PIN ENTERED, CASE CLOSED — Why ATM and Checkout Fraud Is Still the Bank’s Problem

Written By Myrah Del Rosario

You check your bank account and see money gone

withdrawn from an ATM or spent at a checkout terminal. You know you didn’t make the transaction. You didn’t hand over your card. You didn’t share your PIN. Yet when you report the fraud, the bank responds with a familiar line:

“Our records show the PIN was entered. That means it had to be you.”

That conclusion sounds definitive. It isn’t.

Banks have long known that criminals can steal debit card data and PINs without a cardholder ever realizing it. R23 Law’s California Consumer Protection Attorneys regularly see banks rely on outdated assumptions to deny valid fraud claims.

The Reality Banks Don’t Like to Admit

Criminals have been stealing debit card information and PINs at ATMs and point-of-sale terminals for years. The methods are well-documented and widely understood in the financial industry.

Common techniques include:

  • Skimmers paired with hidden cameras to capture card data and PINs

  • Deep-insert skimmers placed inside ATM card slots

  • Fake keypad overlays at gas stations and retail checkouts

  • Malware installed on compromised ATMs or POS systems

  • Cloned cards created once data and PINs are captured

Law enforcement agencies and regulators have warned about these schemes for years. When banks claim “PIN used equals customer fault,” they are ignoring what the industry already knows.

Why “PIN Used” Does Not Prove Authorization

Under the Electronic Fund Transfer Act (EFTA), the burden is not on the consumer to prove fraud. The burden is on the bank to prove that a transaction was authorized.

The mere fact that a PIN was entered does not establish authorization. A cloned card with a stolen PIN can be used anywhere while the cardholder is somewhere else entirely.

Banks are required to investigate—not assume.

Evidence Matters, and the Truth Eventually Comes Out

When ATM or checkout fraud is disputed, objective evidence often exists:

  • Location data showing the cardholder was elsewhere

  • Receipts, travel records, or witnesses

  • ATM or store surveillance footage

  • Transaction timing inconsistent with the customer’s activity

Banks do not always retrieve or review this evidence unless they are forced to do so.

When Denials Become Legal Violations

If a bank closes a fraud claim based solely on “PIN used” without conducting a reasonable investigation, it may be violating federal law.

Under the EFTA, improper denials can result in:

  • Reimbursement of stolen funds

  • Statutory damages

  • Attorneys’ fees and costs

These consequences exist because consumers cannot access internal banking systems or security data on their own.

Contact R23 Law Today

If a bank denied an ATM or checkout fraud claim by claiming the PIN was used, experienced consumer protection counsel matters.

Toll-Free: 310-598-1588
Email: info@R23Law.com

Myrah Del Rosario
Previous

BLAMED FOR THE SCAM — Why Banks Still Owe Refunds After Fraud
Next

PAYING IT MAKES IT WORSE — Why Identity Theft Debt Should Never Be Settled