Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Crime Security The Almighty Buck United States Technology

Why ATM Bombs May Be Coming Soon To the United States 378

HughPickens.com writes Nick Summers has an interesting article at Bloomberg about the epidemic of 90 ATM bombings that has hit Britain since 2013. ATM machines are vulnerable because the strongbox inside an ATM has two essential holes: a small slot in front that spits out bills to customers and a big door in back through which employees load reams of cash in large cassettes. "Criminals have learned to see this simple enclosure as a physics problem," writes Summers. "Gas is pumped in, and when it's detonated, the weakest part—the large hinged door—is forced open. After an ATM blast, thieves force their way into the bank itself, where the now gaping rear of the cash machine is either exposed in the lobby or inside a trivially secured room. Set off with skill, the shock wave leaves the money neatly stacked, sometimes with a whiff of the distinctive acetylene odor of garlic." The rise in gas attacks has created a market opportunity for the companies that construct ATM components. Several manufacturers now make various anti-gas-attack modules: Some absorb shock waves, some detect gas and render it harmless, and some emit sound, fog, or dye to discourage thieves in the act.

As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM. Encryption chip requirements are coming to the U.S. later this year, though. And given the gas raid's many advantages, it may be only a matter of time until the back of an American ATM comes rocketing off.
This discussion has been archived. No new comments can be posted.

Why ATM Bombs May Be Coming Soon To the United States

Comments Filter:
  • Positive pressure? (Score:5, Insightful)

    by __aaltlg1547 ( 2541114 ) on Thursday January 29, 2015 @09:12AM (#48930817)

    How about you don't seal the back of the ATM but instead put vents on it and a blower continuously pushing fresh air in? If they thieves try to pump it full of explosive gas, it would blow back out.

    • by bickerdyke ( 670000 ) on Thursday January 29, 2015 @09:20AM (#48930851)

      Several manufacturers now make various anti-gas-attack modules: Some absorb shock waves, some detect gas and render it harmless,

      Well, somehow I don't think those manufacturers haven't tried your idea yet. It's not about preventing this kind of attack would be particularly difficult - it just hasn't been neccessary so far.

    • Where I live, in the summer it gets to 115Â. Pumping in air will need a bigger A/C unit. Not worth it.

      • Who said anything about AC? The money doesn't care how warm it is, unless you're talking multiple hundreds of degrees. All you need is a sparkless ventilation fan.

        • The electronics do, and the compartment doesn't isolate them. No, it does not.

          • If the electronics can't handle ambient outdoor temperatures, then I would suggest investing in better electronics.

            • by gweihir ( 88907 )

              Oh yeah, "if <thing you have no clue about> cannot handle <other thing you do not understand>", just demand that "they" fix it. Real mature.

              • by nobuddy ( 952985 )

                Many, if not most, electronics can handle ambient temperatures far above what humans can endure. This is not your overclocked PC we are talking about.

    • Not a bad idea actually. Using precision cutting, you could make numerous thin slits. Enough to vent the pressure while simultaneously keeping the box secure.

      Another option maybe to create separate long ported vent chambers.

      • Preventing the gas from filling the volume seems to be easier than trying to make the box explosion-proof. Just install a one-way valve into the money slot which will let the bills out but vent the gas outside. Alternatively, make a two-hatch, airlock-like slot. The probable reason something similar isn't done yet is that banks look for some dirt cheap solution; it may actually be cheaper to lose money while this kind of attack is infrequent.
    • by fuzzyfuzzyfungus ( 1223518 ) on Thursday January 29, 2015 @10:04AM (#48931055) Journal
      Depending on how motivated the thieves are, it may be more cost effective to have some shock-sensitive dye capsules embedded. Since they'd only be breached in the event of an attack(or really serious damage to the ATM from other sources) they could last the life of the machine and be entirely passive. If you were feeling particularly motivated, it would cost only a modest amount extra to get an ink with a unique tagging agent, per ATM, so that marked bills could be traced directly back to a specific attack.

      If a lot of ATMs are being blown up, or attackers are unconcerned by dyed bills(maybe because of literal laundering, maybe there are people who don't care?), then active defensive measures are more likely to save enough hardware to be worth the cost. If not, a passive capsule or capsules fragile enough to break during an explosion are simple, low-maintenance, and a fair deterrent.
      • Can polymer bills be dyed?
        • You'd probably need to use a different formulation than for cotton or cellulose based bills; but I suspect so.

          Based on a look at paints sold for use on plastics and vinyl(like this one [paintdocs.com]), the strategy appears to be to use a suitably nasty solvent as a carrier for the pigment and have the solvent infiltrate the polymer's structure, carrying the pigment with it. In a case where you need not worry about damaging the polymer(unlike commercial plastic paints, where the solvent can't be so aggressive that it me
        • Re: (Score:3, Informative)

          by StikyPad ( 445176 )

          No. They's why they're all blank.

    • by Kohath ( 38547 )

      How about just a fan?

    • by BitZtream ( 692029 ) on Thursday January 29, 2015 @11:43AM (#48931633)

      That would be negative pressure, since you're sucking air out.

      Also, related to the summary (not your comment):

      The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM.

      The theory is flat out wrong. If you still the ATM card, you have the encryption chip. So adding a chip to the card doesn't change this.

      The encryption chip prevents CLONING the card, and has absolutely no effect what so ever on stealing the card. In fact, with the encryption chip, you must steal it to use it rather than whats done currently which is just cloning the card without the owner knowing.

      Way to totally misunderstand the problem guys.

      • by houghi ( 78078 ) on Thursday January 29, 2015 @12:10PM (#48931867)

        The chip requires a PIN to be entered. If you don';t do that correctly within three times, the card is rendered useless.
        And this does not have to be three consecutive times.

        So even if you have the card, you are unable to do any purchases with it. And obviously you need to do them before the card is noticed to be stolen.

        In Belgium the Card Stop number is on every ATM. You call them and the card is blocked. Any Belgian card. Loose your walled with 10 cards? One number to call. The number is even on every new sim-card in Belgium.

      • by gweihir ( 88907 ) on Thursday January 29, 2015 @03:58PM (#48933899)

        You really have no clue how these attacks work. If you steal/clone a primitive obsolete card as used in the US, you can clone it cheaply and just try the pin on any number of not-online ATMs until you have it. (Many rural ATMs are not online over the weekend.) Then you clone a few more and go on an ATM tour, and this time they can be online. That does not work at all with chip-based cards.

    • by gweihir ( 88907 )

      Doe not work. What the thieves need is about 3% gas concentration (above and below it does not explode) and that can still be done. At the same time, positive pressure has to come from somewhere and has a number of real problems.

  • by ColdWetDog ( 752185 ) on Thursday January 29, 2015 @09:12AM (#48930823) Homepage

    Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM.

    "Can I make a suggestion that doesn't involve violence, or is this the wrong crowd for that?"

    • by bogaboga ( 793279 ) on Thursday January 29, 2015 @09:26AM (#48930887)

      Not requiring an "encryption chip" itself shouldn't be something we're proud of. It should be a fact that drives the point home that the USA is almost always a little behind other countries though you'd be hard pressed to find an ordinary American who believes we're indeed a little behind.

      Riding the NY subway system just last week drove the point home when I witnessed rail cars those in South Africa may think are from the 50s, and wouldn't associate with a "first world" country.

      • by halivar ( 535827 ) <bfelgerNO@SPAMgmail.com> on Thursday January 29, 2015 @09:50AM (#48930997)

        It's the cost of being first adopters. It's easier to build modern infrastructure when you have no infrastructure to begin with. We've got legacy systems for everything: finance, IT, cable, phone, nuclear, etc., etc. The next people in line implement the next generation using lessons learned from the implementations before them.

        • by beelsebob ( 529313 ) on Thursday January 29, 2015 @10:11AM (#48931077)

          No, no it's not. Europe too had legacy finance systems. We overhauled them - making us first adopters. The difference is not that you were first adopters (you weren't), it's that we actually spent some money to improve things.

        • by Neil Boekend ( 1854906 ) on Thursday January 29, 2015 @10:14AM (#48931099)

          Here in the Netherlands a complete system for magstripe debit and credit card reading was in place. It worked for years.
          However, with the upswing in magstripe data thefts the banks have switched to chip. Next step is to disable magstripe payments by default unless the customer requests it.

          • by hattig ( 47930 ) on Thursday January 29, 2015 @10:31AM (#48931195) Journal

            It's the same in the UK, except chip and pin is the default and has been for around eight? ten? years already. I don't know if the magstripe is really used anymore either.

            It's quaint seeing a foreigner (American) try to pay for goods with a card, and have to go through special procedures for the signature style payment.

          • by T.E.D. ( 34228 )

            I can somewhat vouch for this. I went to Holland on a spur of the moment business trip last summer. While pretty much everyone there takes credit cards, they all have to be chipped. Of course with 1 day notice for the trip, I didn't have time to acquire such a card. My only salvation was that some of the currency-exchanging bank ATMs (particularly in the train stations) would take my magstripe Visa bank debit card.

            As an aside, I was also pretty startled by the amount of English knowledge there. I think I

        • by fuzzyfuzzyfungus ( 1223518 ) on Thursday January 29, 2015 @10:23AM (#48931145) Journal
          We also have a (general, not universal) willingness to let the market squabble it out for an extended period of time, rather than give a good hard shove in the direction of some implementation. This tendency may be abetted by the fact that early adoption creates incumbents who have a vested interest in stalling as long as possible to milk their legacy investments and first-mover advantage, as in our wonderful market for ISPs.

          With the payment card industry, you have a lot of people(all clambering to grab as much of the cut for themselves as they can, and shove as much of the risk onto others as they can) with competing agendas and a desire to have their pet proprietary system gain a foothold so they can extract tolls with it(eg. the incidents where some retailers with functioning NFC POS systems were deliberately disabling them because Apple Pay was a competitor to their 'CurrenC' system, and the ongoing spat between Google and the carrier-backed payment scheme formerly known as ISIS before that became a toxic brand). Nobody actually believes that "USA IS #1!!! Mag stripes RULE!"; but between everyone wanting to control the customer data and processing fees and banks, merchants, and payment processors fighting over risk allocation, it's a bit of a clusterfuck.

          Compare to say, the DoD's CAC rollout: CACs still aren't what you'd call a joy to configure(especially on OSX, or in Citrix environments, or other oddball use cases); but the DoD decided that it wanted everyone using smartcards for cryptographic authentication, said that that was how it was going to be, and it was so (relatively) quickly and smoothly.

          Opinions vary on how often we dodge a bullet, or get the benefit of something new and innovative, thanks to there being no mandate in place vs. how often we suffer pointless bullshit for an agonizingly long period of time(eg. the less-than-totally-compatible US cellular market); but the fact that we tend not to mandate an end to such fights all that often, or all that quickly, is simply a fact. Even when we do mandate something, it's often a de-facto 'national' mandate created because California, or another large state, demands something and it's cheaper to sell California-spec everywhere than it is to have two SKUs.
        • by quenda ( 644621 ) on Thursday January 29, 2015 @10:40AM (#48931279)

          Never mind the antiquated banking system, lack of metric or the crippling health-care system - explain why pennies are still in circulation in the US!
          There is a fundamental conservatism in the US that makes it exceptionally difficult to change anything at the national level.
          It is something of a paradox, since at the local level, Americans are so adaptable and innovative.

      • by OzPeter ( 195038 ) on Thursday January 29, 2015 @09:57AM (#48931033)

        Not requiring an "encryption chip" itself shouldn't be something we're proud of

        The funny thing is that last year I my latest Amex card came with a chip, and so far the only place that I have actually used it is at Walmart of all places.

        And when I did use it, the attendant came running over and tried to convince me that I needed to swipe the card rather than poke into the chip-reading hole - even though when I first swiped it, the POS terminal recognized that I had a chipped card and told me that I needed to poke the card into the chip-reading hole.

        • by xaxa ( 988988 )

          The funny thing is that last year I my latest Amex card came with a chip, and so far the only place that I have actually used it is at Walmart of all places.

          It was similar in the UK, until the law changed to allow Visa and MasterCard to push the liability for non-chip fraud onto merchants. In the months leading up to that, everyone updated their card readers.

          The law changes in the USA in October.

      • by bws111 ( 1216812 ) on Thursday January 29, 2015 @10:12AM (#48931079)

        Uh, yeah. Of the 6400 cars in the NYC subway, more than 4300 were built in the last 15 years. Only 1400 are more than 30 years old, only 300 more than 40 years old, and none more than 50 years old.

      • by MightyYar ( 622222 ) on Thursday January 29, 2015 @10:17AM (#48931113)

        Since the losses due to card fraud are almost entirely borne by the banks, I have to assume it is more cost effective to take the losses than to chip all of the cards.

        I'm not sure what you mean regarding the NYC subway - those trains aren't very old. There are some older (1960s-era Budd cars) trains still used on the C line, but they were redone in the late 80s. The J and Z lines have some cars from the early 70s - but again, these were overhauled in the late 80s. Other than that, the oldest cars are from the late 70s - certainly nothing wooden from the 50s. The vast majority of the rolling stock was built by Bombardier, Kawasaki, or perhaps Westinghouse for some of the older 80s trains.

        • Since the losses due to card fraud are almost entirely borne by the banks, I have to assume it is more cost effective to take the losses than to chip all of the cards.

          And do you suppose the bank's employees pay for the fraud out their own salaries? Of course not! The cost of fraud is paid by their honest customer's banking fees. Even if you as a customer get refunded by the bank, when a fraudulent transaction occurs on your account, the money has to come from somewhere.

          Once one realizes this, then they realize that the banks have no incentive to pay for improved security, hence, the only reason that US banks haven't improved their security is because they would rather ra

          • The cost of fraud is paid by their honest customer's banking fees. Even if you as a customer get refunded by the bank, when a fraudulent transaction occurs on your account, the money has to come from somewhere.

            The cost of new ATM machines is paid by the honest customer's banking fees as well. That money also has to come from somewhere. Like most business decisions, it is a cost-benefit calculation.

        • by houghi ( 78078 )

          I have to assume it is more cost effective to take the losses than to chip all of the cards.

          No, it isn't. Especially not if you do it over a fase of say 5 years. That way the moment somebody needs a new card, either because the old one expired or it was lost or stolen.

          The extra cost for the card is minimal as it is produced in such vast numbers. Sure, if you replace all cards before their end of life, then it becomes expensive.

          The problem, I believe, is that investing money is almost seen as a loss for the

          • And somehow they arrived at different answer?

            Sure, why not? As TFA illustrates, sometimes the losses that banks are incurring differs between the US and Europe. No one has (so far) started blowing up ATMs in the US, so why would the banks spend money making them explosion-resistant? Similarly, if the cards aren't being counterfeited at a rate deemed unacceptable by the banks, why should they upgrade all of their ATMs?

            As an aside, the big American credit card companies (not the ATM cards) are switching to chip cards. After 2015, if you are a merchant a

      • by bsdasym ( 829112 )
        Yes, yes it is something we should be proud of -- because those chips are pure security theater, protecting only against the (quite rare) 'skimming' devices. If you steal someones card, you get the chip with it. You don't get the PIN. In neither case can the card be used to withdraw money from an ATM. In both cases, the card can be used for online purchasing.

        How the authors conclude that this has anything to do with ATM bombings is a complete mystery. What were they doing before the useless encrypti
  • Amateurs... (Score:5, Informative)

    by Flyingfenix ( 2405414 ) on Thursday January 29, 2015 @09:20AM (#48930853)

    Here in Brazil, more than a few thousand ATMs were exploded in the last years. Using ordinary explosives, and in many cases, demolishing the entire building in the process.

    Many times, it destroys the money completely in the process, but as it seems, usually enough remains that the practice continues. No need to be refined, using gas or thinking about the physics. The thieves sometimes hijack trucks and buses to close off the streets for a few minutes while others set up and detonate the ATMs. The police rarely has time to come to the scene and jail them. Also, sometimes, the police itself is involved.

    The most effective measure taken to discourage the practice was to pack bags of dyes inside the ATM cassetes, so that the money is stained and rendered unusable. If you try to deposit stained money, it'll be confiscated on the spot.

    In the last months, security measures got better in the larger cities, and the thieves moved to exploding the ATMs in smaller cities, or more remote locations in the suburbs.

    • Re:Amateurs... (Score:5, Interesting)

      by bickerdyke ( 670000 ) on Thursday January 29, 2015 @09:32AM (#48930909)

      Many times, it destroys the money completely in the process, but as it seems, usually enough remains that the practice continues.

      Well, it's not their money they're destroying...

      The most effective measure taken to discourage the practice was to pack bags of dyes inside the ATM cassetes, so that the money is stained and rendered unusable. If you try to deposit stained money, it'll be confiscated on the spot.

      Hmm... they can take the stained money, but neither deposit or spend it.....

      They're probably going to leave behind stained money, as it is of no use to them. The bank, on the other hand, of course will re-deposit their own stained money....

      But what if they would find out that there is MORE stained money found in the debris than there was inside?

      Sounds to me like either a source for lulz or a way to wash (somehow literally) dirty money. (with a little inside help of course)

      • by Anonymous Coward on Thursday January 29, 2015 @09:54AM (#48931011)

        The most effective measure taken to discourage the practice was to pack bags of dyes inside the ATM cassetes, so that the money is stained and rendered unusable. If you try to deposit stained money, it'll be confiscated on the spot.

        Hmm... they can take the stained money, but neither deposit or spend it.....

        Here in DC we have at least 535 folks that are willing to take tainted cash. Any denomination, any amount.

      • by cdrudge ( 68377 )

        They're probably going to leave behind stained money, as it is of no use to them. The bank, on the other hand, of course will re-deposit their own stained money....

        No, they'll do the same thing that banks in the US do when they have a dye pack that goes off. They ship it back to the fed reserve and it gets replaced.

        But what if they would find out that there is MORE stained money found in the debris than there was inside?

        In what way would that benefit a thief to leave money, stained or not, at a crime scene?

        • But what if they would find out that there is MORE stained money found in the debris than there was inside?

          In what way would that benefit a thief to leave money, stained or not, at a crime scene?

          I left open the option "just for lulz". Yes, not everyone personally benefits from causing confusion.

          Sounds to me like either a source for lulz or a way to wash (somehow literally) dirty money. (with a little inside help of course)

          Nevermind. I didn't realize you were the actors in Office Space that had to look up the dictionary definition of money laundering.

          Money laundering only works if you get the "clean" money back after it's been "laundered". If you have a guy on the inside that would get the money after it's been replaced, whether it's extra or not, it's not money laundering. It's just plain theft. And you wouldn't even need to go through hassle of laundering it, they would just steal it to begin with.

          I even wrote "literally" laundring it - like removing stains.

          And there is a huge difference if your inside man is replacing extra money: it won't be missed, lowering the risk of detection.

          Sorry I'm not comming up with laid out plans for the perfect crime as a response to a /.-post, but I guess getting finding a way to have someone trusted (like another bank) replacing your stained bills would be the way to g

  • by rmdingler ( 1955220 ) on Thursday January 29, 2015 @09:20AM (#48930855) Journal
    (beyond the halls of this honorable posting forum), you can bet your bottom someone will be doing it by the end of the week.
    • Hardly. It's easier to install a wireless magstripe reader over the card insertion slot so each card that goes through gets its data stolen.
      We, in the Netherlands, only had an upswing after pinning from suspicious countries was blocked by default (a phone call sufficed to unblock it). I believer the main culprit was an eastern European country, but I can't remember which one.

      It's only when you block the easy methods that explosions are used.

      • Outside the realm of computer savvy individuals like those who frequent /., the method you describe is simply beyond the capabilities of many who steal for a living.
  • 99% of the ATM's around here dont stand alone. they are in a small concrete building that has air vents. the other 1% are the little fake ATM's at liquor stores and shady party stores that nobody sane would insert their card into.

    so no, I wont be seeing it around here.

    • by Chrisq ( 894406 )

      the other 1% are the little fake ATM's at liquor stores and shady party stores that nobody sane would insert their card into.

      To be fair most of these just rip you off legally with huge withdrawal charges

    • Its about the same here - the technique they are talking about here is for the (typically) bank owned ATMs which are fixed in place, in a wall.

      The technique for the independent cash machines is simply to break into the store, tie a chain around them, attach the chain to a 4x4 and drive off - it yanks the cash machine off the fixture and usually breaks it open as well.

    • by beelsebob ( 529313 ) on Thursday January 29, 2015 @10:15AM (#48931103)

      What makes you think that ATMs in europe aren't embedded in a small concrete building?

      Note - that small concrete building usually has a door in the back of it so that a guy can come along, open it, and then fill up the ATM with cash. That again, is the weak point that the explosion will blow out.

  • Japanese solution! (Score:4, Interesting)

    by Justpin ( 2974855 ) on Thursday January 29, 2015 @09:21AM (#48930859)
    Or they do what they do annoyingly in Japan/Mongolia (some places in China)and some places in Hong Kong and Taiwan. That is they put the ATM machines inside a small lobby of a bank and when the bank closes the shutters come down on the ATM lobby as well.
    • by jittles ( 1613415 ) on Thursday January 29, 2015 @09:47AM (#48930981)
      In Germany a lot of small suburb banks require you to use your ATM card to open the lobby door after hours. At least that was my experience a few years ago. This doesn't prevent someone from using a stolen card to gain access to the bank lobby, but it forces the criminals to enter into a lighted and monitored building before they can engage in any shenanigans.
      • by ColdWetDog ( 752185 ) on Thursday January 29, 2015 @09:56AM (#48931027) Homepage

        At my local bank you need the ATM card to get into the lobby after hours.

        Or, at least, some random card with mag stripe. It doesn't appear to make any difference.

      • by kju ( 327 )

        Many banks in Germany have changed this now because many of these card readers had been modified for skimming purposes in the past. So our banks have now upgraded most ATM with antiskimming devices and they either leave the door open or have replaced the card reader with a simple "open doorf" push button.

        Also it brings no security (any criminal who wants to enter will be able to present a working card and be it a prepaid credit card just bought at the gas station). I also believe the main reasoning for the

      • Most banks in Germany have changed this practice. There was to much trouble with skimmers exchanging the readers. The readers at the door are not covered by cameras and less secure than the ones in the actual ATM.
      • by Jaime2 ( 824950 )
        We have those in the US. I use various cards in those for fun to see what works. For some reason, it's entertaining to me to use a Microsoft Certified Professional card to get into an ATM vestibule.
  • by Chrisq ( 894406 ) on Thursday January 29, 2015 @09:24AM (#48930871)
    There are a load of solutions that will work with new ATMs, a number of them already mentioned. What is needed is a cheap retro-fit, without modifying the strong box. Many banks don't upgrade this expensive component for years. I think the most promising ideas are ones that ink the money - but they have to get well in to the whole stack. A thin red edge that could be trimmed won't be good enough.
    • by Wycliffe ( 116160 ) on Thursday January 29, 2015 @09:58AM (#48931039) Homepage

      There are a load of solutions that will work with new ATMs, a number of them already mentioned. What is needed is a cheap retro-fit, without modifying the strong box. Many banks don't upgrade this expensive component for years. I think the most promising ideas are ones that ink the money - but they have to get well in to the whole stack. A thin red edge that could be trimmed won't be good enough.

      Retrofitting machines to ink the money shouldn't be an issue at all. It would be simple to make small fragile glass packs of various
      sizes filled with ink. Then you should be able to apply them with double sided tape anywhere and everywhere inside the machine
      there is a void. If you wanted to go one step further you could fill some of the glass packs with different chemicals that when
      combined produced combustion and incinerated the bills further. That should be enough to retrofit existing machines assuming
      they have any amount of voids. This would also prevent stealing the ATM machine as the glass packs would break if someone
      tried to yank the atm with a chain, etc...

      Probably the most important part though is putting a sticker on the front that says that you use ink packs so that people know
      or assume that even if they are crazy enough to try to blow up an atm that they probably won't get anything.

  • by Dan East ( 318230 ) on Thursday January 29, 2015 @09:24AM (#48930875) Homepage Journal

    What do encryption chips have to do with anything? If a card is stolen and known stolen, the owner can report the theft and the card is deactivated, whether or not it contains an "encryption chip". If the card is stolen and the owner does not know it was stolen, and the thief also has the pin, then they can use the card, whether or not it has an "encryption chip". Or am I totally understanding what this "encryption chip" does?

    • Re: (Score:3, Informative)

      by LordLucless ( 582312 )

      Poor word choice in TFS. Chips don't make it harder to use stolen cards, they make it harder to use cloned cards.

    • by rastos1 ( 601318 )
      The encryption chip prevents copying of the card. Without the chip the card can be cloned and within minutes multiple copies of the card can be used around the world to withdraw money from the account.
    • US card can be more or less copied at will and have no security whatsoever. In which case you can copy the card, leaving the user thinking he still has it and will not report it stolen, and using pads, or social engineering or plain peeking, get the pin. results : since there is no encryption chip and the card can be copied, the ONLY security is the pin. With encrypted chip the additional security is the encrypted chip is far harder to copy.

      Just a guess.
    • What do encryption chips have to do with anything? If a card is stolen and known stolen, the owner can report the theft and the card is deactivated, whether or not it contains an "encryption chip". If the card is stolen and the owner does not know it was stolen, and the thief also has the pin, then they can use the card, whether or not it has an "encryption chip". Or am I totally understanding what this "encryption chip" does?

      The encryption chip prevents someone from duplicating your card, at least in theory. They could make a copy of your card using an ATM skimmer and then steal your PIN and you wouldn't even know that someone had access to your bank card.

    • If a card is stolen and known stolen, the owner can report the theft and the card is deactivated, whether or not it contains an "encryption chip". If the card is stolen and the owner does not know it was stolen, and the thief also has the pin, then they can use the card, whether or not it has an "encryption chip".

      The "not knowing it is stolen" is the point: Magstripe cards can be trivially copied.

      The chips do an actual challenge-response handshake with a secret that never leaves the
      chip, and cannot be copied (at least not without decapping and some very high end lab gear,
      thereby also destroying the card - which prevents the "swipe card through a copying reader
      and hand it back" attack).

    • It just makes it harder to counterfeit the card. You could put a card reader/keypad reader on an ATM and harvest hundreds of number/PIN combinations and then fabricate fake cards to use those credentials. If there is also a chip, this becomes more difficult. I have to assume that in the US, number/PIN harvesting does not cost the banks enough money to jump on board with the chips, which would require retrofits to their machines (over 2 million in the US) and more expensive cards.

  • by gwjgwj ( 727408 ) on Thursday January 29, 2015 @09:30AM (#48930903)
    *Automatic* ATM Machines.
  • by ledow ( 319597 )

    Criminals gaining entry to an ATM after blasting a huge hole in it? Not really the kind of thing the everyday guy has to worry about.

    I mean, you've got to linger by an ATM for a while, cause a huge blast, then get round the back, gather the exploded money, etc. If you're prepared to do that, you'll find any number of ways of going that far anyway.

    And in the UK, ATM's are everywhere - in shops, post offices, out in the street, etc. You can't protect them all. There are no really "secure" ATMs here - not

  • Why not just supply the guts of the ATM with a nitrogen blanket? Seems like that would keep the acetylene from exploding inside the ATM.
  • by DrXym ( 126579 ) on Thursday January 29, 2015 @10:43AM (#48931299)
    I would have thought that drilling some holes into the back, top or underside of the ATM would fix the problem. The ATM might need some steel plates on the inside of the holes to stop people poking wires through into the machine itself but it shouldn't be rocket science to solve. The underside would be better on the basis that these ATMs are likely to be heavy and fixed to the floor with bolts so the underside would be less accessible.
  • stealing cards remains an effective, nonviolent way to get at the cash in an ATM.

    Wow, that makes it sound like the card-thieves are nice folks — see, they are "nonviolent". Almost like the "unarmed" we read so much about recently.

    What a way to turn a phrase and alter connotations — pick a nice-sounding synonym of many. Khmm, "quiet"? Neah... "Stealthy"? No... "Nonviolent" — yeah, that's it!!

She sells cshs by the cshore.

Working...