMs can be bought on eBay or Craigslist? Given the amount of ATMs that pop-up at convenience stores, movie rentals, grocery stores and gas stations, it stands to reason that those machines have been bought, or rented, by the store owners. Who have, I’m sure, not gone through a check for their criminal history. And certainly want to find someone to buy their machines when, for some reason, they will not be using them anymore.
About a year ago, I wrote a post on how store ATMs actually keep a record of names, account numbers and amounts.
Turns out an enterprising security guy bought a machine on Craigslist from somebody going out of business, who didn’t bother to clear the last 1,000 transactions from the machine. Ooopsie.
He got a very nice (now on YouTube) video from one of the local news stations, which I highly recommend watching; you can see how skimmers and cameras are getting smaller and smaller.
Rule of Thumb? Don’t use any ATM that isn’t attached to a bank – and not very often, at that. Leave your debit card at home. You can lose too much money from your account and then have to fight with the bank to get it back. Use your credit cards and let the credit card companies and the bank duke it out.
(What’s wrong with cash?)