Computerworld Hong Kong - It's hard to remember life without ATMs. In Hong Kong, we can transfer funds, pay our utility bills and even settle tax demand-notes using an ATM. And they even dispense cash.
We're so used to these handy machines that we may not always view them as security risks. But we should. As security gurus like Bruce Schneier point out, we make security decisions all the time--some conscious, some subconscious.
It's time to put your ATM security strategy into your conscious personal security perimeter, if it's not there already. You may know that ATMs can be fitted with "skimmers": snap-on devices that include card readers and pinhole cameras. The crooks want to steal your account number and watch you type in your PIN, then clone your card for nefarious purposes.
According to a recent story in the South China Morning Post, illegal skimming equipment is believed to have been installed on at least 10 Hong Kong ATMs since September. From October to December 2012, 18 people reported losing money--14 in December alone.
Mainland authorities have been contacted because illegal withdrawals using fake cards and the stolen data were made across the border, according to the SCMP.
ATM cards are being replaced with ones bearing an embedded microchip for greater security by Hong Kong banks, and this process should be completed in 2015. But as ever, your awareness and alertness are the best weapons against thieves using technology.
ATM-skimmers are uncommon, but should you suspect an ATM has been tampered with, please report it to the HKP on their Commercial and Technology Crime Hotline hotline: 2860 5012.
Secure locations for ATMs
ATMs located on public streets are accessible to anyone at any time, making them prime targets for a skimmer. One security-measure worth checking: streetside ATMs attached to a bank sometimes have a security camera (look for the half-dome on the underside).
Another factor: the bad guys like to keep visual contact with the ATM they've illegally modified. An ATM inside a bank-lobby, or shopping mall, or other facility that is locked during non-business hours, is a better choice than a streetside ATM.
Be aware of your ATM's surroundings. You're making a transaction involving valuable personal data and cash. Now is not the time to check Facebook on your mobile phone.
Skimmers use pinhole-cameras which can record your PIN (Personal Identification Number) when you type it on the keypad.
Hong Kong ATMs have useful shields around the keypad, but this is important: always cover your typing hand when entering your PIN. You can use your free hand, purse, or wallet to cover the keypad.
Follow the instructions on the ATM: cover your typing hand when you enter your PIN. Every time. This simple practice just might save you from a substantial loss of funds.
Be alert when you use an ATM. Don't let anyone distract you--complete your transaction, be sure you've tucked away your card (and cash) safely, and leave.
More information on ATM-skimmers is available from the website of Charles Krebs: a US-based security researcher who documents these criminal devices. Krebs compiles his ATM-skimmer stories here:
Basic security practices are important when you use any ATM. Refuse to be a victim. Remain alert, cover the keypad when entering your PIN, and urge others to do the same.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts