This article was very informative ad VERY CONCERNING.

I am walking up the street and getting out all my money and placing it under my matress. At least I know I will be the only one with access to it; although my Pomeranian has been known to make a few items go missing... at least I will know where to look if the money disappears.

I think we should be grateful the news is emerging from research rather than after a serious compromise.

As credit card markets mature, the debit market is taking on more importance for all the card issuers and this story will not go unnoticed by the industry.

All right so some security company that should know better spills the beans on a security flaw they found and now thanks to them and this article even more people out there know there are ways to misuse the system. Excellent!

With friends like these, who needs enemies?

Can the same security company tell us how many people have actually had their bank accounts compromised by the method they discovered?

Like the 5-color coded national security alert I suggest you start using a 5-color security alert when you disclose such "interesting" facts.

Finally when someone writes and I quote:

A U.S. Secret Service memo obtained by MSNBC.com indicates that organized criminals are systematically attempting to subvert the ATM system and unscramble encrypted PIN codes.

unquote:

Don't you think we are awre people are always trying to break into something or the other? Why do cars have alarms and why do people use the club? Why do you think we see so many security shields in people's front yards?

Is this yet another example of the "fear" factor being used to scare people into possibly spending more of their hard earned money to be "safe"?

Just how safe is "safe"?

This whole thing reminds me of those idiotic computer virus alerts that come out ever so often!

Question: When you use your own bank's ATM and card, does that transaction use a 3rd party's HSN, or does it stay on your bank's own network?

can this be avoided by just using your own banks atms

I belive that if there is an attack on atm numbers it will come from inside the company of the atm machine, not from the bank.

It's time for "the people" to take a stand and insist that our banks truly protect our money. I'll bet if we asked them to insure our money 100% against this kind of theft and they bore the liability, not us, they would find a way to take this all seriously. As long as it's not THEIR money -- why should they worry?

Question: When using your bank's ATM and card, does that transaction use a 3rd party's HSN, or does it stay on your bank's own network?

people...your money in the bank is insured by the FDIC up to $100,000. Any money lost because of this would be refunded by this this federal organization.

Maybe I missed it, but are the PIN numbers safe if you use you OWN bank's ATM machine, thereby taking these "switches" out of the equation????

I think it would be foolish for any consumer to think that network security is 100%. Whenever you do a financial transaction over any network be it personal or corporate, you are taking risk.

You either have to acknowledge that and continue to use it or choose another way.

Amen to Imran Ahmed, USA. Those were my thoughts exactly as I read this article. This is great - just give people more ideas and more reasons to be paranoid. The media anymore is our own worst enemy!

WOW
That really makes you start thanking about how secure our moneys really are. I for one, have never trusted banks nor do I keep any money in the banks, but wiht the corporate world turning to Direct Deposite, I am concerned with the little time each month my money spends in their. Kinda scary!!!!!

Agree Imran. Scare tactics and hype... as usual. It gets old.

Gosh....thanks for reporting something that Terrorists and crooks alike can use to finance their operations - Our Money!

You must not have anything else to report. I agree with Imran's comments. Thank you for alerting everyone, including the criminals, of how to rip us off even further. There are flaws in everything man-made.

The company was irresponsible for letting this information come out to the public , now every hacker and want to be hacker will be trying to brake this codes .

However I do agree with the person above saying that this scare tactics are just one way to put people on their toes and force people and companies to spend their money on "safety".

Above all it almost looks like a black mailing gone wrong when the security firm asked for money for it the banks and when they refused they went public on it .

GG security firms.

This has happened to me, I recently went on holiday to Brazil. I have travelled all around the world and have used my ATM there and never had problems. About a three weeks after I returned from my trip, somebody started to withdraw large amounts of money from my high yield savings account at JP Morgan Chase. In total, I lost over $80,000. It has been over a month and Chase has only been able to tell me that they are investigating the situation. Thank you for this article.

makes me happy that i only write checks, use a visa card for purchases [no pins ever used] and cash. i am not comfortable at all to begin to use a debit/atm card. oh yes and i travel internationally and domestically on a regular basis. i do not trust banks to protect me or my money. guess that really dates me but still i have never had a problem from my methods both in the USA and even 3rd world countries.

This story is what you would expect from a news show during TV Sweeps Week. Although technically possible, this attack requires physical access to the ATM network, which makes it much less likely.

You are more likely to have your ATM card compromised by handing it to the waiter at a restaraunt. And even that is not likely.

A bit of 'scare-mongering' in this article, especially the headline. You have to get deep into the article to learn that physical access is required, and that it is not very likely.

Though not flawless, just following good practice of changing your PIN monthly will help, versus not changing it at all. A moving target is harder to exploit.

I think it would be foolish for any consumer to think that network security is 100%. Whenever you do a financial transaction over any network be it personal or corporate, you are taking risk.

You either have to acknowledge that and continue to use it or choose another way.

I agree we have become a society of alarmists, but I'm happy to a least be aware of the situation and be able to make the choice to use or not use the technology. I don't think many people understand how we all put our private information at risk in our everyday life...from not shredding our credit card statements to sending our credit card with the waitress to pay for our dinner...we all trust, but that puts us at risk.

I am happy that this has been brought to light, but one has to understand that information, even encrypted, is transmitted through channels that can be accessed by almost anyone.

Also, while encryption takes effort to break, it is possible, but with time and resources. So, while it is unlikely that this attack can be executed by any two-bit hoodlum, a major crime syndicate might be able to pull it off... like the proverbial monkeys with typewriters and infinite time writing Shakespeare.

Security is a constant moving and changing effort. Learn from otheres and continue the movement to constantly improve with technology and monitoring of criminal activities.

OK- so what is the recommendation for ATM users? Stop or minimize use of all ATM's? Stop using ATM's outside your home banks network? Hide all your money under the mattress?

I don't know if I'm more angry with the denial by American Financial Services to recognize a problem and step up to the plate with a correction, or the American public that defends such sloppy business practices. In the global economy, as American business fails to meet the expectations of consumers (and security is always of high concern) competition sensitive to those needs will prevail. Every day America loses out because of a failure to acknowledge the challenges before us and then to rise up and meet those challenges.

This is absolutely rediculous! I could have my PIN and account information stolen in one split second? I'm going to cancel my account right now.

people you're all giving into the hype. keep your money in the bank (the mattress isn't really that safe if someone robs your home). anyway, i don't scare easily and get caught up in every warning out there. like iman said, what about the virus emails we get at least 1-2 times per month... they turn out to be false. chances are this is false, too. it's true someone is always trying to steal something from someone. so, just go about your daily routines and don't lose sleep over this.

Hmmm..... This alert, so close to Christmas-time seems a little peculiar. Something tells me the corporate / financial big-wigs are preparing the masses for some sinister financial disaster that they let slip through the cracks.

The threat is real. Go and change your PIN number today - at your own bank. And don't use your ATM or debit card anywhere else other than at your bank. Don't make any debit tranaction in a store that requires you to enter your PIN number on a terminal.

Also don't keep a large amount of money in your bank account. Anybody who gets hold of your account information can easily drain your account. All they need is a check from your account. It can even be a used check. If they get the numbers off the bottom of your check they can drain your account.

Put all your extra money into a mutual fund like Fidelity, Vanguard, etc. These are not tied into the ATM networks so the criminals have a much harder time trying to steal your money from there. Banks are the number one target right now. They have all the money!

Most people do not have over a $100,000 in there accounts and personal credit cards are insured. Read the article and yes you can still sleep at night!

I feel as Imran feels. The article is writen with fear in mind.

Chad,
I take it you've never had a snafu with your finances? While your money may be insured, try telling that to all the companies and people you've written checks to or paid bills with, when your account comes up non-sufficient funds...the time it takes to clear up the problems is not instantaneous and you are often liable for all those NSF fees, late fees to companies and threats of cut-off or denial of credit. So not worrying about it because "it's insured" is a very naive way to approach this.

Why would a reputable company explain in detail how our money could be obtained by hackers from ATM? Just a simple question.

Hmmm, how many times do you give your credit card to a strange individual and let them keep it for a few minutes?

Seems to me that this is a minor issue, yes there is a potential for any system to be broken into. However if you think aobut my first sentence, we give our credit card once a week to a waiter, bartender, retailer or waitress and let them use it without our visual inspection and trust them. They don't even need any security clearance, just a SS to work at TGIF. Simple thing to do watch your bank accounts and take any normal precaution.

Well I for one thought that it is worthwhile to let us the consumers know about "known" flaws. I rather have all the facts and make a decision based on said facts . Of course the banks and credit companies would play down the issue (It is not in their interest to say it can happen). While it seems ulikely, it can still happen and also based on the ARX study . I don`t think they would even be able to tell you if you are a victim (Which is the scarry part). I rather get news that be a blind sheep up for the slaughter !!

I have to say that I too thought the system was sort of safe. It's good to know that there might be an issue, but there are always risks. As previously mentioned, now more criminals will know about the flaw too. If there is money or something of any value involved, there is always someone who is going to try and take it. That is the way things are now. Nothing is really safe, and you must act accordingly. It seems now adays all we do is just show even more bad guys how to rip us off by showing them how to.

your right terry btw whats your pin number so i can empty youe account before xmass. kate when u get broke into the crook will get your money easyer loooool. hackers are always looking for ways too break codes this is nothing new.

Reading is fundamental folks!

ARX went public only AFTER the banks were dragging their feet on making any upgrades / updates to address this issue.

Sticking one's head in the sand on this ISN'T going to make it go away, which was why ARX went public in the first place. Making a duplicate Debit Card is CHILD'S PLAY! The safety net has always been in the hardware encryption / decryption algorhythms employed and and that local access to the network is necessary to exploit anything. This paper reveals that one of those hurdles has been breached.

My lady works for an overseas bank, plus lives overseas and has made me aware of this for over a year. Her advise, change you card every six month and never use an ATm outside.

It's amazing how some individuals in this post believe that the security service that disclosed the vulnerable to the public are helping the criminals. The criminals already new about this flaw and others in the ATM world. Why do you think its so easy for them to setup fake ATM's at various sites to collect pin numbers. They know how the system works and know that they need an insider with access to the switch to get the information they require. The people that don't know are people in this country some of whom rather remain ignorant of facts.

Can everyone stop blaming the banks - we don't own the network.

The most important concept is not to panic. It's always good we keep the security up and do all we can to avoid such a disaster, but to panic and never use ATM cards is foolishness. As always just be careful in what transactions you do.

When will everyone learn. Corporation and "your" government are failing you on almost every account.
Duh! Now you can return to watching your reality programs and eating your fast food. Americans are turning into brainless lemmings brainwashed by the media and corporations. Wake up America or we're doomed.

When you use your own banks ATm all transactions a re routed thru their own network, hence no HSM.
A switched transaction such as a POS or using another institutions ATM exposes the customer to "switched" transactions.

I don't use Visa/MC branded debit cards to reduce the risk. Please know that this isn't restricted to US customers using their ATM abroad. One of my colleagues lives in Mexico and she only uses a particular ATM card when she visits the the US. She has had fraudulent charges on this card too!

I work at a bank and can say that the biggest threat to your ATM/Debit Card & PIN being stolen is NOT a faulty system, but the actual employees who work at the institution. Most financial institutions are well-equipped with the most up-to-date encryption devices to protect our personal information. However, unless it is someone who has compromised the actual ATM (called fishing or surfing), the only way your information can get stolen is if an employee makes your Private information available to others. Which, being among other things illegal, is a exception to the Gramm-Leach-Bliley Act (that little speel they give you about keeping your info private and not selling it to 3rd parties, unless they do, then they have to notify you) and financial institutions can be fined many hundreds of thousands of dollars if found liable.

Breaches in security I believe is true in almost any business - including government (shocker!). Disgruntalled employees steal information from computers, zip drives, etc. and sell the information to their friends or even criminals who are just trying to make a free buck. Your biggest fear is not the ATM, banks, or the government. It is actually the employee who works at the place of business who could possibly steal the informaiton or just not follow the companies privacy policy correctly and compromise our private information.

Also, it is true your account is insured up to $100,000 through the FDIC. It is also true you can be insured up to 1.4 million dollars per insitution, depending on the type of account you have. And finally, it does take some time for your financial institution to do research and understand how your account got compromised - god forbid - but they have to, by tFederal Regulation E, refund your account the total amount that was taken from you.

PS - I agree...it's all a big-brother conspiracy!

It's very interesting if you look closer at those people who claim this security hole is a "big" threat. Those people are the direct beneficiaries if a mass security update is ordered. For any security system to work, there must be some assumptions that certain people (in this case, ATM switch operators) have to be trusted. This so called security "hole" is under the assumption that those people can not be trusted. Apply the same logic, you better not put any money in any banks, don't use credit cards, don't go to doctors offices, etc. Because, now days, even a clerk in your doctor's office will be able to get your SSN, BoB, and your other personal information, and use it to get credit cards under your name and steal thousands of dollars.

To me, that is hell of easier than to hack into ATM network and steal PINs to gain access to some checking accounts which may only contain few hundred dollars.

Chad-- unfortunately you are incorrect about FDIC insurance. It does not cover this kind of thing at all. FDIC insurance is for BANK DEFAULT, as in the bank losing large sums in risky investment schemes (e.g., the S & L scandal in the 1980's) and then it cannot satisfy account holder claims on those funds.
(I used to work in the banking industry.)

One day I don't know when,most of us will realize that the majority of people in the world have a bit of larceny in them and for the right price they will sell their sole.Just look at what has been happening with these so called Under cover agents for the different governments of the world selling their countries secerts for peanuts.LOL

If I had money to steal I would be worried. Now I don't feel so bad about being broke!

This just happended to me recently during a vacation in Puerto Vallerta, Mexico. We were literally stuck in Mexico with zero money becasue our entire bank account was emptied. Several other tourist were standing at the ATM getting zero as a balance as well. We believe one the the employees at this resport was behind this.

Lots of hype, but many questions regarding the "network". ATM networks are quite complicated and just using one's own bank ATM does not prevent a transaction from traveling through several switches. In many cases the bank's ATMs are hosted and/or processed by a third party and may not even be connected to the bank or the banks computer system. Many banks operate what is called a "Positive Balance File" where a file is sent to the ATM processor and transaction are approved from the processor based on that file information. Before getting all parnoid I would suggest doing some research with your bank on how their system is configured. Security is always a moving target and most reputable institutions will have multiple layers of security to help protect their systems and their customers information.

Why do you feel the need to alert consumers about every possible minute flaw in the banking system? You’re accomplishing two things: 1. Educating those who want to steal our information and 2. Striking fear into consumers. Please take into consideration the repercussions of your actions before exposing other potentially harmful information.

Using your own banks ATMs does not solve the problem unless they drive their own machines and do thier own pin checking. Most banks farm out the process to switches like Star, Elan or Nyce.

This just happended to me recently during a vacation in Puerto Vallerta, Mexico. We were literally stuck in Mexico with zero money becasue our entire bank account was emptied. Several other tourist were standing at the ATM getting zero as a balance as well. We believe one the the employees at this resport was behind this.

Simply put, change bank accounts every few months and have several at different banks, equally distributed and maintained. I hesitate to use my debit card at stores, as anyone knows, any employee may be using his or her own device to capture this information while they are working their shift, and sell the info to brokers.

The answer is simple. Make banks responsible for the losses, not the consumer, not the FDIC. When their own money is on the line they will be quick to take security seriously.

Another long line of scare stories that have little probability of happening, with large consequences if it does, but ends up fatiguing us even more with the tons of electronic security flaws around us. It's like reporting that a person COULD get hit by a meteorite from outer space, and IF it did, it would be "devastating". As usual with stories like this, I don't know if I'm getting all the facts to start putting all my life back into a suspended state of analog existence or just mentally file it away as a upcoming holiday party conversation topic.

This news makes me very concerned about using my atm card or having one associated with my bank account. Does the insurance the federal goverment has on bank accounts up to $100K still cover people if more then 40%+ accounts get high jacked? A large scale hack could really change the global economy very quickly.

Wow! What a concept! Insiders can steal company information! [roll eyes]

Somebody always knows information of which he could make nefarious use. Big deal.

Well, I imagine that any issuer worth its salt would be using 3DES encryption such that without knowing any of the key parts or the master key on any transaction would required a vast amount of CPU resource to crack. However, who knows if the Mom and Pop networks of this world would adhere to 3DES standard. I would hope that any larger network that would allow these Mom and Pop networks to be a part of a larger network would enforce minimal standards and have some security measures in place to mitigate "insider" information being shared outside the network.

Hey everyone. $2 ATM fees. We're robbed every day.

oh I get it! This will be the excuse to put 666 on our heads to purchase things and if we dont accept the mark we will be put the death, the same reason for finding Sadam's massive chemical and biological weapons.

I do not use ATM machines but I love the convience of my debit card when making purchases. From now on I guess I will use the credit option rather than the debit.

It's very interesting if you look closer at those people who claim this security hole is a "big" threat. Those people are the direct beneficiaries if a mass security update is ordered. For any security system to work, there must be some assumptions that certain people (in this case, ATM switch operators) have to be trusted. This so called security "hole" is under the assumption that those people can not be trusted. Apply the same logic, you better not put any money in any banks, don't use credit cards, don't go to doctors offices, etc. Because, now days, even a clerk in your doctor's office will be able to get your SSN, BoB, and your other personal information, and use it to get credit cards under your name and steal thousands of dollars.

To me, that is hell of easier than to hack into ATM network and steal PINs to gain access to some checking accounts which may only contain few hundred dollars.

Hey everyone. $2 ATM fees. We're robbed every day.

I'm with Canjac, what's the next "disaster" are they planning for us now? What will we be the scapegoats for next?
I'll go further and say that whatever it is, it will be really stupid, and annoying and we will lose our money, (what little most of us have) and have no recourse. Isn't it all boiling down to that anyway?
The plot to murder our American Ideals and Spirit continues, slowly, cruelly, and not a darn thing can be done about it, that is, unless the american people get together en mass and protest.

H. Prynne

A payroll system which requires a pin system was just affected by this very thing, I was told someone from Russia, in Russia got a hold of the co's pins and account numbers and withdrew large amounts of money, of course we are federally insured, but this is happening.

Ohio Lady

While I agree with most who've said this article is another media attempt to induce panic, those who are saying "thanks for showing criminals how to get at our money!" need a reality check.

The person would need excessive amounts of knowledge of the systems, the protocols used, and access to a physical transfer box to even begin testing software to make this work. As a computer programmer, let me assure you: the amount of information contained in this article with regard to pulling this off is comparable to me stating that "you need plutonioum and some explosives and some casing to make a nuclear bomb." Do you now know how to make a nuke? No. Same thing.

The security firm 110% did the proper thing by alerting the media that these flaws exist. It is not in the banks' best interest to correct this problem. That money is federally insured, as pointed out. I'm sure at some point during all of this, some risk-management guy working for a big bank came to the conclusion that it would cost WAY more to correct this flaw in the system versus the likelyhood of it actually happening.

The paragraph that explains your purchased being "denied" happen to me on Tuesday, Nov. 28. The second time, the purchase went through. I have also noticed that banks are now becoming more concern when you question your account activity. This is a good article and should be advertised again in the future. I agree with Brian Dudonis. The financial institution loves cover-up.

going to Outback tonight for a steak paying cash

Let them hack it... I don't use an ATM or Debit card anyway as I found out the hard way that they are not backed by the banks when mistakes are made.

the sky is falling, the sky is falling....

The report about the possible vulnerability of ATM codes is interesting because it reveals the truth about a much larger problem, namely that the entire global computer network is at risk. Advanced societies have become so dependent upon computers that the world economy cannot no longer function without them. Have you ever gone into a store in the last decade and had a clerk say "Sorry, our computers are down"? When this happens, business stops abruptly and people are incapable of figuring out how to keep businesses functioning until the computers are back up and running. ATM machines are a small cog in the gigantic world computer system and the whole system is unsafe. We are all involved in this situation together and there is no easy solution to make computers more secure, but one day soon, a cyber terrorist group will manage to bring the system down. It is inevitable. Mark my words, this will happen and when it does, mass panic will ensue. It will make a "run on the banks" seem like a picnic.

There is one simple way to fix the problem - do not unscramble the PIN block in the intermediate switches! The switch should just pass on the message until it reaches its destination bank's computer. I can't believe the security experts haven't gone that route from the start. Why would you need to unscramble the PIN block before it reaches the destination and expose the system to vulnerabilities?

To the person that said change your pin number right away because this is real, please read the article again. If you change your pin the next time you use the new pin, it can still be compromised.

I am so tired of the bad people are behind every bush mentality (no pun intended). Yes the bad guys are out there. They are always out there. Yes you may get cleaned out at some point. And we stop it how? The process is 99.9% safe. Stop worrying and live your life, protect yourself the best you can and focus your enegy on doing something positive.

Prediction - Next fear article will be that the bad guys have polonium 210 and we are all going to die like the former Soviet KGB person. Watch what sushi places you eat at and what airlines you fly. Enough already!

Perhaps just as important, have you noticed that virtually every place you are asked to enter your PIN it is exposed (i.e., supermarkets have the key pad sitting on top of the counter with camaras pointing down at it and people all around you, at ATMs the keypad is typically in full view, etc). I have seen people's PIN many times simply because they are unaware--and that is the real problem. With any system there are risks and we should always take appropriate steps of our own to protect ourselves.

I only keep enough money in my checking account for current expenses since I use my debit card all the time, in stores and online. I transfer the rest into my savings account which is NOT linked to my checking account (overdraft protection). If someone gets into my checking account they can't take everything.

Here's some info on what FDIC insurance does and does not cover. Straight from the FDIC web site (link below).

1. What is the FDIC?
The FDIC - short for the Federal Deposit Insurance Corporation - is an independent agency of the United States government. The FDIC was created by Congress in 1933 to make the savings of millions of Americans secure. The FDIC protects depositors against the loss of their insured deposits if an FDIC-insured bank or savings association fails. FDIC insurance is backed by the full faith and credit of the United States government.
2. What is the Purpose of FDIC Deposit Insurance?
The FDIC protects depositors' funds in the unlikely event of the financial failure of their bank or savings institution. FDIC deposit insurance covers the balance of each depositor's account, dollar-for-dollar, up to the insurance limit, including principal and any accrued interest through the date of the insured bank's closing.

The FDIC does NOT insure against loss of funds due to robberies and other thefts. Stolen funds may be covered by what's called a bank's Hazard and Casualty insurance, which is a policy a bank purchases to protect itself from fire, flood, earthquake, robbery, and physical damage. In those rare instances where a bank employee may tamper with a customer's account, the bank's blanket bond insurance (also called fidelity bonds) may cover the loss and the funds would be returned to the customer. Consumer protection laws such as the Electronic Funds Transfer Act offer protections if a third party somehow gains access to a customer's account.

http://www.fdic.gov/deposit/deposits/deposit/faqs/index.html

As long as there are companies with wide open web portals to their intranet--where they store all their payroll records...who needs to bother with infiltrating a hard-wired network? Given the interest banks most banks are shelling out, the previous comment about just withdrawing your cash and stuffing it in your mattress wouldn't lose most of us anything worth noting except the wee bit of time required to pay bills via the USPS and money orders.

I completely agree with Imran and Canjac on this one. While it is a serious threat and not to be taken lightly, one has to realize that this has been an ongoing threat since the beginning of credit/ATM cards.

Another point of interest that Canjac made...with Christmas time so close, and consumers sales expected to be lower than normal, could this "information" have been rushed to the public by the corporations and bank/credit card companies jointly?

Obviously, corporations would benefit greatly from people taking money out now and spending, while the credit card companies could gain more money off of interest from spendings.

Yes, credit cards often require signatures, not PINs, but we all know that banks and credit card companies work together like day and night.

Last week, I had $600 fradulently taken out of my account - I am in possession of my debit card. That means someone made a copy of my card and got my PIN. This threat isn't only real, it's already happening.

C'mon y'all, the banks are not interested in protecting your desire to use an ATM card. They want you scared to use it at a store so that you'll use a credit card. They want you to spend a little bit more than you can aford and then pay back over time. That way they charge the store the highest interchange rate when you buy (oh, you didn't know that they charge the store 2% on each purchase and that the stores raise their prices accordingly? Well, wake-up!) and then charge interest and over limit fees and late fees to you.

1. FDIC refunds up to $100,000 if your bank goes out of business, not if someone steals your money from the bank.
2. If fake ATM card and PIN are used good luck in trying to convenience your bank you didn't take out the money or give your card and PIN to someone else( in the mean time all your ckecks bounce).
3. False charges on a credit card can be protested and the card company can't try to collect the same or charge interest for 60 days or untill they prove the charges were made by you or someone authorized by you.

My wife and I have known about this type of security breach in the "PIN # WORLD" for close to 2 years now.
When we found this out, we have stopped using ATMS and punching in debit pin numbers at all of the "in-convinent" stores we buy from. Instead, we use the credit option given to us on our Visa/debit Banking cards. Cash? We have it or Travlers Checks on hand; the bank is open, we'll get cash from the teller.Local? Write a check or use the credit instead of debit.

Bottom line:I am not a gambler. You punch in your "pin", it's a possible "no win".

How to be safe: Never use ATM's. And never use your PIN anywhere.

This is not hype. Organized financial crime is a very real threat. This article does not tell hackers anything they don't already know. It is well known that our PIN system is not secure, for a variety of reasons. What does it tell you that other countries are moving towards more advanced technologies, but the U.S. is not? Don't blow this information off because your bank will be the one to suffer the loss. Financial institutions will always pass the costs on to consumers.

One thing not addressed by anyone so far is the fact that industry-wide, banks and security firms USUALLY end up scrambling to fix problems like this as a REACTION to a breach that has already occurred. The criminals only have to get it right once, to the tune of a few billions, and then the bankers will get religion and figure out that pro-active security measures are worth the R & D money. Of course, the costs will either be passed on to the consumer as huge security fees, or the gov't (er, the taxpayers) will pick up the tab. Either way, money will leave your pocket. Call your congressmen now and demand bank security reform BEFORE the criminals get it right!

The breaching of individual security has become commonplace. People are getting paid to read your e-mail and find out other pertinent data, who in their right mind would determine that this ethical lack, namely infringing on another person's privacy, would end with simple intrusion.

Everything is secure until that laptop or thumb drive containing vulnurable information is missing. Just ask the VA or Census Bureau.
Stated many times before, "Locks are for honest people only".

news items of this nature should not cause debit card USERS to worry. they do a service by putting network administrators on notice not to let their vigilance lapse for even a nanosecond, lest their companies suffer embarrassment and financial loss.

I am not suprised by this at all since this is exactly what happened to me a few years ago. I used to have my payroll check direct deposited, until the incident. I usually would check the account by phone to make sure my check was deposited and the account balance. Well, here is where the story took an awful turn. I checked the account as usual, but the account balance was less than my check including what was already in the account prior to the deposit. This is all happening at approx. 6:30 am on a Thursday. I immediately called BOA's customer service and explained that my account is missing funds the were deposited at midnight prior. They in fact asked me where i was, i explained that i was at work, told them the address, and they proceeded to tell me that another withdrawal from my account was occurring as we speak, and gave me the location of the ATM. I was not aware of where ATM was, nor was I in that part of the city, which was verified by BOA, through the phone number trace at my job. They proceeded to freeze my account with my permission, and began to investigate. The funds were replaced within a few days, but the kicker was yet to come. Because BOA was unwilling to accept the fact that my information was somehow in an unauthorized person's possesion, they reversed themselves, causing the account to be overdrawn, with all types of fees attached. Needless to say i was livid, because now they were faulting me for the obvious hacking that was done. I have ultimately refused to pay the fees and the battle began and is still be waged against BOA. I think I am more angry at the denial of the bank that the incident occured than with the actual hackers.

You stand more of a chance of getting ripped of when you give your credit card to a waiter or waitress and they disappear with it to prepare your chare. If they want, they now have your card number, exp date and the security digits. Maye we should all stop eating out.

It never ceses to amaze me that in this day and age with Terrorism at almost every corner, we take issues such as this so lightly. Frankly, I do not care who owns the Network etc.... Do what you can to make sure that your end users are safe and secure. Placing blame on any one group is wrong unless that group could have done something to aleviate the (potential disaster.) Seems to me that at one time, we never though there would be an attack on the USA. Guess we were wrong. Keeping yourself secure is a fulltime business. Hopefully, we will wake up before it is too late and something else happens that "Could Never Happen Here."

I knew there was a reason not to get PIN numbers and ATM access for my cards. I also don't do banking over the net and still write checks to pay for things. If it sounds too good to be true...It usually is.

This is a scare tactic that "news" writers use to create articles so that they can be paid. Sure there are people out to steal your money, but its more likely to be the person at a restuarant who takes your card and records your numbers, then sells it or goes shopping. If one thinks that the financial industry isnt aware of what is going on and doing what is necessary to protect your money then you have proved your gullibility. The banks have everything to lose, not you if money disappears....

The problem is that this has been known for years now and no one takes action. Quoting Bruce Schneider, "Security through obscurity". If you don't know, its not a problem, so lets not deal with it. I commend this group for removing the wool from peoples eyes!

I work for a major commercial bank in NYC and we have a Zero Liability policyregarding our debit/ATM cards - you're not responsible for unauthorized transactions made at stores, ATMs, on the phone, or online when you notify us promptly.

This is almost like how we always have News Stories on the most vulnerable spot for terriost attacks. Hey why not do the research for the ones that wish to do us harm and make it public so It'll be that much more easier. Why exploit things like this? If they were a football coach, they'd be telling the other team exactly what play they're running and what is the best way to defeat them. This kind of journalism is more harm then good. its nice to be reminded once again after logical thinking that yes the computer systems aren't completely 100% and they never will be but It's counterproductive to go about saying all the details and how to do it.

Banking and financial services DEREGULATION is where all the good and bad orgiginated. The banking industry's 'brush-off' of the seriousness of possible hacking etc.. of eft and other functions of the internet is their fear they may by necessity (becuase the every-day bank account holder is the ultimate and losing victim) have to become regulated once again.

How about stiffening the penalties for hackers. Like the death penalty!! That would solve all our problems.

A.T.M. thefts can occur at just about any place.even in grocery stores and shopping malls.thieves drive pickup truck,vans,S.U.V.'s throgh the windows of theaters,grocery stores,gas filling stations,shopping malls,etc...! the best protection in these areas is to have cement barracades or walls built around the area,because,it would make it more difficult for tieves to get their pickup trucks,vans,S.U.V.'s and possibly even suburbans,as well!

Great job posting these findings, complete with illustrations! Every editor, website supervisor, or reporter covering this should do us all a favor a put themselves out of their misery because they are effing idiots.

Everything is secure until that laptop or thumb drive
containing vulnurable information is missing. Just ask the VA or Census Bureau.
Stated many time, "Locks are for honest people only."

Please, I can think of a dozen easier ways to steam money from an ATM transaction than this. #1 on my list is the technique demonstrated by Matthew Brodrick in the movie Wargames using a tape recorder.

No, I'm not joking about this.

This JUST happened to me! I found out someone had withdrew 300 and then 500 dollars from my bank account (according to WAMU), at a 7-11 atm that I had never been to! (my card never left my possesion) I went to the store and the cashier told me that it only dispenses 200 at a time. Believe me, this IS happening. And not to sound paranoid, but if the Russian mob is involved it would be make total sense considering I live and do alot of my shopping in "little Armenia" where there are substantial mob ties. For now on, I am only using WAMU atms!

People, It's an ATM ... not an ATM "machine", likewise it's a PIN ... not a PIN "number". Both are redundant. As for the story, big deal, doesn't your bank guarantee against theft via fraudulent transactions? If not, switch!!!

First of all, there was no information in the article that would give the average lay-person specific knowledge of how to hijack pin numbers; and people that are doing it or are attempting to do it don't need to find out how from this article - they already know how to go about it. For once, at least, the media did their job by alerting consumers to this attempt by financial institutions to cover-up. At least now we know to check our records every day, at least.
Second, just because your money is insured up to $100k DOESN'T mean that if some of your money is stolen that it will be replaced. It will be up to the consumer to PROVE that he/she didn't make the transaction, first of all. This issue is addressed in the article. Banks and insurance companies both DENY, DENY, DENY any responsibility. They want to use your money, and they'll use you, too.
Third, transferring money from one account to another still requires a pin, so...the problem remains if you're transferring funds at the ATM. Maybe even online. You'd probably be safe if you did it by phone, though.
Fourth, banks and credit card companies are often one and the same. I have a friend who works in the industry.
Fifth, if you have the same pin for your checking and your savings accounts, which most people do if they're at the same bank/credit union, the problem remains when you access your savings account using your pin....
Sixth, I think Peter from Texas has the best solution so far - why all these scrambling and unscramblings? Why not just pass the info, like he said, to your own financial institution and that at least would cut down on the number of opportunities that hijackers have to obtain our pins.
Bottom line - financial institutions won't do anything unless they're forced to do so. I recommend calling and emailing your U.S. Senators and House Representatives to insist via legislation that financial institutions address the problem. YOu can go to www.senate.gov to find your senators, and there's a link there for the U.S. House, as well.
Of course, we have a problem in that so many of our legislators today are corporatists - particularly our present administration. In other words, they pander to the large corporations - "the better to make a buck, my dear." Plus take their lobbyist contributions, so....you can figure out where that yellow brick road leads. On the other hand, getting politically involved is what all of us need to do if we want a say in how our country operates. But that's another story for another day.

OMG! The Check system is flawed too! Criminals could break into a bank and steal checks before they are sent out, then also intercept a cashed check, lift the signature off of it and apply it on to the blank checks!!!!!!!!

Seriously, the likely hood that that would happen is just as likley that something like this would happen. There is no such thing as absolute security. The people making this an issue are only people looking to score a paycheck from those paranoid enough to believe that this threat is real. Security firms and the media alike.

As a banker, I can tell you that we do take this sort of thing VERY seriously. We are constantly re-evaluating, re-designing or upgrading our security. And you must remember that banks are by far the most regulated industry there is. We are watched closely by state and federal examiners and therefore are required to meet or exceed security guidelines or face possibly severe penalties. The problem is, the crooks many times seem to be one step ahead. We can implement a new security procedure to prevent an event such as this, and within a very short period of time the criminals have found a way around it. Like the saying goes "if they would just use their intelligence for good." And to the poster who says he had $80,000 stolen via fraudulent ATM transactions and Chase has taken over a month and still has done nothing about it, ask them about Reg E, which is the regulation that governs this sort of electronic dispute. Reg E only gives the bank 5 business days to give the customer provisional credit for any disputed transaction. Now, that provisional credit can be taken away if, through their investigation, they find that the transaction(s) was not fraudulent, but no institution can take as long as you claim Chase has taken to deal with the dispute of an electronic item.

There are many risks and weak points with ATMs, credit cards, debit cards... today. There risk of physical theft of your information to it being stolen electronically from the inside or outside of your financial instituion (say you give your credit card to a waiter at a Restaurant and they make a copy of it)- multiple types of hacking/social engineering (phishing)- the report above is one of many issues reported over the last couple of years. You can also be confident that not all problems expereinced have been reported. Financial institions do not like having to report problems and losses - it shows weakness and causes a loss of confidence in their ability.

I have read postings from online security newsgroups from bank personal asking for help to configure their ATMs. The people installing and managing these systems, in some cases, have not had any or sufficent training on how to setup and manage them safely and securly.

I would advise de-linking all your accounts (savings, mortgage, Equity line credit card...) not absolutely needed on a daily basis but one - say a checking account - so if your account access info is stolen you are subject to minmum loss.

I have worked in banking for enough years to see what is happening. My advice for the present PIN situation: Keep a seporate account that is meant for your quick cash needs. If your PIN is compromised, the loss will at least be minimal. Even paycheck depositing accounts should have a sub-account, so that an employer can not reverse your pay deposit(I saw this with a customer that had resigned from a foreign employer. They deposited his last pay check and then withdrew it after he had returned to the U.S. It was much too expensive and time consuming for him to address the situation, so he forfeited the hefty sum.

At 'Y2K' with all of the hype - I watched my bank bring in mega-sized generaters 'just in case'. I worked for a banking institution that services the military community. A government official that worked on 'Y2K' prersonally, gave me some advice that I have never forgotten. He said, "Everyone is afraid of the switchover with the computer dates. The real problem will come, in twenty or thirty years when the computers can not go 'backwards'. His advice, was, keep a paper-trail." Simple, do not go with all of the technology. We act like we have no choices. We sure do! It just takes a bit more effort and planning. Be wise! It is a God-given gift, to be able to think for ourselves and not go along with the program - blindly.

Paper-trail, I actually had a personal experience with this also. My son, had had his leg broken by his baby-sitter when he was a toddler. He got a small settlement and it went into an estate for when he came of age. The original bank had been bought out twice in that 16 year process. I had kept all of the records and kept the new bank abreast of our correct address, etc. When my son turned 18, he wanted to access the funds so that he could purchase a new vehicle. We went into the bank with all of the appropriate and up-to-date identification, for my son as well as myself. The bank had absolutely no record of my son's guardianship account. We had to go home and bring in the paper-trail. It was amazing how his $20,000.00 disappeared in the hay stack of banking muttles. It opened my eyes and I (working in banking) have never liked the NEW technology. Paper-trail, paper-trail, paper-trail.

If you always go inside of your bank to get cash or better yet, cashier's checks, at least you can prove through the: 1) Signature on the withdrawal forms, 2) The banking camera photos, and 3) By your consistant habits, that other withdrawal means are not YOU. You take control and be willing to protect yourself. Good, healthy banking habits will become second nature once you set your pattern and follow your own standard. Our parents managed perfectly (some still do). Be brave - take control.

Banks put a product on the market for us to use. If use of that product fails and causes a compromise of someones finances they must be held accountable. They and their system is at fault period.

Amazing I was notified yesterday by my bank that my
ATM card information was obtained by unauthorized person or persons through a processor's transaction database.
Now this is the kicker of it all! Next line reads,
"For privacy reasons, Visa cannot disclose the name of the processor. Your Visa CheckCard number was among those compromised."
I want the information so I may protect myself and have the knowledge who I would like to do business with. The Theives are protected for privacy reasons.
Does that make sense to anyone?

Look, while automotive and IT jobs go overseas there's one thing American is still the best at manufacturing, and that is Fear. Whether its fear of ATMs, fear of cancer, fear of whatever ethnic group that is moving into your neighborhood, the message is always the same; "There's something scary out there, and we're here to tell you about it. Oh, and by the way, buy some useless junk from our sponsors so we'll have money to tell you about other things to fear."

If change, true change regarding identity theft and credit rules are to occur, then people need to rebel. Don't use the plastic anymore. Buy things locally if you have to. Take the money out of their hands until their is real reform.

But the chances of that happening are slim to none. My best advice, have a month or two worth of rainy day money in a savings account with no ATM or debit card tied to it.

Using your debit card at your bank's ATM does limit the number of "hops" the transaction takes before it's authorized.

Amazing I was notified yesterday by my bank that my
ATM card information was obtained by unauthorized person or persons through a processor's transaction database.
Now this is the kicker of it all! Next line reads,
"For privacy reasons, Visa cannot disclose the name of the processor. Your Visa CheckCard number was among those compromised."
I want the information so I may protect myself and have the knowledge who I would like to do business with. The Theives are protected for privacy reasons.
Does that make sense to anyone?

When a weakness like this is discovered, it must be assumed that organized crime already knows about the weakness. At least, with the vulnerability open, institutions will find it harder to say the customers are lying when their money goes missing.

Please don't panic.

The best defense is always a good offense, so do the following three things. One, monitor your bank account on-line a few times a week to be aware of any "suspicious" activity (which, if you see, contact your bank immediately!) Two, limit your debit transactions. Instead, use your credit cards (that don't need PINs) more and enjoy getting the points to use towards something. This will be your reward for being pro-active! If you don't have a credit card that gives you them, you might one to consider getting one. Three, establish a savings account at the same bank where you have your debit card/checking account. Keep the bulk of your money in a savings account, with a smaller amount in your checking account, and then you can just transfer funds when you need them from your savings account to your checking account.

While these three steps can't guarantee you won't fall victim to this fraud it should help significantly reduce the likelihood of you experiencing problems.

Hope this helps lessen your fears so you can enjoy life more! Despite our crazy world, God is still in control!

another reason for the chip, we are living in the last days. wake up!

This brings into question the direct deposit of Payroll checks into our Demand Deposit accounts, assuming that those accounts are accessible from ATM Machines (as are mine). I almost always use my ATM Card and Pin # at my local branch bank or at the Supermarket. Now, what do I do??

No system is immune from attack. Thieves have been around since the fall of man. Microsoft with its billions cannot fend of those thieves who try to steal its software or hack into a windows operating system. It is unfortunate that gangs, mobs and terrorist around the planet are getting educated to our complicated systems we use to store and transport information. With the billions banks, credit card institutions and financial services are making on the rest of us, you would think that they could combine their collective wealth and enterprising intellect to create a better system. I guess we haven't been hacked enough yet...

"All right so some security company that should know better spills the beans on a security flaw they found and now thanks to them and this article even more people out there know there are ways to misuse the system. Excellent!"

It's called "full disclosure" by those in the industry. And it is an excellent way to actually get companies to fix flaws.

We have heard that the bank industry knows about this problem. We have also heard that criminals do, and are working on it. Therefore, the system was already compromised. By disclosing the flaws in the system, the security company has guaranteed attention to be focused on fixing the issue -- mainly, because we have already heard that the industry wasn't worried before. Now, the backlash will get the interest.

Full disclosure is how problems get fixed quickly. http://en.wikipedia.org/wiki/Full_disclosure (for more)

With years of data being lost in transit from banks and the banks still have no encryption on the files and the files are readable - and ripe for the picking; why would this report, that companies involved are not worried, be news? Our data has not been protected. Canjac Canjar's message has a whole lot of truth in it.

Although this is highly unlikely, the Banks in the U.S. are asking for it by not complying with the new Smart Cards mandated by the major credit card processors (Visa and MC) and the rest of the world has complied.
I would be worried about the devices put on ATMS that read your card and the videos that can see what your pin is. They can be camuflaged very well!

Okay, right. Plenty of FUD here. I'm an engineer who manages a HSM for a MasterCard/Maestro Cirrus processor.

To those who say that this problem can be solved by not unscrambling/rescrambling the PIN block until it gets to the issuing bank:
Encryption requires a key. To encrypt the PIN block and pass it, untouched, all the way to the issuing bank, would require every ATM/EFTPoS machine in the world to know the public encryption key for every card issuer in the world. Then, they could encrypt the PIN block with the correct bank's key and send it all the way, untouched. Sadly, this isn't feasible. What actually happens is each ATM/EFTPoS machine knows the public key for their local switch. Each switch knows the key for the next switch in the route. So, when you receive a PIN block, it is encrypted under YOUR key. You unencrypt it, re-encrypt it with the key of the next switch, and pass it on. There isn't really any better way.

For those saying that we should use our credit cards instead, because they have no PIN:
Uh, this is dumb. That's like saying "Buy XYZ brand of door. It has no lock at all, so you don't need to worry about somebody stealing your house keys!" Credit cards have no PIN to worry about, so all somebody needs to do to steal your money is access the card data itself. They can copy this to another (authentic-looking) card, sign the back, and use it all they want. They didn't even need to look over your shoulder to get your PIN.

In response to the article:
This is a pretty esoteric attack. I design software for these HSMs, and I'd need to pore through the manuals for some time and do lots of experimenting to work out how to do this attack. Then, I'd need direct access to the HSM itself (or access to a machine on the same network segment). This is bloody hard; banks protect them well. That said, lots of little banks in remote areas aren't so up on security, and there's your weak link. However, if you use an ATM in Paris with your BOA card, your details ARE NOT going to go through a switch in a tiny bank in a back-water town in Cuba. We're talking high-security M/C backbone networks.

There are easier ways for me to steal your money. If I was less skilled, and didn't have easier ways to do it, I wouldn't even come close to being able to manage this attack. There is a risk, sure, but there are much bigger ones.

Is there a lagitimate reason that the pins need to be decrypted and re-encrypted 2-3 times in transaction? Why cant it be encrypted and passed along to the bank? What do the private parties in-between need to see your pin and acount # for?

I have never had an account. never will. I cash my checks and stash the moola. Don't trust the banks one bit.

People! people!!, people!!!......wait, "it is foolish for a man to swallow his own phlegm just because it is impolite to spit in public". Take all necessary precautions, we can't be 100% safe. "To be forewarned is to be forearmed". Be smart about everything going on around you. Don't be ignorant!

Why re the Israelis doing this research? Why no comment about the Israeli organized crime rings?

This happened to me as well, and it is very real. Two weeks ago, I checked my account balance on line at a major bank, and saw that someone had withdrwn the amount of $700 (the exact maximum allowed from my account) from an ATM machine. My card was in my possession at all times and is rarely used, and the money was withdrawn in a city I'd never even heard of before. The bank did immediately credit my account back, but NEVER provided an explanation as to how this could possibly happen. It freaked me out. I'm not using my ATM card again, and I check my account every day now, including weekends.

I think it's probably fair to assume that sophisticated financial criminal networks/groups are already aware this security opening. If that is the case then publicizing this flaw does no harm and does alert the public - which may cause at least some people to be more careful in how they handle their PIN ID's. That would have to be a good thing. As to what happens when one of your accounts is somehow compromised and money is taken from it by an unauthorized person, I can tell you from personal experience that you can get your money back...but from my experience you must be aggressively proactive with the bank employees you encounter. I'm not suggesting rudeness, but politely and firmly reject any suggestion that allows the matter to just lay there and allow inaction on the Institutions part. Do not leave that bank without getting your claim acknowledged in some written manner and signed by a Bank employee of Management level and if there are still funds in your account make sure those are protected in some manner. I had my checking account breached several years ago...whoever did it got ahold of my account number and printed bogus checks with a different name on it, then went on a weekend shopping spree. They probably had phony ID that matched the name on the bogus checks. The following Monday I happened to go into a branch for a transaction instead of using the ATM and after I made my deposit I noticed the balance was several thousand dollars too low. I asked the Teller..he looked at the recent postings and then showed it to me when I asked. It showed several checks cashed after the last one I actually wrote - with check numbers that were far different from the number sequence I had. I told the teller those checks weren't mine and he put me on the phone with a "Telephone Banking Agent" who gave me some of the most ridiculous advice I ever heard. "We'll look into it. Check back with us in a few days." Honest! I hung and demanded to see the Bank Mgr. She turned out to be a great help. I told her what the "Telephone Agent" said and she was obviously distressed and apologized - I did not pursue that end of it, it was not my major concern at that particular moment. So we discussed my situation and I showed her my check book and pointed out the check numbers present. I told her I wanted the account frozen with just enough to pay the outstanding checks that I knew I had written and then I wanted a temporary account established with the funds that remained. She agreed this was the best way to proceed and it was done. She recorded the check numbers I would authorize payment on and set up my new account. She explained it would take "a few days to possibly a week" to get my money back because it did require an investigation to verify that I did not write the checks or get the funds myself. When I left the bank I felt reasonably certain that I would in fact get my funds returned, and I did...It took about 5 business days. I don't know what would have happened if I had followed that "Telephone Banking Agents" advice.

I think we should be grateful that people publish such things. Why? 1. The real criminals already know about this stuff 2.if a wave of theft swept the world, such negative commenters would cry out "why did they keep this information a secret?!" Perhaps now with this publicity the credit card companies will address the problem and in turn protect us from being ripped off.

If you want to win a war with the US, you can't beat our military, but if you ruin our financial infrastructure via computers/internet, and plunge us into a depression, we will be forced to retreat

For the love of Pete, people....I work for a bank, MONITORING debit card transactions. If fraud occurs, you ARE covered up to $100,000. We even have cases of mortgage fraud, and the customer is taken care of. What's scarier - your PIN being skimmed or someone stealing your house out from under your nose? Of all the things to worry about, this is probably the LEAST of your problems. I'm waiting for the day someone reports that organized criminals are going to take over the steering console in your car.

Don't worry. Diebold (maker of voting machines and ATM's) promises to delivery your money to the GOP.

Stay calm folks - 2007 is around the corner. The financial industry and its indispensable cohort in the form of security devices, is now conditioning everyone for an increase in service fees, etc.
Additionally, I am certain you folks are aware that almost every non-banking function of financial institutions are sub-contracted. The security function of all ATMs is foremost of all. Keep your fingers crossed - the current security standards are able to stand on its own. What we should be concerned is the honesty, integrity, trustworthines of the management of these financial institutions. Thefts of client's accounts by banks are normally insider jobs - remember Franklin National Bank of New York, in the late 1970's. Putting your money in a bank is not any different from investing in corporate stocks/mutual funds. Caveat Emptor!

I guess, we will all dig a hole somewhere and hide our cash...

I like to keep my money in my socks.

Bully for the people that want to keep information hidden.

Information is a resource and it's only good when it's open. First rate hackers already knew about this. Second rate hackers won't be able to use it. The whole 'but you are alerting the bad people' is hogwash. They were already alerted by their own channels.

Getting the information out is much better. Customers like us will become aware, and perhaps some of us will change our practices or educate ourselves further. Bank employees and executives will become aware, and do what they can to alleviate the problem. Security experts will weigh in on the issue, and perhaps solutions will emerge that can be implemented in the short term. None of this is possible with closed information.

Open information is better for all of us. Closed information is only good for the ones having it, and that's rarely you.

Stay calm folks - 2007 is around the corner. The financial industry and its indispensable cohort in the form of security devices, is now conditioning everyone for an increase in service fees, etc.
Additionally, I am certain you folks are aware that almost every non-banking function of financial institutions are sub-contracted. The security function of all ATMs is foremost of all. Keep your fingers crossed - the current security standards are able to stand on its own. What we should be concerned is the honesty, integrity, trustworthines of the management of these financial institutions. Thefts of client's accounts by banks are normally insider jobs - remember Franklin National Bank of New York, in the late 1970's. Putting your money in a bank is not any different from investing in corporate stocks/mutual funds. Caveat Emptor!

There are a lot of very naive comments and most are coming from the people that make the most sense.

[quote]Hope this helps lessen your fears so you can enjoy life more! Despite our crazy world, God is still in control!
[/quote] Man now I am really scared and that is truly something to be frightened of.

Economic Armageddon can happen in more than one way and still leave the infrastructure standing.

Well Well Well. Instead of scaring people, make the system better protected and advanced etc!! I know it is possible but not if things are done about it.

Given the option from most retailers (for debit cards), to select debit (pin) or run as credit &
sign. I would feel safer to run as credit w/ my signature, or is this a sense of false security?
I would still feel better to sign, rather than pin.

They said the Titanic couldn't be sunk, too.

I didn't have time to read all the messages, but I'm pretty sure that Consumer Protection Regulations(Reg E) limit liability to $50.00 providing a person notifies the bank when they discover the erroneous entries.

You get the Reg E protection disclosure when you open your account.

You are more likely to be struck by lightning or win the Lotto so if this bothers you then you might as well stay indoors...

Gambling is far more likely to ruin us - online gaming and all gambling should be abolished until we have no debt and become responsible citizens...Stop blaming the banks...look in the mirror!

This artical is very interesting and to read the actual banking comments are even more amusing.
I do not work for any bank institution or any other finincial company at all, However, the company I do work for has a contract with a major finincial bank in the southeast, I am in one of the branches on almost a daily basis and have basically unlimited access to any part of the bank with one exception and one only and that is the actual vault. Any where else (including the computer/telephone room I can enter and exit unescorted and unquestioned. Now considering I am not a thief, let alone a hacker that is no concern, but what if one day someone was to approach me and say "hey for two million bucks how about you..." The banking industry need not over rate their security, Trust Me.