Tuesday, August 02, 2005
There are a series of articles circulating in the press stating that ATM/Debit Card Fraud is on the rise. A recently published report claims that about half the banks fail to check security codes when processing transactions.
The report by Gartner Inc., claims that fraudsters took $2.75 billion from consumer accounts in the past year. Gartner claims that about 70 percent of these losses could have been avoided if the security information imbedded in the magnetic strip had been checked rather than relying on account numbers and pin numbers. Another problem cited is the relative ease with which a pin (personal identification number) can be changed by telephone, or over the internet.
A lot of this has been caused by a noted increase in phishing. For more information on the increase in this activity, please read:
Another, old-fashioned means, not reported in these articles is when a encoding device is attached to a point of sale (register) system and card information is downloaded to a remote computer (normally a laptop). A hidden camera is then placed above the pin pad and the pin is recorded. This can easily be avoided by hiding your pin number when inputting it on a pad.
The same thing can be accomplished when a fake ATM Machine is set up, which copies the information off the magnetic strip and a hidden camera records the pin. Again, it is recommended that you always conceal your pin number when entering it.
No matter how the information is obtained, fraudsters normally create a cloned card and then are able to use it at ATM machines and or retailers accepting ATM cards. Although, in most instances, the money is returned to the victim by their bank, it causes a harship for the person going through the process. I would also guess that the true cost must be passed on to the consumer in the form of increased fees in order for the financial institutions to stay profitable.
The report was based on a survey of 5,000 consumers in May and discussions with professionals in the industry. The banks are questioning this, but the report is backed up by a prominent member of the Anti-Phishing-Working-Group. Their website is:
For one of the articles by Reuters, click on the title at the top of this post.