There seems to be a lot of news coverage of ATMs which have been compromised with cameras or devices to copy card data.
When a device is found on an ATM, there must be a list of all the cards which have used the machine in the last 24/48 hours which are highly likely to be at risk. I would hope that as a minimum customer’s banks are informed, but I am not aware of an specific action taken by banks to mitigate the risk or inform customers.
Perhaps monzo could send users a message to prompt them to change their pin.
I’m not sure about what kind of information Monzo would get in to compromised ATMs when they take on to their card processing. Maybe @rdingwall knows?
As Monzo grows, there’s surely something clever that could be done to narrow down affected ATMs based on recent activity on the accounts of customers who have recent fraud issues, using the data to then proactively take action with the remaining customers who used that ATM or any compromised merchant (thinking American merchants still using magstripe) in the time period. On the issue of frequent compromises, I would hope that criminals aren’t repeatedly targeting the same ATM as that would be quite dumb and lead to a very quick arrest.
A lot of this hits on the reasons that magstripe ATMs are disabled by default, disabling by default at least reduces the easy options and possible windows of opportunities for criminals to cash out (literally in this case) with Monzo card numbers.
“One ATM in Mayfair, for example, is ground zero for the theft of what could be up to hundreds of thousands of pounds. The machine, situated on Conduit Street, has been named by the Metropolitan Police as the most hit cashpoint in central London, regularly targeted by international fraudsters for cash machine stings.”
It seems criminals do target the same machines and it’s successful.
