ATM scam (fwd)

Bruce Taylor Bruce.Taylor at hedb.uib.no
Fri, 11 Jun 1999 11:15:26 +0200 

Another report of this method can be found in Risks Digest 20.31
<http://catless.ncl.ac.uk/Risks/20.31.html>

Bruce

>--------- Forwarded message ----------
>Date: Mon, 7 Jun 1999 23:08:55 +0100 (GMT)
>From: Quentin Campbell <Q.G.Campbell@newcastle.ac.uk>
>Reply-To: ukcrypto@maillist.ox.ac.uk
>To: ukcrypto@maillist.ox.ac.uk
>Subject: ATM scam 
>
>An aquaintance of ours recently lost 600 pounds through unauthorised
>withdrawls from ATMs. It transpires that 200 pounds was withdrawn each day
>from her account over the Bank Holiday weekend. She had previously used
>her card in an ATM at a local supermarket just before the Bank Holiday. 
>
>I understand that there has been a spate of similar thefts of card info
>recently by tampering with the ATM in such a way that card details and PIN
>can be recorded remotely. Does anyone have any further information on the
>technique(s) used?  Are ATMs in bank lobbies less vulnerable? 
>
>Is this another example of a poorly implemented security system (ref. 
>Brian Gladman and others) or is this classed as a different type of
>failure? 
>
>The other interesting feature of this incident is that the bank appears to
>be up-front about what has been going on. There has been no attempt to
>hide the fact that other customers have been stung in a similar way
>recently and it has even given some details on how the scam operates. It
>was the garbled version that I got that has prompted this posting. 
>
>The bank appears to be responding rapidly to restore the accounts affected
>(and presumably their customers' confidence in the bank). 
>
>The bank involved was Lloyds-TSB. Are UK banks' ATMs all of very similar
>technology and security features or are some more vulnerable than others
>to the sort of tampering that appears to have gone on here? Just curious
>since we also are with Lloyds-TSB.  :-(
>
>Quentin
>




Bruce Taylor                    Bruce.Taylor@hedb.uib.no
HF fakultetets EDB-seksjon      Computing Section, Faculty of the Arts
Universitetet i Bergen 
N-5007 Bergen  NORWAY