Having all your money drained from your bank account from using a Bodega ATM = DUD [NYC]

Message Bookmarked

Bookmark Removed

Not all messages are displayed: show all messages (104 of them)

which bodega?

― phil-two (phil-two), Thursday, 6 October 2005 16:19 (7 years ago) Permalink

static account numbers and transit routing numbers are BETTER for the banking industry because they make it easier to report and track fraud.

Snopes on the typical scam:
http://www.snopes.com/crime/warnings/atmcamera.asp

And bankrate.com on "skimmers:"
http://www.bankrate.com/brm/news/atm/20021004a.asp

ATM keypads can't be recorded "electronically" so covering with yr other hand is actually extremely effective at preventing fraud on yr money. Modern CCTV cams can pick up your PIN entry from behind mirrored glass on the other side of the street.

http://www.securityfocus.com/news/9161 = fun to read about VISA keypad sec

Be very glad you don't live in the UK or Italy, though. Scroll down through here:
http://www.cl.cam.ac.uk/users/rja14/wcf.html
CRAAAAAZY!

― TOMBOT, Thursday, 6 October 2005 16:34 (7 years ago) Permalink

TB, thought I remembered seeing a news program once about an ATM that had been modified/bugged to record the PINs as people typed them in, although of course it was probably some crappy broadast news and I was only half paying attention. You're saying this isn't possible?

― Laurel (Laurel), Thursday, 6 October 2005 16:38 (7 years ago) Permalink

from that link:

A teenage girl in Ashton under Lyme was convicted in 1985 of stealing £40 from her father. She pleaded guilty on the advice of her lawyers that she had no defence, and then disappeared; it later turned out that there had been never been a theft, but merely a clerical error by the bank

WHAT A DICKHEAD FATHER

― kyle (akmonday), Thursday, 6 October 2005 16:42 (7 years ago) Permalink

Actually criticizing banking security on the basis of "static account numbers" is kind of like criticizing casino security on the basis of "static dice" just FYI

xpost It's not impossible, but read the securityfocus article. If you want I can go find the Common Criteria Protection Profile that has the exact functional spec for the PED security requirements. Institutions be loving painfully detailed documentation.

― TOMBOT, Thursday, 6 October 2005 16:45 (7 years ago) Permalink

Tombot, I'm talking about making crypto cards with nonreplayable one time use signed transaction thingees. Can you give me a reason why this is a bad idea?

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:12 (7 years ago) Permalink

which bodega?

― phil-two (phil-two), Thursday, 6 October 2005 17:21 (7 years ago) Permalink

It makes me stupidly proud to know that British criminals lead their American counterparts in this endeavour.

― Alba (Alba), Thursday, 6 October 2005 17:29 (7 years ago) Permalink

I've got no expertise on the technical aspects of randomized account numbers, but I imagine if shifting away from static numbers increased banks' costs, such a change would be a long time in coming.

― rasheed wallace (rasheed wallace), Thursday, 6 October 2005 17:35 (7 years ago) Permalink

yea, and it would require a HUGE change in banking infrastructure.

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:37 (7 years ago) Permalink

http://en.wikipedia.org/wiki/Smart_card

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:39 (7 years ago) Permalink

One problem I could think of right away is, how would you present account numbers on checks? Any paper-based elements of banking would automatically become way more complicated, it seems.

Maybe instead of account numbers, randomized PINs that are transmitted to the consumer via some sort of SecurID-type system would be more viable?

― rasheed wallace (rasheed wallace), Thursday, 6 October 2005 17:41 (7 years ago) Permalink

Yea, that would be more reliable and easily implementable. RSA makes cards like that IIRC.

You could prevent check fraud with a preprinted digitally signed unique watermark on each check I suppose... Maybe an rfid tag that you use against a cryptocheckcard that returns back a number that you handwrite on a check to "sign" it (in addition to the usual MP)

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:46 (7 years ago) Permalink

UK banks have had chip/PIN debit cards for at least a couple of years now, where I guess the idea is that you can't clone the card -- you need the physical card (with a chip on it) and the PIN.

i thought this was going to be about superfluous $1.75 "fees" for cash withdrawal at bodegas draining your bank account; i know they do mine. i went to a bachelor party last weekend and the strip club wanted to charge us $15 to use their ATM.

― Tracer Hand (tracerhand), Thursday, 6 October 2005 17:48 (7 years ago) Permalink

this is it:

― Tracer Hand (tracerhand), Thursday, 6 October 2005 17:52 (7 years ago) Permalink

we did not continue.

― Tracer Hand (tracerhand), Thursday, 6 October 2005 18:01 (7 years ago) Permalink

I'm not surprised. That font and colour scheme – meh.

― Alba (Alba), Thursday, 6 October 2005 18:03 (7 years ago) Permalink

― n/a (Nick A.), Thursday, 6 October 2005 18:03 (7 years ago) Permalink

Someone needs to take that strip club to one side and give them a good, solid lecture on ethics.

― 400% Nice (nordicskilla), Thursday, 6 October 2005 18:07 (7 years ago) Permalink

happened to me last week

― anthony, Thursday, 6 October 2005 18:07 (7 years ago) Permalink

"i have narrowed it down to the washington mutual by nyu actually"

We slandered BODEGAS

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 18:12 (7 years ago) Permalink

i like reading anthony's post as non-crossed.

― Tracer Hand (tracerhand), Thursday, 6 October 2005 18:15 (7 years ago) Permalink

yeah!

― 400% Nice (nordicskilla), Thursday, 6 October 2005 18:19 (7 years ago) Permalink

"i have narrowed it down to the washington mutual by nyu actually"

the one on 6th avenue?

― hstencil (hstencil), Thursday, 6 October 2005 18:23 (7 years ago) Permalink

2nd ave, I believe.

(15:18:35) x: ok well, when i went last night, like the middle one was not quite working normally, and i put my card in it before i realised that
(15:18:42) x: i think someone fucked with that one
(15:18:47) x: probably today it's fine or something

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 18:24 (7 years ago) Permalink

smartcards were a wash with the credit card companies in the US when they tried to roll them out a few years ago. they're expensive and it turns out they really didn't know what to do with them. maybe they should figure it out now.

― kyle (akmonday), Thursday, 6 October 2005 18:25 (7 years ago) Permalink

nyu ain't by 2nd avenue. there's a wamu on 2nd ave. at st mark's. never had a problem there.

― hstencil (hstencil), Thursday, 6 October 2005 18:41 (7 years ago) Permalink

yea I think she means that one.

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 18:52 (7 years ago) Permalink

so it's not a bodega after all.

― hstencil (hstencil), Thursday, 6 October 2005 18:59 (7 years ago) Permalink

DON'T BLAME THE MESSENGER -- BLAME HSTENCIL

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 19:02 (7 years ago) Permalink

Having all your money drained from your bank account from using a Bodega ATM = DUMB [NYC]

lol

― lol, Thursday, 6 October 2005 19:04 (7 years ago) Permalink

The acursed lol@lol.com troll strikes again!

― Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 19:05 (7 years ago) Permalink

oh snap pwned!!!

― Allyzay knows a little German (allyzay), Thursday, 6 October 2005 19:05 (7 years ago) Permalink

hey lol@lol.com troll dude, it wasn't a bodega atm after all!

― hstencil (hstencil), Thursday, 6 October 2005 19:06 (7 years ago) Permalink

lol

― lol, Thursday, 6 October 2005 19:07 (7 years ago) Permalink

why didnt jon make this thread lol proof?

― lol, Thursday, 6 October 2005 19:42 (7 years ago) Permalink

The roffles would still get us

― Jonothong Williamsmang (ex machina), Friday, 7 October 2005 12:55 (7 years ago) Permalink

Of course in the UK now you are more covered than most places in the world as the law on fraud here places the onus on the bank to actively prove that you have defrauded them. Carelessness, or being caught by a scam is not your responsibility. So as long as you report it as a crime, and there are cameras showing you actually took the money out, you will always get the money back here.

― Pete (Pete), Friday, 7 October 2005 13:01 (7 years ago) Permalink

I've had simple magstripe cards fail on me way too often in the past five years, to the point where two or three months back I had at least 3 broken ones in my wallet (broken = wouldn't read). These are cards you're supposed to be able to keep for 3-5 years at a time and I've only had a couple that ever lasted me that long. The ICs in Smartcards are worse, by a long shot. My last building had smartcards for the laundry room - you put cash in a central depository machine that then coded that cash onto your card. I lost $15 plus the cost of the replacement card (like another $10 or so!) within 6 months of living there.

The other problem is the the ICs in smartcards are super crap at key generation. You basically have to code the whole mess into the card when you issue it and if anything happens to compromise the key pair then you have to take the card out of service and replace it.

That there would be why the only places you see trying to implement enterprise smartcard infrastructure are huge government agencies. Somebody's got to keep those companies in business. Something you have, something you know: the model isn't any different from traditional 2-factor authentication anyway (except for my laundry situation = 1-factor "e-cash" bullshit!) and the whole "biometric smart card" idea turns to snake oil in implementation.

― TOMBOT, Friday, 7 October 2005 13:11 (7 years ago) Permalink

this story:
http://money.guardian.co.uk/scamsandfraud/story/0,13802,1339318,00.html
is about the add-on reader / camera approach and was in the paper 2 days after i'd used the atm next to the one that was rigged up.

― koogs (koogs), Friday, 7 October 2005 13:17 (7 years ago) Permalink

Tombot, I can't tell you how many times I've seen people in the airport with their SecurID tokens TAPED to the lid of their laptops!

― Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:21 (7 years ago) Permalink

Oh OK and Microsoft and Sun use smartcards for authentication now.
Seriously though I doubt we'll ever see banks fully invest in smartcard infrastructure for ATMs. Fraud prevention typically has the highest ROI for the banking business, so they'd do it if they thought it would make a sense.

― TOMBOT, Friday, 7 October 2005 13:29 (7 years ago) Permalink

is your wallet made out of a magnet, tombot?

― RJG (RJG), Friday, 7 October 2005 13:32 (7 years ago) Permalink

Having done consulting for banks, I can tell you that everyone who works for a bank is an asshole. They also give you really opened ended specs for stuff and then insist on idiotic cycles of piecemeal revisions.

― Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:33 (7 years ago) Permalink

Most ATM fraud and skimming* comes internally from the bank's own ATM departments. Nothing a smart card can do about that. There's little reason for banks to invest in smart card systems here because there is so little actual examples of failure of the card in this manner as described on this thread. All debit/credit card fraud comes internally from the company or from outright identity theft or people physically stealing the card. I mean that's the bottom line. Jon your idea is fantastic and great and smart, but no bank in America is going to shell out that kind of money to prevent .005% of fraud.

* Meaning of the mystery dollar disappearance variety, not the "fucker stole my credit card" variety.

― Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:33 (7 years ago) Permalink

is your wallet made out of a magnet, tombot?

No, it just resembles George's wallet on Seinfeld, so everything in it breaks or falls out unnoticed!

― Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:34 (7 years ago) Permalink

Ally, do you have a reference for that? It seems to me that most ATM fraud would come from stolen card + pins!

― Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:35 (7 years ago) Permalink

Oh, my reading comprehension sucks, but I'd still like a reference!

― Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:35 (7 years ago) Permalink

Errr I have no idea how to go about getting an online reference for that, I'm closely acquainted with C1t1's security/fraud VP. (I'm also related to the person who bilked D1me in NY/NJ/CT out of a huge amount of money during their stint as the VP of ATM operations).

Stolen card is #1 obv, I mean there's barely any such thing as a pure ATM card anymore so you don't even need people's PIN# to steal shit out of their account. Incl money, just go to a grocery, buy a carton of smokes and ask for $100 back.

― Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:56 (7 years ago) Permalink

OMG WTF I JUST REALIZED THAT MY ONE AUNT IS THE VP OF SAVING TEH ATM $$$ AND MY OTHER AUNT IS THE VP OF STEALING TEH ATM $$$ OMG WHY DO THEY NOT NINJA FITE THAT WOULD BE SO COOL?????????????????/

― Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:57 (7 years ago) Permalink

Most/All grocery stores only let you get cashback if you use it as an atm card (with pin) to pay instead of a credit card. My understanding was this was to encourage this as credit cards cost more for a biz to process.

― Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:57 (7 years ago) Permalink

I've gotten cash back at bodegas using my credit card!!! Maybe they're doing something illegal there, shocker.

― Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:59 (7 years ago) Permalink

whoa, ally, you'd think c!t! would fire your aunt just for guilt by, like, relative association.

― hstencil (hstencil), Friday, 7 October 2005 13:59 (7 years ago) Permalink

banks don't care (much) about preventing atm fraud because it's such small potatoes compared to other types of losses resulting from forged documents or bad loans.

btw, (at least here) a lot of generic atms that will charge you that extra fee that your home bank wouldn't, are actually anonymously owned by the bigger banks - so they're kind of double charging their own customers all sneaky like.

― Kim (Kim), Friday, 7 October 2005 14:26 (7 years ago) Permalink

results are in for chip and PIN - http://www.theregister.co.uk/2005/10/10/chip_and_pin/

― Tracer Hand (tracerhand), Monday, 10 October 2005 19:51 (7 years ago) Permalink

So as long as you report it as a crime, and there are cameras showing you actually took the money out, you will always get the money back here.

I had my bank account fleeced of my entire ~~weekend drinking money~~ life savings (about £200) when I was down in London a few years back. It was proved by science (OK, those wee cameras inside the ATMS) that it wasn't me using the machine after the last transaction I told them I'd made and I still had to pay a £50 excess. Bastarding Clyd3sd4le B4nk.

― ailsa (ailsa), Monday, 10 October 2005 20:13 (7 years ago) Permalink

They make such lovely notes, though.

― Tracer Hand (tracerhand), Monday, 10 October 2005 20:14 (7 years ago) Permalink

I don't care, they fucking nicked fifty of mine for no fault of my own (other than being pissed and careless on Camden Parkway on a Saturday night, which is not a crime in itself).

― ailsa (ailsa), Monday, 10 October 2005 20:21 (7 years ago) Permalink

I don't think most UK banks have that excess deduction, so maybe it's time to switch accounts. I once tried to take £50 out of a Barclays machine at Heathrow airport and no money came out, but it still took the money from my account, and I got all of it back a few weeks later after complaining to the bank.

― Colonel Poo (Colonel Poo), Tuesday, 11 October 2005 08:23 (7 years ago) Permalink

Why, thanks for the advice, but surprisingly enough I switched banks about a week later, then bombarded them with tons of letters of complaint which did absolutely diddly squat for getting my money back, but made me feel better anyway.

― ailsa (ailsa), Tuesday, 11 October 2005 15:50 (7 years ago) Permalink

3 years pass...

sigh

2008-12-10 - ABM Withdrawal $160.00
2008-12-10 - ABM Deposit - $1,000.00
2008-12-10 - ABM Withdrawal $200.00

shitty thing is last few purchases made by me were all christmas gifts for kids! way to kick a girl when she's having a nice week, jerks..

― skeletal lexing (Finefinemusic), Thursday, 11 December 2008 03:46 (4 years ago) Permalink

though right now I am +$640 which is nice, I wish they'd let me keep it for emotional suffering

― skeletal lexing (Finefinemusic), Thursday, 11 December 2008 03:47 (4 years ago) Permalink

ooh, the fakey deposit, that's tricky. sucks :(

― ian, Thursday, 11 December 2008 08:20 (4 years ago) Permalink

3 years pass...

Got a weird look from someone when I pulled on the ATM card slot on a gas pump to see if there was a skimmer in there. Explained what I was doing and got an even weirder look.

Have you seen how optimized these things are? http://krebsonsecurity.com/2012/04/skimtacular-all-in-one-atm-skimmer/

― Vini Reilly Invasion (Elvis Telecom), Wednesday, 9 May 2012 01:35 (1 year ago) Permalink

Friend of mine got done just the other day. Her whole account cleaned out completely. The worst part of it is, the bank will sort you out but they dont do so right away, it can take days or weeks. Too bad if you have rent due!

― Pureed Moods (Trayce), Wednesday, 9 May 2012 02:21 (1 year ago) Permalink

I pull on those ATM slots all the time now since my card was skimmed a few years ago. I'm glad i did because twice so far I've had the skimmers pop right off in my hand.

― heated debate over derpy hooves (jon /via/ chi 2.0), Wednesday, 9 May 2012 02:39 (1 year ago) Permalink

no shit

― goole, Wednesday, 9 May 2012 02:46 (1 year ago) Permalink

what the fuck, more things to worry about

― sleeve, Wednesday, 9 May 2012 03:08 (1 year ago) Permalink

Never occurred to me to pull on the slot, but I do cover my hand and stuff. I also try my best nevr to use EFTPOS in taxis, as there's very little oversight going on with those guys in our city right now, and portable ATMs are even more fuck-withable than bank ones are.

― Pureed Moods (Trayce), Wednesday, 9 May 2012 03:19 (1 year ago) Permalink

Jon: what'd you do when you found the skiummer? take it into the branch? I'd be shittin' myself that they thought I'd been messing with the machine!

― Pureed Moods (Trayce), Wednesday, 9 May 2012 03:20 (1 year ago) Permalink

6 months pass...

just got off the phone with My Bank, cuz this may have happened at a My Bank ATM.

(I almost always use My Bank ATMs on principle, fuck fees, but apparently I need to work with tellers from now on.)

― saltwater incursion (Dr Morbius), Monday, 12 November 2012 23:37 (6 months ago) Permalink

so many delightful new experiences this year

― saltwater incursion (Dr Morbius), Monday, 12 November 2012 23:42 (6 months ago) Permalink

Shit. how much?

― the little prince of inane false binary hype (Alfred, Lord Sotosyn), Monday, 12 November 2012 23:43 (6 months ago) Permalink

thats kinna personal

not quite a third of what I recently inherited? (A month ago there wouldn't have been anything worth hacking)

― saltwater incursion (Dr Morbius), Monday, 12 November 2012 23:46 (6 months ago) Permalink

Well, no, I wasn't looking for figures, just trying to understand how much it would hurt.

― the little prince of inane false binary hype (Alfred, Lord Sotosyn), Monday, 12 November 2012 23:48 (6 months ago) Permalink

I assume I'm getting credited for it, or I'm going Full Falling Down.

― saltwater incursion (Dr Morbius), Tuesday, 13 November 2012 00:06 (6 months ago) Permalink

You must be logged in to post. Please either login here, or if you are not registered, you may register here.