Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

Wine and Ganes: World of Warcraft, Farm Together, Madcap Castle, Cityglitch

Security Leftovers

today's howtos

Software: Audacity, Geary, GNOME Photos, Business Apps, Mir, Nix, KubeVirt, Top Projects and Apoxi

  • Audacity 2.2.2 Released with a Stack of New Features & Improvements
    This update also builds upon the major changes introduced in the release of Audacity 2.2.0 last year, as well that of the minor 2.2.1 update earlier this year.
  • Geary Email Client Mails Out a Bug Fix Update
    A new version of the Geary email client for Linux desktops is available to download. Although a (relative) minor update when compared to the huge Geary 0.12 release last year, Geary 0.12.1 is worthwhile. The update solves a stack of crashes and server compatibility issues, while also updating translations in the interface and user manual to ensure as many people can use Geary as possible.
  • GNOME Photos – An Elegant Alternative for Organizing and Sharing Photos
    How many GNU/Linux photo managers do you know have a beautiful UI for browsing photos and organizing them into collections coupled with inbuilt editing tools and cloud integration? This one goes by the name of GNOME Photos. GNOME Photos is a simple and yet elegant photo management app with which you can organize, share, and intuitively edit your photos on your Linux workstation. It features a file manager-like environment for easy navigation and cloud integration via GNOME Online Accounts.
  • Linux Means Business – Best Free Business Apps
    Let’s deal with the issue of cost up front. Every single application featured in this article is available to download without payment. This, in itself, helps to keep IT costs within a tight budget. And cost can be a very important driver when seeking an IT solution for firms – particularly for freelancers, entrepreneurs, start-ups, small businesses, and educational establishments. Naturally, these types of people and organizations will have some sort of IT budget. From a business perspective, open source business applications won’t necessarily be zero cost. Using unfamiliar software entails training costs for a firm — the costs are not limited to time itself. And then there’s the expense of obtaining support for the software, or even hiring development time to customize certain aspects of the software to add additional functionality. Off-the-shelf software is unlikely to completely address a company’s needs. But if a proprietary solution is sought, it’s likely that this development will be more expensive. It is sometimes thought that Linux software cannot rival Microsoft applications in a commercial setting because the strength of Linux comes from its price. In fact, Linux’s strength derives from other considerations such as flexibility, stability, security, cutting-edge technology, and ease of use. Additionally, the virtues of open source software are invaluable to commercial organizations whatever their size. With full access to source code, companies can easily develop extensions to the software, tailor made to their own specific needs and requirements. Moreover they are not reliant on the goodwill of a single vendor in order to do business: Linux is about freedom and choice and that is just as important to an organisation as to an individual.
  • Mir's Wayland Support Will Now Let You Drag Around Windows
    I was surprised to learn that up until this week, Mir's initial Wayland support didn't allow for windows of Wayland clients to be moved around the screen. Fortunately, that has now been resolved with allowing window movement to be initiated by Wayland clients running on Mir. Now you can enjoy Qt, GTK apps, and even the Weston Terminal to be moved around the screen. Previously there was just server-side support for moving windows in Wayland while now is client-side support.
  • Nix 2.0 Package Manager Released With A Ton Of Changes
    Nix 2.0 is now available as the latest major update to this functional package manager most commonly associated with the NixOS Linux distribution.
  • KubeVirt v0.3.0-alpha.3: Kubernetes native networking and storage
    First post for quite some time. A side effect of being busy to get streamline our KubeVirt user experience. KubeVirt v0.3.0 was not released at the beginnig of the month. That release was intended to be a little bigger, because it included a large architecture change (to the good). The change itself was amazingly friendly and went in without much problems - even if it took some time. But, the work which was building upon this patch in the storage and network areas was delayed and didn’t make it in time. Thus we skipped the release in order to let storage and network catch up.
  • Top 5 open source projects for 2018
    In our increasingly collaborative world, open source technology is a top trend that is having a major impact on the development and implementation of cutting edge capabilities. Open source is when source code connected to a program is made freely available, giving users the opportunity to make modifications and to share with other users. The common alternative to this is proprietary software, source code that remains under the strict control of an organisation, team or individual, ensuring that the integral code remains private and controlled by its owner.
  • DataTorrent Glues Open Source Componentry with ‘Apoxi’
    Building an enterprise-grade big data application with open source components is not easy. Anybody who has worked with Apache Hadoop ecosystem technology can tell you that. But the folks at DataTorrent say they’ve found a way to accelerate the delivery of secure and scalable big data applications with Apoxi, a new framework they created to stitch together major open source components like Hadoop, Spark, and Kafka, in an extensible and pluggable fashion.