A recent incident revealed that thieves installed simple card skimming devices and cameras on bank ATMs, stealing customer account details and recording PIN numbers.  Once the thieves gathered the ATM card data, new ATM cards were easily created with the stolen customer information and the new ATM cards were used to make unauthorized withdrawals.

The thieves stole $500,000 from over 250 bank customers, and according to follow up news stories the customers are now being reimbursed by the bank.

In this economic  downturn, can  banks afford to put $500,000 back into their customers’ accounts and continue to foot the bill for identity theft?

Do you think it would be worthwhile for banks to use this lessons learned story and implement new or updated policies and procedures to ensure ATM devices are being checked regularly  and have not been tampered with?

What if a third-party service provider maintains a bank’s ATMS?  Have all appropriate individuals from the service provider acknowledged they are aware of the bank’s policies and procedures?  How are banks monitoring third-parties and service providers? 

But what about security camera surveillance…aren’t most banks implementing cameras to help with security efforts?  Another lesson learned here is that security cameras do not prevent thieves from   placing a skimming device on a bank’s ATM, banks must make sure that PEOPLE are reviewing the tapes before they can take actions to protect their customers’ information, their customers’ money and their own money.

Lessons Learned clearly show that if banks are serious about safety and security then Lessons Implemented Tools are needed to keep up with constantly changing threats and more sophisticated thieves.