Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

today's leftovers

  • Dawn of the data center operating system
    How microservices architecture and Linux containers will tame distributed computing for developers and ops
  • 30 Sys Admins to Follow on SysAdmin Day
    Systems administrators: They keep our high-tech world up and running. From capacity planning, to 3 a.m. phone calls, to retiring that 10-year-old server that uses more power than your whole house, sys admins do it all. Open source communities would not be able to thrive without the networks, services, and tools that allow for communication and collaboration, and sys admins are the ones who work thanklessly year-round to keep them going. July 31 is System Administrator Appreciation Day, a day for all of us to express our undying gratitude for sys admins. Sure, you could buy your favorite sys admin cake and ice cream, or perhaps a nice gift card. You could even go as far as not breaking the server for just one day. You also can follow these 30 sys admins.
  • See What Systemd 223 Brings New
  • Sparkfun's pcDuino Acadia Benchmarks Against Other ARM SBCs
    Sparkfun's pcDuino Acadia os a $119 USD development board powered by a Freescale i.MX6 quad-core Cortex-A9 SoC with Mali 400 graphics. There's 1GB of RAM and other connectivity options for this board.
  • Linux Based Solus OS Now Boots in Flat 1.2 Seconds
    Solus OS is a Linux distro that was built from scratch and uses a new desktop environment called Budgie. You can consider it as the next version of the Solus OS as it was built by the same developer team, so they didn’t bother changing the name for a new operating system.
  • Arch Linux 2015.08.01 Has Been Released. Upgrade Now!
    Arch Linux 2015.08.01 has been released and is powered by Kernel 4.1 and includes all the update patches since the 1st of July 2015.
  • uReadIt 3 – The Best Reddit Client For Ubuntu Touch
    As you may know, uReadIt is an open-source Reddit client for Ubuntu Touch, being one of the best native apps for Ubuntu mobile.
  • You Can Now Watch Flash Content With MPV On Ubuntu
    As you may know, Adobe Flash is not the safest thing on the internet this days. Mozilla even disabled it from the Firefox browser a while, due to the vulnerabilities found lately.
  • Ubuntu MATE 15.04 Running on the Rikomatic MK808B
    Ubuntu MATE, the latest member of the Ubuntu family, has been spotted running on the MK808B Plus Quad-Core mini TV box device. The device runs with Android 4.4 by default, but a third party developer has tweaked it to run Ubuntu.
  • LEGO Smart Home
    We spoke to Bhavana Srinivas and Geremy Cohen from PubNub about their LEGO Smart Home model, a proof of concept project that shows how you can use the Raspberry Pi with communication platform PubNub in order to automate your household electronics and other Internet of Things devices. You can read the full piece in the latest issue.
  • Compact module runs Linux on quad-core Braswell
    Congatec announced a compact, low power computer-on-module based on Intel’s 14nm “Braswell” SoCs, and featuring triple display outputs, and up to 4K video.

Leftovers: Software

today's howtos

Leftovers: Gaming