Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

FileZilla 3.10.1 Released With Bug Fixes And Some Minor Changes Install In Ubuntu/Linux Mint


Picture

FileZilla is free and Open-Source ftp/sftp client with features FTPSFTP and FTPS (FTP over ssl/TLS). It has a very nice and easy to use user interface.FileZilla 3.10.1 released yesterday with bug fixes and minor changes.
 
 
 
 
 
 

Read at LinuxAndUbuntu

Flattr Is the Icon Pack with the Flattest Icons for Linux Systems – Gallery

Users who like flat icons might want to give Flattr a try. It's probably the flattest theme that you can find on the Linux platform and it's been recently updated. Read more

BackBox Linux 4.1 Is a Powerful Penetration Testing Distro Based on Ubuntu 14.04.1

BackBox Linux is a distribution based on Ubuntu 14.04.1 LTS, that is built to perform penetration tests and security assessments. A new version has been released and is now available for upgrade and testing. Read more

Airdroid - Transfer Files Between Android Phones/Tablets And Linux (Any Distribution)

 
airdroid transfer file between android phone/tablet and linux mint ubuntu
We often need to transfer large amount data in the form of mp3 Songs, Video Songs, Movies and most importantly, large Games between android phones/tablets and Linux machine. Transferring via USB cable takes time, so let's do it with 'Airdroid' easily and quickly.
 
 
 
 

Read at LinuxAndUbuntu