Sorry!! The article you are trying to read is not available now.
Thank you very much;
you're only a step away from
downloading your reports.

Naked Citi


High-tech scam lifts customer PINs.

Hackers have scammed at least $2 million by cracking into Citibank (C) brand ATMs at 7-Eleven stores nationwide and stealing users' PIN numbers. Federal prosecutors in New York have filed charges against Yuriy Rakushchynets, Ivan Biltse and Angelina Kitaeva, and the investigation is still ongoing.

The thieves apparently lifted the PINs by going after the ATMs' operating system which, wouldn't you know it, is based on Microsoft (MSFT) Windows. The system allows ATMs to be monitored remotely and repaired via the Internet.

Low-level thieves typically swipe the numeric passwords bank customers use to tap into their accounts with "skimmers": Devices attached to ATMs that record keystrokes and account numbers. Crooked store clerks sometimes give your card an extra swipe on a "skimmer" as you wait at the cash register.

Egghead thieves may have gained "administrative access" to the ATM machines through a network flaw or by cracking system passwords. The crooks also could have installed rogue software on the main computer to capture unencrypted PINs as they moved through the system. Whatever the method, the high-tech scam reveals a huge hole in the bank's security system and underscores the need for better authentication and fraud detection measures.

PIN numbers are cloaked, or encrypted, to protect them from thieves - but this assumes the bad guys are on the outside looking in. So far, there's no indication other major banks have been hit, but you can be sure Wells Fargo (WFC), JP Morgan Chase (JPM), Wachovia (WB) and others are checking their networks.

Investigators say it's unclear how many Citibank customers were hit by the scam, which appears to have begun in October 2007 and run through March of this year. The bank has about 5,700 ATMs inside 7-Eleven stores nationwide, but doesn't own or operate any of them. Cardtronics (CATM) of Houston owns the ATMs and splits operations with Fiserv (FISV) of Brookfield, Wisconsin.

Many customers discovered the scam only after their bank accounts had been raided. This scam is light-years ahead of typical "phishing" schemes, which send phony emails seeking personal information under the pretext of correcting a nonexistent accounting problem.

For the record, here are some tips on how to avoid identity theft.
< Previous
  • 1
Next >
No positions in stocks mentioned.
The information on this website solely reflects the analysis of or opinion about the performance of securities and financial markets by the writers whose articles appear on the site. The views expressed by the writers are not necessarily the views of Minyanville Media, Inc. or members of its management. Nothing contained on the website is intended to constitute a recommendation or advice addressed to an individual investor or category of investors to purchase, sell or hold any security, or to take any action with respect to the prospective movement of the securities markets or to solicit the purchase or sale of any security. Any investment decisions must be made by the reader either individually or in consultation with his or her investment professional. Minyanville writers and staff may trade or hold positions in securities that are discussed in articles appearing on the website. Writers of articles are required to disclose whether they have a position in any stock or fund discussed in an article, but are not permitted to disclose the size or direction of the position. Nothing on this website is intended to solicit business of any kind for a writer's business or fund. Minyanville management and staff as well as contributing writers will not respond to emails or other communications requesting investment advice.

Copyright 2011 Minyanville Media, Inc. All Rights Reserved.
Featured Videos