Report: ATM fraud on the rise

Share this article:
Nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008, according to a report released Tuesday by Javelin Strategy & Research.

The report, which is based on a telephone and online survey of 8,168 consumers, found that 10 percent of all fraud victims had cash withdrawn from their accounts via fraudulent ATM transactions. Twenty-three percent of those who experienced fraudulent withdrawals left their primary financial institution.

Using an ATM machine can place consumers' data at risk in several ways, according to Adam Bosnian, VP of products, strategy and sales at privileged identity management solutions vendor Cyber-Ark Software.

Thieves may place legitimate-looking hardware skimmers on the face of an ATM machine that copy information from the magnetic strip of a card, for example. In addition, thieves could use spy cameras or Bluetooth wireless communications to obtain PIN numbers and credit card data, Bosnian said.

According to the Javelin report, ATM fraud is not only growing in prevalence, but also in sophistication.

“Skimming attacks, the most basic, are being replaced with attacks on the software inside ATMs and ATM networks,” the report states.

Often, these types of attacks are carried through the exploitation of legacy hardware and software vulnerabilities that are present in machines. In addition, attackers can use various hacking methods to gain access to an organization's network and obtain credit and debit card information in bulk, Bosnian said.

Despite the ample risks, consumers are not consistently being protected by their banks from ATM fraud, the survey found. However, certain banks – including Bank of America, Chase, Citibank and Wells Fargo – were found in the survey to be the best at covering fraudulent ATM withdrawals.

To protect consumers from ATM fraud, financial institutions should educate consumers about typical skimming techniques and offer zero-liability protection that includes PIN credit and debit card losses, the report said. 

In addition, ATM vendors should use “anti-skim” designs for their ATM surface and keyboards. Also, ATM vendors should use Payment Card Industry (PCI)-certified components to guard against common software vulnerabilities that can be exploited.

“It is expected that ATM PIN fraud will increase unless comprehensive layered security is used to mitigate the risk,” the report states.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in ...

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.