advertisement
Looking for something on the site? Search for it here! Also see Clark's Greatest Hits

Jul 02, 2008 -- Citibank ATMs compromised, PINs stolen

There's been a widespread security breach at some 5,700 Citibank ATMs. Heed this special warning if you've used a Citibank ATM (including those found at 7-Eleven stores) at any point this year.

Criminals hacked into the bank's system and were remotely able to capture account numbers and PINs. They then made duplicate cards that were used to withdraw money from accounts for about 7 months.

The banking industry's longtime rule has been that the burden of proof was on you if your PIN was stolen. They believed their system was impenetrable and if something went wrong, well, you must have been at fault by not protecting your account or PIN. But the hacker community shares info about how to break into back-end systems on a variety of message boards.

The real problem is that our banks rely on 1960s ATM card technology. Over in Europe, they've long since switched to using smart chips in ATM cards. These smart chips defeat the ability of hackers to duplicate a card should they capture a number.

Washington D.C. has also been complicit in this backwards-looking policy. Federal regulators who are in cahoots with the banks have not followed through on requiring them to follow international banking security standards.

The takeaway for you is that you've got to thoroughly monitor your account and follow up on any discrepancies.

Meanwhile, the folks at Wired magazine originally broke the Citibank story. And Citibank, to its shame, is still being hush-hush about the number of people affected and the amount of money that's been stolen. Ukrainian immigrant Yuriy Rakushchynets and 2 others are the likely culprits of the crime.

Our banking industry operates at below-Third World standards when it comes to data safety. It's well past time for our government to mandate that the banks adhere to recognized world standards in the field. Clark also thinks banks should be required to provide full disclosure to the media and the American people when breaches like this one occur.

Unfortunately, Clark won't be able to answer any questions submitted via commenting. If you have a question, please try posting it to our message boards.

Avg. rating: N/A

Add your comment

Security Image * Please enter the code shown at left
what's this?

What others are saying

  • Credit Card Number Stolen, Not the Card
    Just found out our VISA credit card, which was not stolen from either my husband or I, has been used in Florida for the last few weeks without our knowledge. Apparently, someone got our credit card number from someplace and had a duplicate made and went shopping. Now we have to deal with cleaning up the mess! This is especially disconcerting since I had my identity stolen just 2 years ago when my wallet was stolen. So here we go again!! When do I get my protection from these thugs?
    By N. Bundy @ 10/07/08 09:38:21 AMreport abuse
  • not just atm
    Citibank just froze my online access along with virtual numbers I use to pay bills. They will be sending a new card and I'll have to start all over again. This happened about 2 years ago also. What a pain!
    By Jackie @ 08/15/08 03:37:46 PMreport abuse
  • They didn't "hack the mainframe"
    Clark, in your commentary on this you said "Criminals hacked into the bank's mainframe...". Where did you get this information from? It's not in the Wired article, and based upon other reports I read this is inaccurate. Can you please correct this article?
    By Steve @ 07/09/08 09:09:41 AMreport abuse
  • credit card fraud - its the LAW you must tell
    Citi Bank cannot be hush-hush with the new credit card laws. IF there is a breach or suspected breach of name and / or any identifying character that can be used for stealing credit card information for fraud, that company MUST inform each and every cardholder that this suspected breach has occurred for. Full Stop. No turning back, they must or they will be heavily fined to the point of having to close shop, not to mention they will lose the ability to use credit cards at all! California’s laws started it all – but now you must tell.
    By Cathy @ 07/03/08 03:40:03 PMreport abuse
  • LAWS are LAWs
    Citi Bank cannot be hush-hush with the new credit card laws. IF there is a breach or suspected breach of name and / or any identifying character that can be used for stealing credit card information for fraud, that company MUST inform each and every cardholder that this suspected breach has occurred for. Full Stop. No turning back, they must or they will be heavily fined to the point of having to close shop, not to mention they will lose the ability to use credit cards at all! California’s laws started it all – but now you must tell.
    By Cathy Gibbs @ 07/03/08 03:39:11 PMreport abuse
  • Credit Cards
    Banks have had higher profit margins than gas companies and they can't keep all the sensitive information they want from us safe shocking! And we need less regulation? Banks should be hit with the windfall tax with some banks over the past few year reaching 20% profit margins. At least I am smart enough not to use a bank, they charge you to breathe the air in those places. America is all about greed, not right and wrong anymore. Uncontrol capitolism will destroy us, capitolism is the greatest thing we have but left unsupervised it eats itself to death.
    By MCO @ 07/03/08 10:25:48 AMreport abuse
  • European measures
    In addition to issuing credit cards with pins known only to the owner, european have implemented another measure which is a low-tech as it can be: they simply do not accept credit cards almost anywhere. We had huge troubles all over western europe couple of summers ago including giant hypermarkets in Austria, Germany, and Italy. Cannot beat that security!
    By Ivan @ 07/02/08 04:26:57 PMreport abuse
send to a friend  view as printer-friendly  RSS feeds
advertisement
advertisement
THIS WEEK'S POLL
advertisement