In the future, banks would be smart enough to send you a text msg to confirm any action you pre-configure as high risk.

Scenarios:
1. You go to an ATM and try to pull some cash. You get SMSed. You hit "reply" and type "ALLOW" to approve, or "DENY" to immediately call the police... First time it was you, the second time it was a skimmer. You caught the skimmer red-handed...
2. You log-in to your bank with a secure one-time code generated by your key fob. Unfortunately, you had a very sophisticated trojan sitting on your PC and a man-in-the-middle attack just stole your session. Some crook in Russia jumps in on the session and tries to move some money around (say, move it to some new payee). You get SMSed.

Obviously, in order to change the phone number that can be SMSed (texted), you must appear in person with a driver's license, and the updated info isn't taken effect until you are snail mailed a notice of the changes first to multiple safe addresses (you and some family members)... No full details in the snail mail, just that you've requested to change your cell phone number on file...

Anyone remember the cardboard "ATM" box some guys placed in front of a closed bank? Hand-written sign said "ATM out of order, deposit here instead". Several dozen people actually deposited cash in the slot before an off duty cop staked it out (on his own) and caught the criminal "masterminds". It doesn't take a genius to pull off a major rip-off when there's that many idiots wandering around.

Just to clearify the "first time" comment in the article:

"The policemen got a big kick out of the skimmer, saying they'd never seen one in person."

Yeah. There you have it.

That's nothing. In Europe they've been sticking laptops inside the ATMs to swipe info. You won't even know until your bank account goes belly up.

^this^ I noticed a camera (somewhat less sophisticated) that was stuck to the top of the ATM housing once. They'd gone to great lengths to make it look part of the machine, but the plastic was slightly the wrong colour. Took it off and handed it in to the bank. They were rather surprised.

Psycros / Paul: Wow. (Entire laptops? How do you make *that* happen? I'm assuming a bank or maintenance employee was at fault?) The thing that caught my eye here was indeed the at-bank location; skimmers on third-party cash machines are alas no surprise at all, but in theory the bank's machines are better monitored. In theory. I'll be curious to see if the banks around here start posting warnings, or doing anything at all to alert the public.

Of course, there's so much random activity around Seattle-area WaMu facilities as the Chase transition continues... well, we know that acquisitions are a chaotic time, and hackers and their ilk can make a lot of hay while times are chaotic. Guess that goes for random thieves as well.

Maybe a first for those involved, but far from a first. I recall two local news stories here of banks pulling skimmers off 24/7 public access atm's, and in one case a surveillance/nanny type cam was also set up on the roof to catch PIN numbers - that doesn't even touch the couple of fistfulls of retail counter skimming apprehensions I am aware of locally, nor any of the ones that didn't make local TV news.

Hi Cory1492 -- on the roof? Of a bank?! Okay, these anecdotes are getting more and more interesting. So much for physical security; I mean, we know that to commit a *really* big crime you've got to be the guys with the keys to the executive suite (or their friendly private investment-fund manager), but you'd think even a marginally competent bank could figure out that monitoring the customer-facing physical plant is a good idea. (And yeah, the percentage of retail skimming incidents is just throat-clenching; I did some coverage on that a while back and for months afterward refused to do anything but cash transactions -- cash I withdrew, for safety's sake, only from bank ATMs. You see why this story caught my eye... :-) )

Hi Angela, yes, on the (indoor) roof - it was a walk in lobby type area with a few machines, the camera was fist sized and only discovered when the swiper started falling off the ATM.