Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

Kernel Space/Linux

Red Hat News

openSUSE Tumbleweed: A Linux distribution on the leading edge

So, to summarize: openSUSE Tumbleweed is a good, solid, stable Linux distribution with a wide range of desktops available. It is not anything particularly exotic or unstable, and it does not require an unusual amount of Linux expertise to install and use on an everyday system. To make a very simple comparison, in my experience installing and using Tumbleweed is much less difficult and much less risky than using the Debian "testing" distribution, and it is kept much (much much) more up to date than openSUSE Leap, Debian "stable", Linux Mint or Ubuntu. I don't say that to demean any of those other distributions. As I said at the end of my recent post about point-release vs. rolling-release distributions, if your hardware is fully supported by one of those point-release distributions, and you are satisfied with the applications included in them, then they are certainly a good choice. But if you like staying on the leading edge, or if you have very new hardware which requires the latest Linux kernel and drivers, or you just want/need the latest version of some application (in my case this would be digiKam), then openSuSE could be just what you want. Read more Also: Google Summer of Code 2017

Graphics in Linux

  • 17 Fresh AMDGPU DC Patches Posted Today
    Seventeen more "DC" display code patches were published today for the AMDGPU DRM driver, but it's still not clear if it will be ready -- or accepted -- for Linux 4.12. AMD developers posted 17 new DC (formerly known as DAL) patches today to provide small fixes for Vega10/GFX9 hardware, various internal code changes, CP2520 DisplayPort compliance, and various small fixes.
  • libinput 1.7.0
  • Libinput 1.7 Released With Support For Lid Switches, Scroll Wheel Improvements
    Peter Hutterer has announced the new release of libinput 1.7.0 as the input handling library most commonly associated with Wayland systems but also with Ubuntu's Mir as well as the X.Org Server via the xf86-input-libinput driver.
  • Nouveau TGSI Shader Cache Enabled In Mesa 17.1 Git
    Building off the work laid by Timothy Arceri and others for enabling a TGSI (and hardware) shader cache in the RadeonSI Gallium3D driver as well as R600g TGSI shader cache due ot the common infrastructure work, the Nouveau driver is now leveraging it to enable the TGSI shader cache for Nouveau Gallium3D drivers.