ATMs: convenient, but a security risk

It's hard to remember life without ATMs. In Hong Kong, we can transfer funds, pay our utility bills and even settle tax demand-notes using an ATM. And they even dispense cash.

We're so used to these handy machines that we may not always view them as security risks. But we should. As security gurus like Bruce Schneier point out, we make security decisions all the time--some conscious, some subconscious.

It's time to put your ATM security strategy into your conscious personal security perimeter, if it's not there already. You may know that ATMs can be fitted with "skimmers": snap-on devices that include card readers and pinhole cameras. The crooks want to steal your account number and watch you type in your PIN, then clone your card for nefarious purposes.

According to a recent story in the South China Morning Post, illegal skimming equipment is believed to have been installed on at least 10 Hong Kong ATMs since September. From October to December 2012, 18 people reported losing money--14 in December alone.

Mainland authorities have been contacted because illegal withdrawals using fake cards and the stolen data were made across the border, according to the SCMP.

ATM cards are being replaced with ones bearing an embedded microchip for greater security by Hong Kong banks, and this process should be completed in 2015. But as ever, your awareness and alertness are the best weapons against thieves using technology.

ATM-skimmers are uncommon, but should you suspect an ATM has been tampered with, please report it to the HKP on their Commercial and Technology Crime Hotline hotline: 2860 5012.

Secure locations for ATMs

ATMs located on public streets are accessible to anyone at any time, making them prime targets for a skimmer. One security-measure worth checking: streetside ATMs attached to a bank sometimes have a security camera (look for the half-dome on the underside).

Another factor: the bad guys like to keep visual contact with the ATM they've illegally modified. An ATM inside a bank-lobby, or shopping mall, or other facility that is locked during non-business hours, is a better choice than a streetside ATM.

Be aware of your ATM's surroundings. You're making a transaction involving valuable personal data and cash. Now is not the time to check Facebook on your mobile phone.

ATM security-practices

Skimmers use pinhole-cameras which can record your PIN (Personal Identification Number) when you type it on the keypad.

Hong Kong ATMs have useful shields around the keypad, but this is important: always cover your typing hand when entering your PIN. You can use your free hand, purse, or wallet to cover the keypad.

Follow the instructions on the ATM: cover your typing hand when you enter your PIN. Every time. This simple practice just might save you from a substantial loss of funds.

Be alert when you use an ATM. Don't let anyone distract you--complete your transaction, be sure you've tucked away your card (and cash) safely, and leave.

More information on ATM-skimmers is available from the website of Charles Krebs: a US-based security researcher who documents these criminal devices. Krebs compiles his ATM-skimmer stories here:

Basic security practices are important when you use any ATM. Refuse to be a victim. Remain alert, cover the keypad when entering your PIN, and urge others to do the same.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityfinanceindustry verticals

More about FacebookTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stefan Hammond

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place