Citibank probes ATM withdrawals

07.03.2006
Citibank has put a transaction block on an unspecified number of Citi-branded MasterCard debit and credit cards used in three countries because of fraudulent automated teller machine (ATM) cash-withdrawal activity, the company said in a statement Monday.

The statement was issued after Boing Boing, a popular online blog site, carried a story detailing the problems a Citibank customer had while trying to access his account from Canadian ATM machines. The story suggested that the individual may have been the victim of ATM fraud involving Citibank cards in Canada, Russia and the U.K.

Apparently in response to widespread publicity about the blog posting, Citibank issued a brief statement confirming the ATM fraud without disclosing any details. "Recently, we became aware of fraudulent ATM cash withdrawals on Citi-branded MasterCard credit and debit cards used in three countries on customer accounts that had been possibly compromised in previous retailer breaches in the U.S.," the company said. "To protect customer accounts that were affected, we placed a special transaction block in those three countries on PIN-based transactions."

The statement went on to add that Citibank is currently reissuing cards to affected customers. "Protecting our customers' accounts and personal information is one of our highest priorities," the statement said.

The fact that the fraud involves ATM cash withdrawals using personal identification numbers (PIN) suggests that it may be the result of massive "card-skimming" activity, said Avivah Litan, an analyst at Gartner Inc. in Stamford, Conn.

"What seems to be happening at Citibank is that they are stopping ATM cash withdrawals, which means somebody got their PINs," Litan said. "There are two general ways you can steal a PIN. One is through card skimming; the other is through phishing,"