Independent ATMs pose more risk than you think
If you’ve ever wondered about those ATMs you see in bars and neighborhood stores that aren’t affiliated with a bank, what Robert Siciliano demonstrated probably won’t inspire much confidence. Siciliano, a Boston-based security expert for Intelius, an identity theft protection company, decided earlier this fall to buy one of those ATMs.
“I quickly found an ad from a bar north of Boston. They were selling pool tables, Budweiser neon signs, and an ATM,’’ he said.
Siciliano then used an associate, a hacker, to see what they could find in the machine. “The next day after we bought it, my hacker comes over to my garage, manual in hand, all giggly, like hackers sometimes do and says, ‘Watch this.’ He punches the master codes to access the machine’s data . . . and hundreds of credit and debit card numbers just start falling all over the floor.’’
There were more than 1,000 numbers recorded in the machine that Siciliano and his colleague printed out. ATMs like that are resold all the time, Siciliano said. They are particularly easy to find in big cities and can be found from time to time in the Boston area.
“The issue with these types is the portability of them and anyone can get one and put it anywhere,’’ he said. They are easily hacked and the innards can be reconfigured to store your card data and PIN. A criminal can also affix skimming devices that capture your data from the card’s magnetic strip and they install wireless cameras that record your PIN codes.’’
Siciliano said people also need to be wary of so-called rogue ATMs that are set up to do little else but steal your personal information. For most people there is little to distinguish one of those machines from a well-meaning nonbank machine. And even legit nonbank machines, Siciliano points out, don’t have security cameras built into them like those at banks.
Before you use a nonbank ATM, be sure you want to take that chance.