While there are far better commentators out there on security, CSIT is a very good starting point, it’s neither surprising or inevitable about the $45M ATM fraud.  Or put another way:

A $45M card fraud, how could this happen?! (Surprising)

A $45M card fraud, how could this not happen?! (Inevitable)

The well crafted heist was surprising and inevitable. The magnetic strips on the ATM cards is easily hacked this is pretty much a given, common knowledge and the main user is the United States.  The Square dongle is basically a card skimming device.

If you look inside the dongle it’s basically a cassette tape head and a resistor.  The phone is essentially recording the audio from the magnetic strip.  To see this in action it’s better to watch the first five minutes of Laurie Anderson’s live concert from 1986, “Home of the Brave”.  The tape bow violin is the same concept.  Actually watch all 90 minutes of Laurie as it’s awesome.

This is how the ATM card system in the US is based.  Europe did a good job of integrating chip and pin but it’s still not the best implementation. Contactless is good but has it’s flaws as Marks and Spencers are finding out.

So to sum up there’s more card security in JetVac and power portal than there is in the US ATM system. The thing is, $45M loss to the US banking system is a rounding error and doesn’t justify the cost to revamp the whole ATM system and cards.

It’s a shame because kids paying cash by Skylanders figures seems quite appealing to me.