A ring of international computer hackers stole $9 million by simultaneously hitting 130 ATMs in 49 cities around the world. The thieves pulled off the crime in the space of a half hour, using counterfeit cards.
The FBI is investigating the Nov. 8 theft, which the agency called the largest, most well-coordinated ATM attack it had ever seen.
With the alleged hackers still at large, an attack could happen again, security experts warn.
Authorities said the crooks got the data to clone hundreds of ATM cards by hacking into computers at a debit card company called RBS WorldPay.
In the past, thieves got people's card information one card at at a time, by installing skimmer devices on ATMs that read the data off the cards' magnetic strips and positioning cameras overhead to capture customers' pin numbers.
Security consultant Chris O'Ferrell demonstrated how easy this was to do: He swiped a card through a machine that read the data on the magnetic strip. With another swipe, he transferred the information to a blank card. Soon after, the cloned card worked at a gas station pump.
Card-cloning machines are available right on the Internet, even though there are very few legitimate uses for them. If the crooks don't have access to the original cards, they can just type the data into the machine instead.
RBS WorldPay said it covered the losses of the hundreds of customers whose cards were cloned and immediately canceled those cards and changed the PINs. The company also hired a security consultant to try to make sure a massive hacking never happens again.
One way companies can avoid ATM security breaches is to replace magnetic strips on cards with smart chip technology that makes cloning almost impossible. More than 65 countries use the smart chip technology, but the United States has stayed with magnetic strips to avoid the cost of converting ATMs.
"When we're using a technology as old as a magnetic strip on a card that can easily be duplicated, it makes it extremely easy for the criminals to clone our cards and steal our identities," O'Ferrell said.
How to Protect Yourself
Check out the slot when you insert your ATM card to make sure it looks right and is not a skimmer. If you see anything suspicious, such as an extra part surrounding the card slot, don't use the machine. Skimmers often target gas pumps and ATMs not located at banks.
As you type in your PIN with one hand, use the other to shield the number from view.
There's less you can do about data breaches, but do keep a close eye on your account balance because the longer you wait to report a theft, the more hassle the bank will give you.