Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!nbires!vianet!devine
From: devine@vianet.UUCP (Bob Devine)
Newsgroups: sci.crypt
Subject: Re: ATM Validations
Message-ID: <189@vianet.UUCP>
Date: Tue, 19-May-87 15:04:32 EDT
Article-I.D.: vianet.189
Posted: Tue May 19 15:04:32 1987
Date-Received: Sat, 23-May-87 04:17:23 EDT
References: <1024@wlbr.UUCP>
Organization: Western Digital, Boulder Tech Ctr
Lines: 28
Keywords: ATMs
Summary: how someone ripped off ATMs


  The Wall Street Journal on May 18th had an article about someone
who stole $86,000 from New York area ATMs.

  How did he do it?  Well, the article did not give much technical
information (it is the WSJ, after all) but it told of the general
method.  The thief, Robert Post, a recent immigrant from Poland, was
an ex-ATM serviceman who bought a device (article didn't say from who)
that enabled him to write on an blank ATM card some information.
However, Post didn't quite get the entire code correct, but, he did
have a card good enough for months of withdrawals.

  The weakness in the ATM security was its users.  Post would watch a
person enter the PIN.  He would also retrieve any discarded receipt
slips to get their account number.  Using that info, Post would create
a card and extract money from the person's account.

  One bank that was frequently stung was Manufacturers Hanover.  Last
October the bank changed its ATM program to show when a bad card was
being used.  The following morning they captured two of his cards but didn't
get Post.  The same night they nearly got him at one ATM, but got away.
Minutes later, a bank agent accosted him at the next ATM he tried.  He ran
but police caught him after a few blocks.

  Final paragraph: "He (Post) said in the interview later that he was
dismayed bank officials didn't offer him a consulting job."

Bob Devine