Skip to content
This site uses cookies. By continuing to browse, you agree to the use of cookies. You can change your settings or learn more here.
Devices like FLIR-ONE can be used to detect the heat signature someone leaves after entering in their PIN.
Devices like FLIR-ONE can be used to detect the heat signature someone leaves after entering in their PIN.
Image: TheJournalTech/Twitter

You'll need to be extra careful the next time you visit an ATM

Now you have to worry about what heat signature you leave when using one.
Mar 25th 2015, 8:30 PM 44,052 47

IRISH PEOPLE ARE being warned to take extra precautions when using an ATM as there’s a new way  for thieves to discover your card’s PIN.

Thieves have started using thermal heating services like FLIR-ONE, an add-on case or dongle that you can attach to your iPhone or Android device, to see the heat signature left by those using an ATM.

By picking up the thermal signatures left by a customer, they can figure out what your PIN code is and the order they were pressed.

Tom O’Connor, managing director at online security company, said they first encountered the method a month and a half ago and it’s a problem he believes will continue to grow.

“There have been a number of them around in Dublin, and they’re in use at the moment,” says O’Connor. “Around the country, there are a number of ATMs with plastic buttons which hold the heat [signature] for longer than the metal buttons… the banks and credit cards companies are not ready for it.”

This is combined with another method to get the card’s details. The first is to pickpocket the card while the second method is to use a RFID (Radio Frequency Identification) scanner to download the card details. The latter would require the user to get close to the card before they can attempt downloading the information.

So how do you overcome this problem? O’Connor recommends that you rest your fingers on random keys after you’ve entered in your PIN for a few extra seconds, especially if it uses plastic buttons as they hold in heat for a longer period. That way, nobody can tell which keys you’ve pressed and there’s less risk of you being compromised.

Overall, he recommends people to be vigilant and to keep their cards close to them at all times as the responsibility is put on the consumer, not the banks or card makers.

When someone steals from you, the bank categorically denies that there’s any possible way to get someone’s PIN code. [When it happens], the liability for the losses are pushed back onto the customer rather than being covered by the credit card companies the way it used to be.

Read: Don’t want sites tracking your activity? Here’s how you can ask them to stop >

Read: These fake Apple employees try talking people into buying rival products instead >

Send a tip to the author

Quinton O'Reilly


    Back to top