Joan Moore and her husband, Jim, don't use cash very often. Soit's probably an understatement to say they were surprised by theirDecember statement from Bank of New York Mellon.
"I say to my husband, 'What are all these weird withdrawals?' " Moore recalls.
"Weird," as in $400 here, $580 there -- 23 in all, over aweeklong period. All told, a thief looted about $11,000 from theiraccount, cutting a swath across Montgomery County from Royersfordto Limerick, Wayne and King of Prussia, Pa.
The Moores, retirees who live in Worcester Township, sufferedmore hassle than harm. Joan Moore opened her bank statement ON theday it arrived and reported the unauthorized withdrawalsimmediately to her bank -- steps that can be crucial to limitingyour liability if your ATM or debit card is lost or stolen, or evenif your account is looted by other means.
Other means were plainly at issue here. Neither Joan nor JimMoore lost possession of a bank card. Instead, they were apparentlyvictims of a high-tech crime known as "skimming," in which thieves use sophisticated devices to steal the data encoded in a payment card's magnetic strip as it is read by a machine.
In one form or another, skimming has existed for nearly as longas credit cards have come with magnetic strips, says Robert Novy, aspokesman for the U.S. Secret Service, which investigates payment-system fraud.
ATM card skimming is more complicated, because the cards requirea secret personal identification number, or PIN, to gain access to your funds. But the tools to simultaneously steal both a card's data and its owner's secret code are increasingly available -- sometimes even sold via contacts made in Internet chat rooms.
For her part, Moore raises reasonable questions about the risksshe encountered, apparently just by making an ordinary withdrawal outside a suburban bank branch.
"It's their security issue, not mine," she says. "If they can't make these machines secure, why should we use them?"
Is there much you can do to avoid skimmers? Perhaps not. Still, alittle knowledge about the crime can't hurt.
Moore uses a credit card for most purchases, so she was fairly confident she knew where the skimming took place. She zeroed in on her last actual withdrawal: Dec. 4 at a Citizens Bank in Audubon, three days before the looting began.
Moore's suspicions were confirmed by a Citizens Bank spokeswoman,who acknowledged that a security breach occurred at the bank but wouldn't confirm whether a skimming device was found.
"There were a handful of customers affected, and they'd all been contacted and had their funds returned," says Citizens Bank spokeswoman Sylvia Bronner. "For security reasons, we just don't want to talk about specifics."
Skimming experts say the theory of the crime is simple. The keys are designing devices that fit over the face of a cash machine without raising suspicions, and that capture both the magnetic strip data and the customer's PIN in a way that can be stored or transmitted for criminal use.
What's simple in theory is challenging in practice. Since crude skimmers at automated teller machines were first reported more than a decade ago in places such as Brazil, they have become increasingly sophisticated, according to experts such as Brian Krebs, an investigative journalist who runs the website KrebsOnSecurity.com and has communicated online with people who claim to sell skimming devices.
"The price goes up as the complexity increases," Krebs says. Someskimmers store data until an installer returns, but "with the state-of-the-art stuff, you get the stolen data by text message."
Some skimmers include overlay membranes that capture PINs as you punch them. Others rely on pinhole cameras that record your finger strokes. Either way, time stamps link the PIN to the magnetic strip data.
So how can consumers limit their exposure? Look closely for signsof tampering when using an ATM -- and watch your balance.
Комментариев нет:
Отправить комментарий