'What's your password?' Don't tell if it belongs to your automatic teller card

The robbery began at 10:45 p.m. with a telephone call. ''Mr. Farenga? This is Bob Marshall . . . ,'' said a young man. Posing as a bank security officer, he spun an elaborate tale - an old con game with a high-tech twist.

It took two phone calls to convince Patrick Farenga, a Boston free-lance writer, to turn over his bank machine card and password. But once he did, the thief - whom Mr. Farenga did not meet face-to-face - made off with $150, Farenga wrote later in the Boston Phoenix newspaper.

Though theft from automatic bank machines is one of the most visible examples of computer crime, the full extent of thefts from these devices is unknown. Since the mid-1970s, automatic bank machines have sprung up on streetcorners and in shopping malls, food stores, and filling stations. With 36,000 now installed nationwide and predictions that the number will grow steadily through 1994, some computer crime experts are concerned there is potential for significantly more thefts from automatic teller machines (ATMs).

''Bank robbers have traded their tommy guns for terminals,'' says Sanford Sherizen, a computer security consultant who founded Data Security Systems Inc., in Natick, Mass. Already, there have been hundreds of ATM thefts, he says, ranging from con games, like ''Bob Marshall's,'' to blowing up the machine with sophisticated explosives.

In some circles, he says, ATMs have even earned the nickname ''Alternative Theft Mechanisms.'' Also, banks are being warned that a $15, eight-page manual currently is being sold that details how to steal from an ATM - a federal offense.

Although not epidemic, ATM theft ''happens to the point where it's of concern to banks,'' says John Wolff, associate director of the American Bankers Association in Washington, D.C.

The Bank Administration Institute, based in Rolling Meadows, Ill., estimates that, including fraud and errors, the costs run some 1.8 cents per transaction - or roughly $56 million a year. (By contrast, fraud losses alone for Visa and MasterCard credit cards were $126 million in 1982 and are expected to exceed $ 200 million this year.)

But so little computer crime appears to be detected and banks are reluctant to report fraud. Observers say when a bank installs ATMs, its image becomes increasingly tied to the security and reliability of its automatic tellers. Thus , figures on ATM crime - or any other computer crime, for that matter - ''aren't worth repeating,'' says Jay BloomBecker, director of the National Center for Computer Crime in Los Angeles.

And, Sherizen says, most computer criminals are not caught. In the case of the Boston incident described above, authorities managed to arrest David D. Howard in April. He eventually pleaded guilty to larceny involving 10 customers and $14,000, according to federal prosecutors. Three weeks ago, he was sentenced to a year in prison by a federal district judge. Sentences are pending in state court.

To be sure, customers who use ATMs are relatively safe, experts say, providing they take a few precautions:

* Don't give out the password to anyone - a bank will never ask for it. Never write it on the bank card or carry it around in a wallet or purse. Don't choose a birth date for a password, which can easily be determined from the contents of a stolen wallet. Instead, choose a wedding anniversary or some other easy-to-remember date.

* Be aware of the people in the ATM area. Stand in front of the machine so no one can see the password being punched in. Take care not to use an ATM in an isolated location late at night.

Many successful ATM thefts occur not because thieves are technically sophisticated, bankers say, but because they manage to get customers to part with their bank cards and passwords. Often the thieves are from the same household as the bank customer.

More sophisticated criminals aren't likely to be attracted to ATMs because ''there are a lot more easy ways of making money,'' says Donald L. Isaacs, senior vice-president of BayBanks, based in Boston. ''The whole contents of the machine is less than an expensive new car.'' (The most any BayBank ATM contains is $40,000 or $50,000, he says, and unless a criminal can overcome some very tight computer security, he is limited in how much and how often he can make withdrawals.)

Traditionally, New England has lagged behind other regions in numbers of ATMs , says the Bank Administration Institute, and is only now beginning to catch up with such leaders as New York, California, Georgia, Ohio, and Pennsylvania.

The danger is that in New England and other less developed ATM areas, marketing pressures to install the machines will run ahead of protective measures, Mr. BloomBecker says. ''It's so much easier to install the system than make it secure.''

So far, that does not appear to have happened in Boston. The acknowledged leader in New England is BayBanks, which began installing its machines six years ago. Since that time, Mr. Isaacs says there have been a few isolated incidents of fraud, involving relatively minor sums. The bank spends a lot to monitor its ATM security constantly, he adds.

of 5 stories this month > Get unlimited stories
You've read 5 of 5 free stories

Only $1 for your first month.

Get unlimited Monitor journalism.