The criminals are counting on that gap between awareness and action
In an age when the ordinary act of withdrawing cash has become a potential point of vulnerability, cybersecurity specialist María Aperador is urging the public to look more carefully at the machines they trust with their financial lives. Criminals, she warns, are exploiting the invisibility of skimming devices at ATMs to clone bank cards and drain accounts before victims even sense something is wrong. Her alert is less about a new crime than about an old one that persists because human habit and criminal patience make a reliable partnership. The first defense, she reminds us, is simply knowing that the threat exists.
- Card cloning at ATMs continues to claim victims precisely because the fraud is designed to be invisible — everything looks normal until the money is gone.
- Skimming hardware attached to card slots, paired with hidden cameras capturing PINs, gives criminals everything they need to create a working duplicate of your card.
- Victims face not only immediate financial loss — sometimes thousands of dollars — but also the prolonged stress of disputed charges, delayed refunds, and the shadow of potential identity theft.
- Aperador is pushing consumers to break passive habits: inspect ATMs for tampering, shield the keypad when entering a PIN, and favor bank-branch machines over isolated ones.
- Safer alternatives — mobile banking apps, contactless payments, and in-branch transactions — are being positioned as practical shields against this specific and persistent threat.
María Aperador has built her career studying how criminals exploit the gaps between what people assume is safe and what actually is. Her latest warning focuses on a scheme that thrives in plain sight: the cloning of bank cards at ATMs.
The mechanics are deceptively simple. A skimming device, installed over a machine's card slot, silently copies the magnetic stripe data from every card inserted. A hidden camera captures the PIN. With both pieces of information, a criminal can manufacture a functional duplicate card and begin withdrawing funds — often before the account holder notices anything unusual on their statement.
What gives this fraud its staying power is its invisibility. The ATM looks normal. The transaction feels routine. The cash is dispensed. Only days later, when unauthorized withdrawals appear, does the victim understand what happened — and by then, the thief is long gone.
The human cost is concrete: lost money, disputed charges, anxious weeks waiting for refunds, and in some cases, the broader unraveling that comes with identity theft. Aperador's response is practical. She advises inspecting ATMs before use — checking for loose card slots, unusual attachments, anything misaligned. She recommends covering the keypad when entering a PIN. She encourages people to shift toward bank-branch ATMs, mobile banking apps, and contactless payments wherever possible.
The deeper point she is making is that financial security has become a shared responsibility. The gap between knowing a threat exists and actually changing behavior is exactly where criminals operate. Closing that gap, Aperador argues, is the most accessible defense any individual has.
María Aperador has spent years watching how criminals think. As a cybersecurity expert, she tracks the methods they use to separate people from their money—and lately, she's been sounding an alarm about one scheme in particular: thieves are cloning bank cards right at the ATM.
The scam works like this. A criminal installs a skimming device on an ATM—hardware that reads and copies the data from your card's magnetic stripe when you insert it. At the same time, they may have placed a hidden camera nearby to capture your PIN. Once they have both pieces of information, they can clone your card: create a duplicate that looks and functions like the real thing. Then they use it to drain your account, often before you even realize something is wrong.
What makes this threat particularly insidious is its invisibility. You walk up to what appears to be a normal ATM. You insert your card. You enter your PIN. Everything feels routine, secure, official. The machine dispenses your cash. You leave. Days later, you notice unauthorized withdrawals on your statement—money gone, and the thief is already long gone with a cloned card in their pocket.
Aperador's warning comes at a moment when financial fraud is evolving faster than many consumers can keep pace with. Card cloning at ATMs is not new, but it remains effective precisely because most people don't inspect machines for tampering before using them. The criminals are patient. They install a skimmer, wait for victims, collect data, and disappear. By the time a bank flags suspicious activity, the damage is done.
The human cost is immediate and concrete. Victims lose money—sometimes thousands of dollars. They face the hassle of disputing charges, waiting for refunds, and dealing with the anxiety that comes from knowing their financial information has been compromised. In some cases, card cloning opens the door to broader identity theft, where criminals use stolen data to open new accounts or make purchases in the victim's name.
Aperador's advice is straightforward: before using any ATM, inspect it carefully. Look for loose or misaligned card slots, unusual attachments, or anything that seems out of place. Cover the keypad with your hand when entering your PIN—this prevents cameras from capturing it. Better still, consider shifting to alternatives: use ATMs inside banks during business hours, where security is tighter. Use your bank's mobile app to withdraw cash or check balances. Use contactless payments whenever possible. These methods don't eliminate risk entirely, but they reduce your exposure to the specific threat of card cloning.
The broader lesson is that financial security now requires active participation. Banks and ATM operators do their part, but the person standing at the machine—you—has to stay alert. Aperador's warning is a reminder that the most sophisticated security system in the world can't protect you if you don't know what to look for. The criminals are counting on that gap between awareness and action. Closing it is the first line of defense.
Notable Quotes
Aperador advises inspecting ATMs for tampering, covering the keypad when entering your PIN, and considering mobile banking or contactless payments as safer alternatives— María Aperador, cybersecurity expert
The Hearth Conversation Another angle on the story
Why is card cloning at ATMs still such an effective crime when banks have had years to address it?
Because it's invisible and low-risk for the criminal. They install a device, walk away, and collect data passively. By the time a victim notices, the cloner is gone. Banks can't guard every machine every second.
What makes someone like Aperador decide to go public with a warning like this?
She's seen the pattern repeat. The scam works, victims suffer, and most people don't know it's happening. Speaking up is her way of shifting the odds—if enough people inspect their ATMs and cover their PINs, the crime becomes less profitable.
Is there a moment when someone realizes they've been cloned, or does it always come as a surprise?
Almost always a surprise. You check your account days later and see withdrawals you didn't make. That's when the panic sets in—you realize someone had access to your card and your PIN simultaneously.
Why would someone use an ATM at all if the risk is this real?
Because cash is still necessary for many transactions, and most ATMs are safe. The risk is real but manageable if you're paying attention. The criminals are counting on people not paying attention.
What does Aperador think is the future of this particular scam?
It will persist as long as ATMs exist and criminals can install devices without detection. The technology might evolve, but the basic principle—intercept data, clone the card, drain the account—remains effective.