First rule
Only use ATMs within bank branches -- more likely that bad guys would be spotted fiddling with the machine.
Carders have jackpotted an ATM by inserting a circuit board into the USB ports of an ATM, tricking it into spitting out cash. The technique was thought to have emulated the cash dispenser of the ATM so the brains of the machine thought everything was normal, buying additional time for the brazen crooks to make off with the …
Mostly because it's a waste of everyone's time
I agree but I've taken that a bit further and hardly ever use cash(*). At a guess I have to get some twice or maybe three times a year. Even then I usually get it from colleagues by offering to put the Friday lunch bill on my plastic if they give me their paper :)
(*)That was a problem for a while because I almost completely ran out of coins to put in parking meters but then someone invented pay by phone and now that doesn't matter(**).
(**)Although I wish they'd agree on a single app for all car parks to use and there is small additional charge for the service.
(**)Although I wish they'd agree on a single app for all car parks to use and there is small additional charge for the service.
You'll be happy to know that in Brent (North London), there's a 25% discount for using pay-by-phone (and a 03 number to call), which shows the hollowness of the "costs extra to use the service" mentality (which is hypocritical given that I've run into a number of council carparks in east london where the walk-up terminals are all dead and the ONLY way to pay is by phone, on 087 numbers with an added "convenience charge")
I went into my bank (Barclays) before Christmas to discover those nice people behind the counter had morphed into a row of terminals along the wall. This is the main branch in a decent-sized town. It is possible to talk to a real human to effect some transactions, but no longer to get hold of real folding stuff, it seems. I think my local country town branch still has real human tellers but for how long?
The same "Braclay's" that in 2015 still insist you fill in a paying in slip for any amount or type of deposit! The same "Braclay's" that bought Woolwich, a typical building society that let you walk in and simply deposit money using your bank card well over 15 years ago!
Consistency in service and customer ease-of-use, yeah we've heard of them.
The same "Braclay's" that in 2015 still insist you fill in a paying in slip for any amount or type of deposit!
That must be branch-related. Last time I deposited a cheque (might even have been late 2013), I just handed over the cheque and they got the account details from my ATM card.
Most of what I need from a bank I can do on-line, the only times I've been in a UK bank branch over the past five years were to pay in a cheque (which I could probably have put in the post) and to close an account ("Leaving the country" is a real good reason to give and stops most customer-retention pitches in their tracks).
"Only use ATMs within bank branches -- more likely that bad guys would be spotted fiddling with the machine."
I can recall several instances of foyer ATMs being tampered with overnight and the bad guys removing the stuff in the morning. (Blurry) CCTV footage being posted to try and identify the culprits.
Just because they got spotted doesn't mean they didn't get away with it.
Hey, I am not defending them, just pointing out the real world problem. I am sure the newer machines have some sort of counter measures (like how server class machines have alarms that record when the case is open, wouldn't be too hard to do the same when the service door was opened).
My guess is that the bean counters figured that the countermeasures would cost more to retrofit than they will lose to these sort of scams.
" I am sure the newer machines have some sort of counter measures"
The older (1980s) OS/2 or older-hardware machines had alarm switches on all doors and a set of trembler switches.
Most of these attacks aren't on bank-style ATMs, they're on the cheap'n'nasty freestanding devices used in convenience stores, etc. The only security they have for the electronics is a thin plastic sheet and even the cash security is a fairly low-grade safe (filled by shop employees at the start of the day, not security guards)
Likely because the USB is sometimes needed for update/diagnostic purposes.
However I'm sure it would be quite practical to make sure it is positioned in such a way as not to be so readily accessible for instance to the rear of the machine which is often inside a secure room where the refilling is done.
My understanding is that the USB port is used by a technician to do maintenance/diagnostics on the ATM. Disabling the port may turn all ATM repairs into "swap unit and return to base for repair".
That actually may not be such a silly idea for stand-alone units. Wheel a new machine in, swap the cash drawer over, wheel the old machine out. The downside to this is it'll add to the cost of maintenance.
It's still a problem for in-wall mounted units however. Really these are machines that should not have wide-open USB ports: at the very least they should only be enabled when in maintenance mode, and even then, restricted in what kinds of device can be connected.
The fact that they are so wide open, and the fact they often run ancient consumer OSes (once upon a time, OS/2, today Windows NT 5.0/5.1) tells me they're not serious about tackling the security problem.
Thankfully, my bank account is old enough to have a reasonably secure and old-fashioned alternative: a passbook. I'll just use that until such time as circumstance forces me to change.
USB? Why not a proprietary connection? I know it's not totally secure, but at least it's not "universal." Additionally, surely it's only authorised repair / maint people who connect to this? If so, why not white list their hardware IDs?. Again, not totally secure, but it's a start.
"So simple to use. The 30% transaction fee hurts a bit, but you're worth it..."
Yes, with only 3 options because they don't believe that the users will be able to know what they are doing or be capable of making decisions:
1. Give me cash (Withdrawl of £1000; no need to enter a quantity)
2. Change my pin (To a number chosen by the machine; no need to decide on a number)
3. Automatically pay all my bills (Pays all of them; no need to say which. Guesses your supplier references so you don't have to enter them; tough if it pays your neighbours' bills)
If the options that they have deigned to give you are not to your tastes; then your taste is wrong.
In this case, it really is like a drunk man walking down a seedy neighborhood waving money around, only in this case he blindfolded himself and covered his ears. It's not like banks don't have any money to upgrade and secure their systems, they just don't care, so neither do I.
You realise any losses the bank incurs are recouped one way or another through you being a customer?Something as simple as creaming off a small percentage from the interest they earn from your deposits, interest that should in your pocket. Just keep the interest rate down enough on the accounts so when they do incur some stupid fine or loses from dodgy equipment like ATMs, they'll just cream it off what they'd pay their customers.
"You realise any losses the bank incurs are recouped one way or another through you being a customer?"
To an extent. Or they just get the government to bail them out, and keep paying the obscene bonuses typical in financial disservices.
But when the banks' crooked City gamblers repeatedly get fined billions by regulators for an ever changing kaleidoscope of new and novel frauds, and they then repeatedly stuff customers, shareholders, or the state with all the losses, they don't need to change their rancid, thieving culture, so why worry about a few tens of millions in ATM or card fraud?
Brief chat with MrsJP, and we *think* the last time we "got any cash out" (i.e. cashback !) was a month ago. We still have the remains of it in our wallets. The only thing it gets used for nowdays is the Friday night chippy meal (and I suspect they take switch, if you ask - just nobody does).
Bad news for charity bucket slingers, I'm afraid.
Anyway, back to the story ... I'd be fascinated to know (but not so fascinated I actually Google it) whether cashpoint use in the UK is increasing, declining, or steady. Especially since banks must really hate them when they aren't replacing staff.
I find I'm using more and more cash. I suppose I'm getting a bit more paranoid about being tracked in this day and age. not having a phone with GPS also helps sty under the radar a bit more.
Every electronic transaction leaves a footprint behind. With cash, you are anonymous like this post.
I received a new card from Barclays Blank a year or so ago with the contact-less payment on so toddled off to my local branch where the conversation went something like this;
<me> I'd like a replacement card without the contact-less payment please.
<zombie> I'm sorry sir all our cards will be having these from now on.
<me> I'd like to close my account please.
<zombie> Let me see what I can do sir.
(returns after ~5 mins)
<zombie> We can help you out sir.
<me> Excellent, thanks.
<zombie> We can turn your account into a restricted one and issue you with a new card without the contact-less payment.
<me> I'd like to close my account please.
<zombie> (returns after 2 mins) We can issue you with a replacement card sir.
<me> Thanks bye.
> ps: anyone know if its possible to get banks to disable payment-by-bonk on your card?
Depends on the bank.
I have one with a well known credit card company - think about a sidekick called Boff. I've asked for sans-bonk and they've refused - so I've pointed out to them that I don't, and won't ever, carry it. It gets used occasionally for online purchases but nothing more. I made a point of stating that their "guarantee" was in fact worthless - I know someone who had a card cloned and the "guarantee" certainly didn't mean he didn't have to live for a month with no money because the crooks had emptied his account up to max overdraft just after payday, and it certainly didn't mean he didn't have to "prove" it wasn't him who made every disputed transaction.
On the other hand, I have a card with another bank. Now there's a tale of inefficiency and waste ! They detected fraudulent transactions, contacted me*, determined it wasn't me and cancelled the card. I asked about staying sans-bonk but they couldn't do it - not outright. So I got a new card with-bonk, followed a few days later by a replacement sans-bonk card. So I had to push it, it was a load of hassle, a lot of waste on their part - but I got it.
* And that's another one.
What f***ing clueless retard of a security officer allows a supposedly reputable bank to call up customers and expect the customer to give up their security details to the cold caller ? The caller did get the message when I told them that I will not be giving them one bit of information unless they prove who they are, and no I won't calling back any f***ing number you give me ! Not the first time I've had to complain about this sort of asinine behaviour. Without giving up enough information to be "useful" to criminals, they wouldn't even tell me what it was about.
So I called the bank back (using the number on the back of one of my cards), and it took "a while" to find out which account it related to and what it was about.
Gotta love the concept of a free-standing ATM. No need to break into the machine, just nick the whole machine and open it at your leisure. This was done a good many years ago in South Africa, involving an ATM inside the police headquarters of all places. I imagine a couple of guys with yellow jackets walked in and wheeled it out without anyone asking any questions.
HSBC sent my wife a replacement bonk card, immediately phoned up and said we don't want it and cancel the one you're about to send me and send two normal cards, please. Surprisingly easy, new non-bonk cards in the post within a few days. Very rarely am I amazed, these days.....