PIN Cashing

PIN cashing is a type of fraud in which the use of stolen debit or credit card information allows a thief to gain access to the cardholder’s bank or credit account. Typically, PIN cashing involves the use of an automatic teller machine (ATM) to withdraw funds once the card’s personal identification number (PIN) is known. This version of cybercrime is the result of a data breach during card processing.

PIN cashing takes advantage of one of the most basic security features of debit cards, the use of a multi-digit PIN number. The cardholder creates the PIN. When the card owner inserts or swipes the debit card at an ATM, or makes a purchase at a store, they enter the PIN into the terminal for a transaction processing. In the U. S., credit cards do not require the entering of a PIN number for processing, unless the owner wishes to withdraw cash from an ATM. However, in Europe, the use of a credit card during a store purchase also requires the entry of a PIN.

Hackers may gain access to the computer system of a bank, a retail store, or other businesses who process transactions electronically. Institutions often become targeted if they have weak security systems. Thieves use this unauthorized access to steal confidential account information. 

In some cases, hackers can remove withdrawal limits by manipulating security system settings.

The 2014 breach of Home Depot’s self-checkout terminals became one of the most noteworthy cases of card data theft. This event compromised the security of some 50 million credit and debit cards. The company saw no evidence of revealing PIN numbers, but security experts showed how thieves with several key data points about a customer could easily glean personal identifying information (PII) about the cardholder from illegal data mining. Information that would be enough to reset PIN numbers on bank websites.

For example, the Home Depot thieves could match credit card numbers, cardholder names and store zip codes. Because many customers live in the same zip code as their local Home Depot, this effectively revealed the cardholder’s zip code. Armed with this information, thieves could mine social security numbers, birth dates and other personal data that would allow them to change PINs.

Meanwhile, sophisticated theft rings can print stolen card information onto new dummy cards. The counterfeit card, armed with a reset PIN, makes it possible to drain cash from ATMs.

Home Depot is not alone in having security breaches compromise user information. Other victim companies include Panera Bread, My Fitness Pal, Sonic Drive-In, and even credit reporting giant, Equifax.

Banks, stores, and credit card companies have battled back against PIN cashing. The newer electronic chips in credit cards (EMV) for Europay, Mastercard, and Visa, are much harder to counterfeit than the older magnetic strip cards. EMV cards use co-called rolling-code technology, generating a new payment code with every purchase. Even so, experts say defending against PIN cashing and other forms of card data theft will require constant vigilance.

Credit and debit card thief can happen at any store, bar, or restaurant where your card is out of your sight during processing. Thieves have portable skimmers which can fit in a pocket and users can illegally scan your card without your knowledge. As an example, in 2018, an Oklahoma City Twin Peaks Restaurant waitress was caught on the surveillance cameras using an ice-cube sized simmer concealed in her pants pocket.

Criminals can also swap out valid card readers at gas stations and other point-of-sale (POS) locations with a modified one. The modified reader will transfer the data over a Bluetooth connection. Keypads may have a 3-D printed overlay which will pick up and transmit your PIN entry. They have even been known to locate small, pin cameras in the goods for sale near store ATMs to record the PIN entries of skimmed cards.

FICO data reports that during 2017, the number of compromised ATM, and point-of-sale devices rose by 8% and that the number of debit cards compromised rose by 10% in the same study.