Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp

More in Tux Machines

Yorba Group, Developers of Geary and Shotwell, Is No Longer Active

The Yorba Foundation, a group of developers working on applications like Geary or Shotwell, is no more, and the projects are now available through the GNOME stack. Read more

Cloudy Issues and the Perfect Distro

Today in Linux news, Bruce Byfield hits the cloud nail on the head with his thoughts on the cloud. Are folks sacrificing the independence gained by switching to Linux by trusting cloud vendors? Elsewhere, Bryan Lunduke ponders the perfect Linux distribution and an update on the new Debian Live emerged. Pavlo Rudyi posted a look back at GIMP's 20 years and Samuel Mehrbrodt discussed improving LibreOffice's toolbars. Read more

AMD's Radeon Software Crimson doesn't live up to the hype on Linux

Good news, gamers! AMD just launched Radeon Software Crimson for both Windows and Linux. The Windows drivers saw some serious improvements and contain a slick new control panel. But despite promises of performance improvements for games on Linux, little has changed on open-source operating systems. These are the same old Linux drivers with some new branding. Read more

The Linux approach to human and ecosystem well-being

In the end, what the horizontal economy aims to pursue is a system of distributed governance, reinvigorating citizens’ inputs into both political and economic processes. In a sense, it is the Linux approach to human and ecosystem well being. Read more