4

About 20 years ago, a man disappeared, but his ATM card was "supposedly" used the day after the disappearance. However, surveillance footage of the store shows no-one in the store physically used the machine.

I think perhaps someone spoofed the transaction as a rabbit trail, to make it look like the victim or another person used the card there other than the actual abductor.

Let's say someone wanted to place a transaction on a debit/ATM account for $X at a typical convenience store location at XYZ time/date without actually using the card at that time/date.

Provided they knew your PIN, how feasible is this 20 years ago, either at the machine itself, or via some other method?

Polynomial
  • 132,208
  • 43
  • 298
  • 379
Bart Ressings
  • 49
  • 1
  • 2

4 Answers4

6

I don't think it's impossible considering where IT security was 20 years ago. It is very possible that he attacked the ATM remotely by dialing into it. It would require a certain skillset though.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
4

This happened before the ATM networks became totally integrated and often the date of the transaction (at the cardholders account) would occur on the inter-bank settlement date which is usually after the weekend or the next working day if it was executed after 4pm on a working day. I imagine the transaction in question happened on ATM Network A whilst the card holders bank was on ATM Network B.

Nowadays, even though "the settlement" of the ATM transaction is still done on day+1, it records the date of the actual transaction retrospectively on the cardholders account to stop this sort of thing from happening. Users of some UK based bank accounts still see this happening when looking at eBanking sites shortly after making an ATM transaction (the transactions are normally highlighted)

There used to be some attack vectors (in the UK) where if the transaction at a pair of ATMs (on different networks) was done fast enough, double the maximum daily ATM withdrawal could be made because the pre-settlement records hadn't been lodged in time. I heard that a large survey of all bank machine ATMs in the UK was carried out shortly after and there were only a dozen or so instances where ATM's were physically close enough to cause this.

Callum Wilson
  • 2,533
  • 10
  • 15
2

My first thought would be to question why "supposedly" was put in there. While it is certainly plausible to have hacked an ATM by many different means 20 years ago, or even today, it is pretty unlikely that someone kidnapping would have that skill set. I believe a lot of ATMs 20 years ago were modem based, so it might have been as simple as a bank employee or someone else who had access to the dial in number called up the central system, authenticated as the ATM and placed the transaction.

That said, it sounds like a fairly fishy story to me. Without physically going to the ATM they couldn't get any money and hacking in to it would leave more clues than it would add confusion. I can't see any good reason why either a criminal or someone running away would want to do this even if they had the skill set to do so.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
-1

A technique that was and still often is used is skimmming. A small devive is placed on top of the cardreader that copies the contents of the magnetic strip. A little (almost invisible) camera is used to record the pin. The contents of the card then are coppied onto a new card. With this new card and the pin a criminal can get access to your account without you even noticing. You still have your card and you never told your pin to anyone.

user1375280
  • 1
  • This is all correct, but completely irrelevant to the original question which was not about illicit card use, but transaction spoofing. – Xander Jan 11 '14 at 00:54