Citibank ATM network breach: PIN security problems Background of the Incident Between October 2007 and March 2008, hackers broke into Citibank’s network of ATMs inside 7-Eleven stores and stole customers’ PIN codes, revealing a disturbing security hole in the most sensitive part of a banking record. They successfully accessed PIN codes — the numeric passwords that theoretically are among the most closely guarded elements of banking transactions — by attacking the back-end computers responsible for approving the cash withdrawals.
There are nearly 5,700 Citibank-branded ATMs inside 7-Eleven stores throughout the United States. The thieves were apprehended and allegedly made $2 million in illegal profits. Vulnerability The ATM system’s infrastructure allows the automated teller machines to be remotely diagnosed and repaired over the Internet. The PIN codes could have been leaked in between the data transfer from the ATM machines and the computers that process the transactions. The PINs are not protected by strong encryption algorithms. The banks need better fraud detection systems and better authentication mechanisms.
Threat The hackers and identity thieves are major threats to ATM machine operation. A flaw in the network can compromise security and let the criminals encode stolen account information onto blank ATM cards to gain unauthorized access to compromised accounts. Other threats are “phishing” e-mails on user accounts or installing of false-front keypads or even tiny cameras on ATMs. Risk ATM security breaches can provide the hackers with confidential user information such as name, address, account details, access codes etc.
If the attack is not detected fast, millions of dollars can be withdrawn from the bank illegitimately. The cardholders may lose trust and credibility on the network security of the associated bank. IMPACT The attack on ATM network not only mars the reputation of the bank and its security providers, but has a great impact on economic environments. Millions of cash stolen can cause imbalance in the cash reserves of the bank, which may further affect the economy. The money acquired by hackers/thieves can be used for other malpractices and pose a greater threat to the people.