Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

today's leftovers

  • Key Question: Is Bundling Proper?
    In both cases, bundling is either a restraint of trade or simply a wasted motion. You don’t paint a house green only to paint it red if you have any sense. The right way to do IT is to make your choice and buy/acquire what you need to accomplish your goals in the most efficient manner possible. Bundling exclusively That Other OS with all PCs was only good for an illegal monopolist and its “partners” in crime. This is not about denying businesses profits. It’s about competition in the market and freedom for users/buyers to have choice.
  • Dell Gets An Airplane Mode Switch Driver In Linux 4.2
  • Call for hosts for GUADEC 2016
    GUADEC is the biggest gathering of GNOME users and developers, which takes place in Europe every year. It includes conference days, the GNOME Foundation annual general meeting and hacking in a week of coding and discussion.
  • 4MLinux 13.0 Screencast and Screenshots
  • Tumbleweed is rolling again
    Opensuse Tumbleweed has been static since the 20150612 snapshot. But today the 20150630 snapshot was released. We are moving again.
  • openSUSE Tumbleweed net-tools vs net-tools-deprecated
  • PostgreSQL 9.5 in Debian
    The package is also waiting in NEW to be accepted for Debian experimental.
  • DUCK challenge at DebConf15
  • Upgrades to Jessie, Ruby 2.2 transition, and chef update
    Last month I started to track all the small Debian-related things that I do. My initial motivation was to be concious about how often I spend short periods of time working on Debian. Sometimes it’s during lunch breaks, weekends, first thing in the morning before regular work, after I am done for the day with regular work, or even during regular work, since I do have the chance of doing Debian work as part of my regular work occasionally. Now that I have this information, I need to do something with it. So this is probably the first of monthly updates I will post about my Debian work. Hopefully it won’t be the last.
  • Avalue debuts Braswellian COMs and an SBC
    Avalue unveiled three Linux-friendly embedded boards based on Intel’s 14nm Braswell SoCs: a Qseven COM, a COM Express Type 6 COM, and a 5.25-inch SBC.
  • Tizen In-App Purchases(IAP) for Unity Applications goes Live!
  • 5 Best Enterprise Apps and Extensions for Google Chrome
    We have already covered a lot of enterprise applications on our site before. However, one would never expect apps in this genre to exist on a browser like Google Chrome. But, nothing could be further from the real truth. Google's effort to outsmart even the biggest players in the enterprise market are gradually paying off. Slowly spreading its wings into the business world, Google is venturing into arenas where Microsoft once reigned supreme. While the competition doesn't concern us much, but what has happened, in effect, is that the rivalry is bringing out the best in both companies.
  • Platform9 Aims to Control the Private Cloud from the Cloud [Video]
  • Teaching Email Self-Defense: Campaigns intern leads a workshop at PorcFest
    My workshop on Email Self-Defense took place at the 12th annual Porcupine Freedom Festival in Lancaster, New Hampshire. Around eight people attended, which was a few more than I expected. Christopher Waid and Bob Call of ThinkPenguin joined me in helping everyone who brought a laptop to set up GnuPG properly. Those who didn't bring a laptop participated by observing the process on the system most similar to their own and asking questions about particular steps, so as to enable them to achieve the same configuration when they returned home.
  • Security advisories for Thursday

Leftovers: Software

today's howtos

Leftovers: Gaming