This week Spanish law enforcement working closely with American law enforcement broke up a major international hacking effort that had been responsible for stealing more than sixty million dollars from ATMs throughout the world. Among those arrested were six Romanian citizens and two Moroccan citizens, all of whom were arrested in Spain. When arrested, the individuals had a large amount of cash, jewelry, computers and approximately 1,000 counterfeit ATM cards.
This same criminal group, it is alleged stole 40 million dollars throughout the world in a coordinated and swift attack that took place in just four hours in 23 different countries early in 2013. It is alleged that the data breach necessary to obtain the card information was done through hacking into the data bases of credit card processing companies, which in recent years have become known to be the weakest link in the electronic payment system.
This particular story underscores that regardless of how careful you are, you are only as safe from identity theft as the places holding your personal information with the weakest security. Unlike many other major ATM security breaches, the information necessary to accomplish the scam was not obtained through skimmers capturing card data when cards were inserted into tampered ATMs. Rather the information was stolen from credit card processing companies and then used to make counterfeit cards which were then taken to ATMs to access the accounts of the people whose identities were stolen.
Certainly you should follow good personal security steps as described in my book “50 Ways to Protect Your Identity in a Digital Age,” but you should also recognize that merely following those steps will not totally protect you. You should limit the use of your debit card to ATMs and not use the card for retail purchases where you do not receive the same level of protection from fraudulent charges that you have with a regular credit card. In addition, you should monitor your credit card regularly for fraudulent charges to catch any security breach early.