Depends on the time frame and the ATMs being used.

I don't think all ATMs require chipped cards yet, and its still common to have a debit card issued with a magstripe. If the GP used their debit card to pay for things it could have easily been duped. My bank issued me a new card for an account a few years ago; it still has a magstripe and I assume can still be used at magstripe-only ATMs.

If it was even a few years ago, a lot of ATMs would have still worked with just a stripe. It's a bit more difficult to find these days, but old ATMs still running OS/2 WARP are still around and kicking.

Its frustrating so many banks and what not are still issuing cards with magstripes. These days wipe the cards I use most with a magnet to try and mess up the magstripe. I don't want to ever use it. Generally speaking, if they can't take chipped cards, tap to pay, or cash I'm not doing business with them.

Yeah I get that the magstripe can be copied, but GP was referring to a phishing attack.

They probably copied the magstripe, but couldn't do a straight at withdraw without stripe+pin.

Far easier to track/reverse a debit transaction done as a credit card network than debit requiring PIN.

My understanding is that they had a programmable card. This might have been just before chips became widespread in America. Or, maybe there's still a way to withdraw with only the information visible on the card.