Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

Five budget-friendly open source storage servers

Open source servers are a good choice for many enterprise storage needs. Here are five excellent tools that are ready to help you build and deploy. Read more

Manjaro Linux Xfce 15.09 RC1 Features Linux Kernel 4.1 LTS and Xfce 4.12

Philip Müller, the lead developer and creator of the Manjaro Linux project, had the pleasure of announcing the immediate availability for download of the first Release Candidate build of the upcoming Manjaro Linux Xfce 15.09 distribution. Read more

Google Chrome 46 Enters Beta with Flexible Animations, Optimized Image Loading

After announcing the promotion of the Google Chrome 45 web browser to the stable channel on September 1, Google pushed earlier today, September 2, the Chrome 46 web browser to the Beta channel for testers worldwide. Read more

Phoronix offers some criticism of KDE software, and this is how KDE deals with it

About a month ago, Eric Griffith posted an article on Phoronix where he compared Fedora’s KDE spin to the main Fedora Workstation which uses GNOME. In that article, Eric described a number of issues that he became fully aware of when comparing his favorite desktop environment, Plasma (and the KDE applications he regularly uses) with GNOME’s counterparts. I read that article, shared it with other KDE designers and developers, and we came to the conclusion that yes, at least some of the issues he describes there are perfectly valid and clearly documented. And since KDE does listen to user feedback if it makes sense, we decided we should do something about it. Read more