DATA: Here's an interesting tidbit about ATM security from The Register.
The modern "PIN entry device" is a physically and logically self contained tamper-resistant unit that encrypts a PIN within milliseconds of its entry, and within centimeters of the customer's fingertips. The plaintext PIN never leaves the unit, never travels over the bank network, isn't even available to the ATM's processor: malicious code running on a fully compromised Windows-based ATM machine might be able to access the cash dispenser and spit out twenties, but in theory it couldn't obtain a customer's unencrypted ATM code.
Amazing stuff. But it seems silly to put so much thought into this potential problem and so little into these well demonstrated problems:
1) Someone can easily steal my social security number and get a credit card in my name and destroy my credit. When are banks going to do something about identity theft?
2) Someone can use my debit card to make purchases with only a forged signature. When are they going to start requiring PINs for POS purchases?
(via EyeBeam via jwz)