Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

today's howtos

Graphics: NVIDIA, Nouveau, X.Org Server

  • NVIDIA Making Progress On Server-Side GLVND: Different Drivers For Different X Screens
    While NVIDIA isn't doing much to help out Nouveau, at least the company is contributing to the open-source Linux graphics ecosystem in other ways. In addition to presenting at XDC2017 this week on the Unix device memory allocator API and DeepColor / HDR support, they also presented on server-side GLVND. Server-side GLVND is separate from the client-side GLVND (OpenGL Vendor Neutral Dispatch Library) that evolved over the past few years and with modern Linux systems is supported both by Mesa and the NVIDIA binary driver. Server-side GLVND can help PRIME laptops and other use-cases like XWayland where potentially dealing with multiple GPU drivers touching X.
  • Nouveau Developers Remain Blocked By NVIDIA From Advancing Open-Source Driver
    Longtime Nouveau contributors Martin Peres and Karol Herbst presented at this week's XDC2017 X.Org conference at the Googleplex in Mountain View. It was a quick talk as they didn't have a whole lot to report on due to their open-source NVIDIA "Nouveau" driver efforts largely being restricted by NVIDIA Corp.
  • X.Org Server 1.20 Expected Around January With New Features
    X.Org Server 1.19 is already almsot one year old and while X.Org is currently well off its six month release cadence, version 1.20 is being figured out for an early 2018 release. Adam Jackson of Red Hat who has been serving as the xorg-server release manager held a quick session on Friday at XDC2017 to figure out what's needed for X.Org Server 1.20. His goal is to see X.Org Server 1.20 released in time for making the Fedora 28 version. For that to happen nicely, he's hoping to see xorg-server 1.20 released in January. The Fedora 28 beta freeze is the middle of March so there is still time for the 1.20 release to slip while making the F28 Linux distribution update.

ASUS Launches Its Thinnest and Lightest Flippable Chromebook, the Flip C101

ASUS announced a new Chromebook on its website, the Flip C101, which is a smaller and lightweight version of the C302 model. Featuring a 10.1-inch touchscreen display, the all-new Chromebook is priced at only $299 in the US. Read more

FreeBSD 10.4-RC2 Now Available

The second RC build of the 10.4-RELEASE release cycle is now available. Read more