08 July 2008

ATM Breaches More Likely at Stores Than Banks



By Jessica Dickler, CNNMoney.com staff writer

When hackers infiltrated Citibank ATMs at 7-Eleven stores, they revived the fear of everyone looking to get out a few bucks for a Slurpee - is using this machine safe?
Experts say the answer is that an ATM's safety depends on where it is. If it's at a bank, an ATM is somewhat safer than it is in a public place, such as a ballpark, a train station or a convenience store.

"You should never use ATM machines at convenience stores if you can help it because those are much more susceptible to tampering," added Avivah Litan, a security analyst with the Gartner research firm.

While consumers can't do much when hackers break into back-end computers that approve cash withdrawals in order to steal PIN codes - such as happened during last year's Citi ATM breach - the odds are slim that it will happen to you.

"It is possible to install malicious software on a banking server to capture an encrypted pin as it passes through, but it is extremely rare," according to Margot Mohsberg, a spokeswoman for the American Bankers Association.

There are other methods of getting scammed at the ATM, however, that are both popular and preventable.

Most often, thieves use a method called skimming, which means they insert a device into the card slot on an ATM that steals your data right off your card's magnetic strip.

When it comes to skimming, non-bank ATMs are far more susceptible, putting you at greater risk. There's less of a chance of skimming at your bank's local branch, because the bank is videotaping and maintaining that ATM, than at the ones in a convenience store that are maintained by a third party, said Ellen Cannon, managing editor at bankrate.com.

"There are thefts constantly," said Cannon.

To further decrease your odds of getting victimized, Cannon also suggests changing your PIN number regularly and using different PINs for different accounts.

Also, when shopping, opt for credit over debit. Chances are your credit card has 100% fraud liability, whereas your debit card may not.

"Basically, avoid using your PIN as much as possible," Litan recommends. Despite industry standards that call for protecting PINs with strong encryption, that doesn't always happen, so to stay on the safe side, keep transactions that require you to enter your PIN to a minimum.

And when it comes to online activity, never use your PIN under any circumstances. "There's no online use of PINs," Litan said, and any prompt to do so is just a scam.

Ultimately, the best thing you can do is check your account frequently and report any suspicious activity immediately.

Beyond that, there's really not much else consumers can do, according to Thomas Fox, community outreach director of Cambridge Credit Corp., a nonprofit credit counseling agency based in Agawam, Mass. "It falls to the bank to employ new ways to deter hackers."

But if you are a victim of theft, keep in mind that while it is a hassle, it is not necessarily a hardship.

"The bottom line is that consumers are not responsible for any fraudulent activity on their account," Mohsberg said.

No comments: