http://www.kriptopolis.org/caso-citibank-revela-problemas-seguridad-pinSorry, i cannot post the english translation, do not know what happens.
When i copy and then paste here the result of the translation i get this:
A few days ago we reported in Kriptópolis the existence of an intrusion into Citibank servers that control the transactions of their ATMs in the commercial chain 7-Eleven, which was denounced by the bank to the FBI last February 1.
Pues bien; los detalles que se van conociendo no resultan muy tranquilizadores para los usuarios de cajeros automáticos.
Well, the details that are experiencing not very reassuring for users of ATMs.
Al parecer los intrusos esta vez ni siquiera tuvieron que tocar los cajeros, sino que interceptaron los PIN (números secretos personales) inexplicablemente sin cifrar en el lado de los ordenadores que procesan las transacciones, que cada vez con más frecuencia utilizan Microsoft Windows (esto no lo digo yo, sino The New York Times
...
Apparently the intruders this time even had to touch the teller, but intercepted the PIN (personal secrets numbers) inexplicably unencrypted on the side of computers that process transactions, which increasingly use Microsoft Windows (this does not I say it myself, but The New York Times
...
MANUAL CORRECTION: Apparently the intruders this time did not even have to touch....
Aunque los estándares de la industria obligan a utilizar cifrado fuerte, se sospecha que algunos operadores no lo están empleando adecuadamente.
Although industry standards require use of strong encryption, it is suspected that some operators are not used properly.
MANUAL CORRECTION: it is suspected that some operators are not using it properly
Queda por explicar cómo los intrusos ganaron acceso a los ordenadores que autorizan y procesan las operaciones de los cajeros, pero existe una progresiva tendencia a que estas máquinas puedan ser diagnosticadas y reparadas de forma remota a través de Internet.
It remains to explain how the intruders gained access to computers which allow processing operations and cash, but there is a gradual tendency for these machines can be diagnosed and repaired by remotely via the Internet.