Do you remember the 1960's infamous little blue box? That plaything of the technically inclined from long ago was a pre-cursor to some of the security challenges faced by the ATM industry today.
For those younger than this bit of anciet history... here's the story. Long, long ago in a country far, far away, there was a little blue box. Actually, it was right here in the USA and in fact there were lots and lots of little blue boxes. They were used to make free long distance phone calls, an early phone hack, back when long distance calls were really expensive. It was considered a bit of a giggle to dial around the world and back to yourself. It took about 30 seconds to make the round trip and voila, you were beating the phone company at their own game.
Steve Wozniak and Steve Jobs were two famous pranksters who built and sold these wondrous little items. Wozniak claims to have once dialed up Vatican City. Imitating Henry Kissinger's thick German accent, he asked to speak to the Pope. Alas, the Pope was asleep at the time. One wonders what Wozniak would have said if he had actually been connected.
Steve Jobs and the Woz went on to more profitable endeavors, and the little blue box went on to worse. As criminal activity superseded pranks, the phone company made changes. The little box faded away. Wozniak's personal blue box now resides at the Computer History Museum in Mountain View, California.
Fast forward back to today. Phones are still involved in criminal behavior, of course. Glenn Mulcaire, the notorious snoop involved in Rupert Murdoch's News of the World scandal, hacked a convenience store ATM and its phone line. He wasn't after money, not out of the ATM at least. He used the ATM's phone line to spy on the voice mails of the rich and famous. His game came to light when the ATM's owner eventually noticed the phone company was billing for more than the transmission of financial data. Moral of the story: watch your phone bill, even if it is only for your ATMs.
You may also have read about the two 14 year old students who hacked into a Bank of Montreal ATM in a grocery store in Winnipeg, Canada, during their lunch hour. They had gotten an old ATM service manual off the internet and followed the instructions. When they needed to put in a code, they guessed at the default. Got right in. Being good kids, they went to a local bank branch nearby and tried to warn the manager about the bank's security problem. He didn't believe them. So they went back to the ATM and changed the welcome screen to read "Go away. This ATM has been hacked." And there's more....
The incident in Winnepeg was not the first time opportunists have found a manual on the internet and then taken a guess at the default code. An Australian pizza delivery man got away with about AU$30,000 using the same simple tactic (before he was finally caught.) What tripped this genius up was that he used his own debit card and those of friends and family to activate the machine. Had he used an untraceable prepaid debit card, Infosecurity-magazine.com reports, he might never have been brought to justice.
As the saying goes, "Opportunity makes a thief." Are there many ATMs still out there easily accessed with a default code? Think how many employees who may still have whatever codes were used in the past. Are those same codes still valid today? The little blue box worked for years because the phone company codes were easily discovered and never changed. There's a lesson in here!
So what does ATM Channel Management have to do with the little blue box? Simple. There are always people, some clever, others stupid, who are trying to game any system out there, including... maybe even especially the ATM. Phone companies around the world had to spend millions upgrading their systems due to the little blue box. Millions more were spent chasing down the criminals using blue boxes. Upgrading any system from time to time is not a bad idea. As technology gets more sophisticated, so do the criminals. Continually upgrading an ATM fleet is the surest way to prevent this era's blue box style hack. And compared to the cost of losing the money inside an ATM, that ounce of prevention would be worth a whole lot more than a free long-distance phone call.