December 3, 2020

Another Attempted Suppression of Security Research

Researchers at Cambridge University published information on a flaw in banks’ procedures that rogue bank employees may have been using to learn the PINs from many customers’ ATM cards. It has always been easy to forge ATM cards, so knowing the PIN allows criminals to steal money easily from customers’ accounts. Now some banks are apparently trying to suppress the research.

Kuro5hin has the details.

The interesting twist here is that the banks sometimes bring legal actions against customers who they accuse of overdrawing their accounts by making excessive ATM withdrawals. The customers’ defense is often that they didn’t make the withdrawals. The banks argue that their security mechanisms prevent fraud, so if the withdrawals were made, it must have been the customers who made them. Because of this, the security of the banks’ systems and procedures are a central issue in such cases, and the availability of evidence on such issues is important to ensure that the accused customers can mount a proper defense.