Book Review: Automatic Teller Machines III

Reviewed by Lord Phreaker

Automatic Teller Machines III by John J. Williams, Consumertronics Co.

Automatic Teller Machines (ATMs) are the wave of the future in banking.  Projections aim at 500,000 ATMs and Point of Sale terminals (POS) in place by the year 2000.  By 1990 there will be $550 billion worth of ATM transactions per year.  ATMs are becoming a major force in the banking industry, with more than 58 million Americans using them.  But along with the added convenience and lower costs to banks of using ATMs, crimes involving these machines have grown enormously as ATM use expands.

Reported ATM crime in 1983 was between $70 and $100 million, and estimates run as high as $1 billion.  These figures don't include muggings and other crimes directly against ATM users.  With $50,000 in a newly refilled ATM, "a veritable cookie jar," these machines are becoming the focus of criminals.  ATM fraud soon will become a major criminal activity.

John Williams begins his pamphlet with a series of apocalyptic warnings about the repercussions of this boom in ATM fraud.  According to his "Background Information," John Williams is very convinced of the danger this growing area of fraud poses to the American public.  His apocalyptic visions get carried to extremes, as he states that "I strongly feel that all forms of EFT [Electronic Funds Transfers, which include ATMs] are instruments of Satan and must be destroyed to prevent enslavement by the Antichrist."

These dire forebodings are interspersed throughout the text, complete with references to Big Brother.  Williams also dislikes the banks and other capitalistic enterprises.  He claims it is in the banks' best interests to suppress stories of ATM fraud losses.  ATM transaction costs are much less than those dealing with live human tellers.

In addition, Williams claims that once banks have gotten the public to prefer using ATMs, they will raise charges to the customer for ATM transactions.  He also warns against the "ominous risks to our freedoms and privacy" as the ATM invades the home.  Although these claims certainly make entertaining reading, they detract from the seriousness of the work and make it too easy to dismiss.  However, once one gets beyond these ravings one realizes that there actually is some useful information here.

One area where the book excels is the section dealing with protecting oneself from fraud.  Many of the suggestions are common sense, but many people don't even think of using them.  Williams is especially concerned about violent crimes against ATM users by muggers.  For example, he suggests that one never withdraw funds between 10 and midnight, as criminals can then make two days of maximum withdrawals with your card.

Williams also addresses your legal rights.  If a violent crime occurs within the ATM lobby, you can probably successfully sue the bank for improper safety measures.  The section on how many ATM scams work is helpful, as most of them involve somehow tricking the victim into revealing his PIN.  He also lists several warning signs of ATM fraud in progress or about to happen so one can avoid becoming another victim.  The section on protecting oneself from fraud perpetrated by bank employees as well as more common criminals is indeed valuable, as is the discussion on EFT laws.

The technical section is interesting, but not very useful.  Williams focuses on the Diebold ATM, which accounts for about 45% of installed ATMs, but one wonders if the information is out of date or only applies to one model.  There is a discussion of several other models as well.  He does enter into a useful and interesting explanation of ATM card magnetic strip formats, as well as encryption schemes.  This really is the most interesting and informative part of the entire booklet, as he in depth discusses PIN encryption and data formats.  The technical sections on how ATMs and ATM networks operate is also interesting, although not specific enough.

If you bought the book with the hope of finding out an easy way to break into an ATM, forget it.  Most of the methods are sufficiently vague that you would have to do much more investigation on the topic anyway (luckily for the rest of us).  Many of the physical attack methods are just the same as for payphones (or any other armored object, though surprisingly many ATMs are only fire resistant, not burglar or tool resistant), and are really innately obvious.

Many of the successful methods used in the past are due to programming mistakes which probably have been repaired.  ATM security seems to be a rapidly evolving field, and major holes are patched as soon as they become apparent.  The section on computer related break-in methods was especially vague, and much of the material was too generalized, and could be applied to any computer crime.

When one comes to the end of the booklet one wonders if it was worth the cost.  Twenty-five dollars is a lot for fifteen pages (plus a three page feedback questionnaire) of badly Xeroxed ravings.  Each page, however, is two columns of very small print, containing some information of worth, much of which is impossible to find from any other source.

The diagrams aren't extremely helpful, mainly being cartoons and publicity shots.  Williams often plugs his other books in the work, as well as America's Promise Radio, which is distracting (admittedly, he also plugs 2600 as "the best source on phone and computer phreaking").  This could be a better investment if the ravings were removed along with a lot of the extemporaneous material.

It isn't especially useful to scan through columns of clippings telling that so-and-so stole such-and-such amount somewhere.  Many of the clippings really have nothing to do with ATM fraud, and are merely cute filler.  My suggestion to the author for Automatic Teller Machines IV is to cut out much of the diatribes which detract from the seriousness of the topic.