Report: ATM fraud on the rise

Share this article:
Nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008, according to a report released Tuesday by Javelin Strategy & Research.

The report, which is based on a telephone and online survey of 8,168 consumers, found that 10 percent of all fraud victims had cash withdrawn from their accounts via fraudulent ATM transactions. Twenty-three percent of those who experienced fraudulent withdrawals left their primary financial institution.

Using an ATM machine can place consumers' data at risk in several ways, according to Adam Bosnian, VP of products, strategy and sales at privileged identity management solutions vendor Cyber-Ark Software.

Thieves may place legitimate-looking hardware skimmers on the face of an ATM machine that copy information from the magnetic strip of a card, for example. In addition, thieves could use spy cameras or Bluetooth wireless communications to obtain PIN numbers and credit card data, Bosnian said.

According to the Javelin report, ATM fraud is not only growing in prevalence, but also in sophistication.

“Skimming attacks, the most basic, are being replaced with attacks on the software inside ATMs and ATM networks,” the report states.

Often, these types of attacks are carried through the exploitation of legacy hardware and software vulnerabilities that are present in machines. In addition, attackers can use various hacking methods to gain access to an organization's network and obtain credit and debit card information in bulk, Bosnian said.

Despite the ample risks, consumers are not consistently being protected by their banks from ATM fraud, the survey found. However, certain banks – including Bank of America, Chase, Citibank and Wells Fargo – were found in the survey to be the best at covering fraudulent ATM withdrawals.

To protect consumers from ATM fraud, financial institutions should educate consumers about typical skimming techniques and offer zero-liability protection that includes PIN credit and debit card losses, the report said. 

In addition, ATM vendors should use “anti-skim” designs for their ATM surface and keyboards. Also, ATM vendors should use Payment Card Industry (PCI)-certified components to guard against common software vulnerabilities that can be exploited.

“It is expected that ATM PIN fraud will increase unless comprehensive layered security is used to mitigate the risk,” the report states.

Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.