Report: ATM fraud on the rise

Share this article:
Nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008, according to a report released Tuesday by Javelin Strategy & Research.

The report, which is based on a telephone and online survey of 8,168 consumers, found that 10 percent of all fraud victims had cash withdrawn from their accounts via fraudulent ATM transactions. Twenty-three percent of those who experienced fraudulent withdrawals left their primary financial institution.

Using an ATM machine can place consumers' data at risk in several ways, according to Adam Bosnian, VP of products, strategy and sales at privileged identity management solutions vendor Cyber-Ark Software.

Thieves may place legitimate-looking hardware skimmers on the face of an ATM machine that copy information from the magnetic strip of a card, for example. In addition, thieves could use spy cameras or Bluetooth wireless communications to obtain PIN numbers and credit card data, Bosnian said.

According to the Javelin report, ATM fraud is not only growing in prevalence, but also in sophistication.

“Skimming attacks, the most basic, are being replaced with attacks on the software inside ATMs and ATM networks,” the report states.

Often, these types of attacks are carried through the exploitation of legacy hardware and software vulnerabilities that are present in machines. In addition, attackers can use various hacking methods to gain access to an organization's network and obtain credit and debit card information in bulk, Bosnian said.

Despite the ample risks, consumers are not consistently being protected by their banks from ATM fraud, the survey found. However, certain banks – including Bank of America, Chase, Citibank and Wells Fargo – were found in the survey to be the best at covering fraudulent ATM withdrawals.

To protect consumers from ATM fraud, financial institutions should educate consumers about typical skimming techniques and offer zero-liability protection that includes PIN credit and debit card losses, the report said. 

In addition, ATM vendors should use “anti-skim” designs for their ATM surface and keyboards. Also, ATM vendors should use Payment Card Industry (PCI)-certified components to guard against common software vulnerabilities that can be exploited.

“It is expected that ATM PIN fraud will increase unless comprehensive layered security is used to mitigate the risk,” the report states.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.