Report: ATM fraud on the rise

Share this article:
Nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008, according to a report released Tuesday by Javelin Strategy & Research.

The report, which is based on a telephone and online survey of 8,168 consumers, found that 10 percent of all fraud victims had cash withdrawn from their accounts via fraudulent ATM transactions. Twenty-three percent of those who experienced fraudulent withdrawals left their primary financial institution.

Using an ATM machine can place consumers' data at risk in several ways, according to Adam Bosnian, VP of products, strategy and sales at privileged identity management solutions vendor Cyber-Ark Software.

Thieves may place legitimate-looking hardware skimmers on the face of an ATM machine that copy information from the magnetic strip of a card, for example. In addition, thieves could use spy cameras or Bluetooth wireless communications to obtain PIN numbers and credit card data, Bosnian said.

According to the Javelin report, ATM fraud is not only growing in prevalence, but also in sophistication.

“Skimming attacks, the most basic, are being replaced with attacks on the software inside ATMs and ATM networks,” the report states.

Often, these types of attacks are carried through the exploitation of legacy hardware and software vulnerabilities that are present in machines. In addition, attackers can use various hacking methods to gain access to an organization's network and obtain credit and debit card information in bulk, Bosnian said.

Despite the ample risks, consumers are not consistently being protected by their banks from ATM fraud, the survey found. However, certain banks – including Bank of America, Chase, Citibank and Wells Fargo – were found in the survey to be the best at covering fraudulent ATM withdrawals.

To protect consumers from ATM fraud, financial institutions should educate consumers about typical skimming techniques and offer zero-liability protection that includes PIN credit and debit card losses, the report said. 

In addition, ATM vendors should use “anti-skim” designs for their ATM surface and keyboards. Also, ATM vendors should use Payment Card Industry (PCI)-certified components to guard against common software vulnerabilities that can be exploited.

“It is expected that ATM PIN fraud will increase unless comprehensive layered security is used to mitigate the risk,” the report states.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.