1. Home
  2. General Telecommunications Forum
  3. Analysts: ATMs Highly Vulnerable to Fraud

Analysts: ATMs Highly Vulnerable to Fraud

By BRIAN BERGSTEIN AP Technology Writer

BOSTON (AP) -- By failing to scan security codes in the magnetic strips on ATM and debit cards, many banks are letting thieves get away with an increasingly common fraud at a cost of several billion dollars a year.

A report Tuesday from Gartner Inc., a technology analyst firm, estimates that 3 million U.S. consumers were victims of ATM and debit-card fraud in the past year.

The fraud most commonly begins when a criminal engages in "phishing" _ sending a legitimate-seeming e-mail with a link to a phony Web site that appears to belong to a consumer's bank, Gartner analyst Avivah Litan believes. The e-mail recipients are asked to give their account information, including PIN numbers.

With that information "harvested," fraudsters can make their own cards for automated teller machines and withdraw huge sums.

This should be easily preventable, because the magnetic strips on cards contain multiple tracks. One track has data such as the user's name and account number. A second track contains special security codes that card users don't know. That means the information can't be squeezed out of them in a phishing attack.

Duplicating the codes would require inside knowledge of a bank's security procedures, Litan said. (The inclusion of security codes in records held by a credit and debit card processor, CardSystems Solutions Inc., made that company's massive data breach disclosed this spring especially dangerous.)

Surprisingly, Litan said, perhaps half of U.S. financial institutions have not programmed their ATM systems to check the security codes. Con artists specifically seek out customers of banks that do not validate the second track on the strip, she said.

Litan believes many banks simply didn't know about the vulnerability. Others may have once scanned the codes but stopped because using the codes requires that customers go to a bank and have an ATM card rewritten whenever they want to change their PINs.

That was a costly step that many banks figured they could avoid in pre-phishing days when ATM fraud was rare.

-

formatting link

Reply to
Monty Solomon
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.