In the late eighties and early nineties when ATMs entered service, security was not very good, as this fascinating story from The Register show.

The very short summary of the story: a lawyer is hired to help in a class action case against the banks about phantom withdrawals. In his research he discovers that a certain IT department at a bank is involved in the fraud, destroying nearly all security in the system. Before he can tell anyone who cares and who can fix it, he's fired by his clients, effectively barring him from talking about the case. Now, more than 10 years later, he has told his story. But please read the full story, it's really good.

I remember hearing about these “Phantom Withdrawals” here in Denmark when I was a teenager, usually with some comment that you were not liable for more than a certain amount yourself, so it wasn't that dangerous, and that the banks knew what they were doing.

Well, maybe the Danish banks had clue, but at least the British banks were clueless and doing the only thing big companies know how to do when they make a mistake; pretend there's no problem and otherwise keep it as quiet as possible. And they succeeded…

Via Bruce Schneier.