Customers of Lake Michigan Credit Union (LMCU) based in Grand Rapids, Michigan are watching their bank balances like hawks after more than 100 clients saw their balances zeroed out by ATM thieves targeting just one ATM location.
The credit union members hit by crooks first learned of the account hacks when legitimate withdrawals or purchases were declined due to insufficient funds or daily limits. Some clients reportedly had $2,000 or more in cash debited from their accounts without their knowledge.
How does ATM Crime Work?
There are numerous ways to attack an ATM, but in this instance, hackers needed both the account number and the PIN for each cardholder’s debit or ATM card to withdraw cash. Account numbers can be stolen using card number skimmers, thin devices placed inside the ATM card slot. Machines located outdoors or in non-bank locations are often prime targets because of their secluded positioning.
The US Secret Service, which investigates numerous money crimes, has recently detected more intense ATM attacks called jackpotting. Thieves install malware and electronic devices inside ATMs, which let them withdraw cash at will until the machine is empty. This methodology is not new—a 2016 attack in Taiwan netted over $2 million—but investigators and manufacturers now anticipate a new wave of jackpotting in the US.
LMCU’s case is not as sophisticated as jackpotting, but all ATM hits share some common traits. In both instances, something is placed inside the ATM that doesn’t belong there. If it’s a skimmer, every time a genuine card is inserted, the magnetic strip is read and that data is captured. Since PINs are required for LMCU’s (and most) automated teller transactions, hackers in Michigan may have placed wireless cameras in strategic locations to photograph those four numbers as they were entered. Duplicate cards could then be made to drain the legitimate owner’s cash.
Could You Be at Risk?
Many banking customers may now be asking a couple of essential questions following this news:
- Is the stolen money lost for good in these situations?
- Can I take action to prevent this kind of fraud?
The 1978 Electronic Funds Transfer Act (EFTA) regulates debit card transactions and other electronic movement of funds. It is intended to protect you when you transfer funds through electronic methods including ATMs. Thoroughly read the disclosures provided by your financial institution to understand your liabilities.
Lend a Hand, Thwart Hackers
Both customers and financial institutions can help prevent theft. Any method that hides a PIN pad from prying eyes will bump up security. If hackers can’t grab a valid PIN, they’ll often be thwarted when trying to pull off an ATM hack. Some banks now encourage users to shield the pin pad with one hand as they enter a PIN. Other institutions have rolled out number pads with shields designed to spoil successful spying.
LMCU offers a webpage full of additional advice on how to use ATMs securely. Under Help Categories, click on ATM and then Tips For Using ATM.