I just saw a bit on local news where a guy went into a convenience store and was able to reprogram an ATM to think that it had $5 bills loaded vs the $20 bills it actually had. Long story short, he withdrew $200 on a pre paid credit card and actually received $1000 in twentys. All this was done via the keypad. It took 9 days for it to be discovered due to a good samaritan reporting that she got more money than she asked for.

In those 9 days many people would have gone to the ATM, I wouldn’t be surprised if lots of the people kept returning to withdraw more.

Would these people been liable to prosecution?

mizzu, which country was this in?

This is most likely due to default passwords making the news, and people going "oh my god that's so simple!"

http://it.slashdot.org/article.pl?sid=06/09/21/1819242
http://it.slashdot.org/article.pl?sid=06/09/25/1919256
http://blog.wired.com/27BStroke6/index.blog?entry_id=1560333

If I were the guy, I would have at least changed it back afterwards, because the withdrawals and other information are recorded I think...

Here's the video. Good fun.

http://www.filecabi.net/video/atm-scam02.html

This reminds me of a time I went to an ATM only to find that some moron had left their card in the machine, with the password entered. I checked the account balance to find just over 3 grand in it.

In the end, I decided to take the person's card out of the machine and set it on the ledge, being sure to take out 20 dollars as a "I'm too nice to steal all your dough" fee.

I would bet there is a lot of money in ATM fraud. They are, after all, only machines, and are known to fuck up periodically.

Recently a criminal gang accused of cloning ATM and / or credit cards have been busted. The news even gave some hints how they did the job. :D

The gang was gluing a slim card reader at the opening of the original card reader of the ATM. They are also gluing a keypad on the top of the original keypad.

They were doing these activities on ATM machines which are not survailed by means of security cams.

When the victim unsuspecting of anything inserted his/her card, the card reader device glued at the entry of the original card reader was reading and storing the data on the magnetic card strip. And the keypad glued upon the original keypad was storing the PINs.

These genuine (and I believe handmade) devices have their special and very small communication interfaces. By means of these small communication interfaces they are transferring the data they collected to the computer.

Then by means of a magnetic card writer, they were cloning the cards and draw cash using PIN codes they extracted.

The police after determining such fraud, observed the gang for a period of one year to collect all evidence and one day early in the morning, the SWAT broke into three different hideouts of the gang in three different cities and bust them all together with all gadgets they produced.

However, they could not determine the amount of damage they created. They found more than two thousand card info on their computers.

Those devices are known as 'skimmers'.