As we move more and more of our financial transactions away from cash and toward end to end electronic transactions, our systems have to become more reliable and more secure.
But a lot of systems were designed and implemented prior to ubiquitous worldwide access via the Internet, and the security that worked okay then has to be regularly scrutinized and tested today.
Hackers figured out how to steal PINs and the encryption keys used to decode PINs from Citibank.. It is the latter that is the real problem. Merchants are apparently not erasing all of the data from a debit card transaction once it is complete, and hackers figured out to read the data, giving them access to thousands of PINs and the associated accounts. The Citibank problem is only with debit cards, but it is a warning to banks, merchants, and credit card processors that security reviews and testing have to be part of the normal IT budget.