Robert Siciliano Identity Theft Expert
Apparently I raised a hackle or two. Seems my little stunt got the attention of industry insiders, and not all of them believe that I bought a used ATM on Craigslist, which turned out to contain thousands of credit card numbers. Well, it did actually happen, and despite what many say, that the ATM couldn’t have contained 16-digit credit and debit card numbers on it, it did.
The most intense resistance to my experiment came from one Boston cop who watched me plant this thing in Downtown Crossing. He crossed his arms, glared at me, and when I walked away from the ATM, asked what I was doing. When I told him, he yelled for the women who were already using my ATM to stop, then took down my information while screaming at me. He later told me that his main concern was the possibility that the ATM might have contained a bomb!
According to ATMmarketplace.com, the ATM industry is braced for a backlash in the face of security concerns. There should be a backlash. We definitely need some regulation as to who can or can’t buy an ATM. And according to Mike Lee, the chief executive of the ATM Industry Association, “while ATMIA does not condone the auctioning of ATMs, online or otherwise, the association has little control over how they are sold.”
Personally, I think that the association needs to start establishing some control, and throwing your hands up in the air is lame. Both eBay and Craigslist have prohibited certain items. Why can’t I buy an old credit card off eBay, but I can buy an ATM with thousands of credit and debit card numbers on it? I can’t buy a “traffic signal control device” off eBay either. Because someone recognized in the wrong hands, the device can wreak havoc.
James Phillips, director of North American sales for ATMGurus, a Triton company, says that “an ATM that has old software or one that retains card numbers does not provide enough information for the owner to compromise consumer accounts,” but that my experiment still “has the potential to be so damaging to the industry’s reputation.” First of all, a 16-digit number is enough to turn data into cash. Even without a PIN, the 16-digit number can be used to buy goods online, or encoded on a blank card to buy goods in a store. This is why Visa and MasterCard require new software to block out the numbers. Second, Jim, you’re right, this is damaging. So please, fix it, and don’t allow lame excuses. And my machine is a Triton 9100. She’s a beauty by the way. Works nice off a 12-volt car battery, too.
Wendy Amaral, an account manager at Nationwide Money Services, says that while it’s possible that some companies could provide processing without collecting the required background information about the ATM owner, Visa, MasterCard, and other financial institutions are firm about the rules, and that audits are unlikely but possible. I think “possible audits” sounds like another cop out. For those of us who use ATMs, the idea that we are protected by “possible audits” is a slap in the face.
George McQuain, chief executive of ATM ISO Global Axcess Corp., which provides ATM processing, says he’s skeptical that I was able to set up my ATM for processing without a background check or even any questions. I haven’t revealed the processors who agreed to set up my ATM because they seemed to be small shops, and I don’t intend to destroy their livelihoods in my attempt to point out the inadequacy of the industry’s regulations. But the first processor set me up over the phone, and all I had to do was fill out a PDF and fax it back. The second showed up to my house in a pickup truck to service the ATM in my garage.
McQuain also says that it is rare for an ATM to have such outdated software that it would allow the owner to print so much customer information. But it was easy for me to find one. And even when they are replaced with newer models, where do they go? Where does the data go? I’ll tell you. On Craigslist, and then to the criminals.
There have been tons of reports on my story:
- Fox Boston video
- Extra TV video
- Boston Globe article
- The Register article
- SC Magazine article
- NBC Boston video
- Dvorak Uncensored
- The Consumerist
- Digital Journal
- Tom’s Guide
You can protect yourself from these types of scams by paying attention to your statements. Refute unauthorized transactions within 60 days. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Cover your pin!! And invest in Intelius Identity Theft Protection and Prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. “Disclosures”
Robert Siciliano Identity Theft Speaker rolling an ATM around on Fox
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Security Threat Concerns ATM Industry
Today, there are over 2.2 million ATMs worldwide, and by 2015 there will be around 3 million. ATM skimming accounts for as much as 30% of all data theft. That’s about $350,000 in fraud every day in the United States alone, or more than a billion dollars a year. The ATM Industry Association is now attempting
- I Bought an ATM off Craigslist for $750 w/1000 CC#s on it. Yup.
Robert Siciliano Identity Theft Expert After the Vegas DEFCON ATM debacle where hackers hacked hackers by setting up a fake ATM in front of the facilities security office, I needed to see how stupid easy it was to buy and ATM and just set it up anywhere. So my search began. I started looking on e-bay and found
- ATM Skimming rising, again
Do you know what ATM stands for? For crooks, it stands for A Thief’s Moneymaker. A new report from FICO says that “skimming” crimes have made their biggest spike in the past 20 years. This includes ATMs on bank premises, but of course, public ATM kiosks have seen the biggest spike. The thief tampers with the ATM’s
- 3 Nabbed in Massachusetts ATM Skimming Ring
Robert Siciliano Identity Theft Expert Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills
- Secret Service: ATM Card Skimming Five Times Higher This Year
Identity Theft Expert Robert Siciliano ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight. Skimming devices have been found recently at ATMs at a Bank of America in Daytona Beach and one weekend last month people came and went from the automated
One Response to “Craigslist ATM I bought Causes Industry Stir”
I never trusted those ATM machines and you shouldn’t either. They charge too much in fees than the bank ones anyway. This should be regulated, what an easy way for scammers to steal credit card information!!!
Leave a Comment
You must be logged in to post a comment.