Computerworld Hong Kong - It's hard to remember life without ATMs. In Hong Kong, we can transfer funds, pay our utility bills and even settle tax demand-notes using an ATM. And they even dispense cash.
We're so used to these handy machines that we may not always view them as security risks. But we should. As security gurus like Bruce Schneier point out, we make security decisions all the time--some conscious, some subconscious.
It's time to put your ATM security strategy into your conscious personal security perimeter, if it's not there already. You may know that ATMs can be fitted with "skimmers": snap-on devices that include card readers and pinhole cameras. The crooks want to steal your account number and watch you type in your PIN, then clone your card for nefarious purposes.
According to a recent story in the South China Morning Post, illegal skimming equipment is believed to have been installed on at least 10 Hong Kong ATMs since September. From October to December 2012, 18 people reported losing money--14 in December alone.
Mainland authorities have been contacted because illegal withdrawals using fake cards and the stolen data were made across the border, according to the SCMP.
ATM cards are being replaced with ones bearing an embedded microchip for greater security by Hong Kong banks, and this process should be completed in 2015. But as ever, your awareness and alertness are the best weapons against thieves using technology.
ATM-skimmers are uncommon, but should you suspect an ATM has been tampered with, please report it to the HKP on their Commercial and Technology Crime Hotline hotline: 2860 5012.
Secure locations for ATMs
ATMs located on public streets are accessible to anyone at any time, making them prime targets for a skimmer. One security-measure worth checking: streetside ATMs attached to a bank sometimes have a security camera (look for the half-dome on the underside).
Another factor: the bad guys like to keep visual contact with the ATM they've illegally modified. An ATM inside a bank-lobby, or shopping mall, or other facility that is locked during non-business hours, is a better choice than a streetside ATM.
Be aware of your ATM's surroundings. You're making a transaction involving valuable personal data and cash. Now is not the time to check Facebook on your mobile phone.
Skimmers use pinhole-cameras which can record your PIN (Personal Identification Number) when you type it on the keypad.
Hong Kong ATMs have useful shields around the keypad, but this is important: always cover your typing hand when entering your PIN. You can use your free hand, purse, or wallet to cover the keypad.
Follow the instructions on the ATM: cover your typing hand when you enter your PIN. Every time. This simple practice just might save you from a substantial loss of funds.
Be alert when you use an ATM. Don't let anyone distract you--complete your transaction, be sure you've tucked away your card (and cash) safely, and leave.
More information on ATM-skimmers is available from the website of Charles Krebs: a US-based security researcher who documents these criminal devices. Krebs compiles his ATM-skimmer stories here:
Basic security practices are important when you use any ATM. Refuse to be a victim. Remain alert, cover the keypad when entering your PIN, and urge others to do the same.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts