Language Selection

English French German Italian Portuguese Spanish

Online scams net criminals £2.75 billion

Filed under
Security

Poor card vetting at ATMs helped criminals make off with nearly $3bn in cash plundered from the accounts of users duped into handing over sensitive information in online scams.

Gartner estimates some three million US consumers had $2.75bn stolen out of their bank accounts in the 12 months ending May 2005.

The theft was almost entirely down to criminals using online scams to con consumers out of account and password information through attacks such as phishing and key-logging.

Account information is being increasingly used in the manufacturing of fake cards that are subsequently used at ATM cash machines to withdraw money.

Yet banks are not taking sensible precautions on how their ATMs and others' check these cards, even though it is them that bears the brunt of the cost of these fraudulent withdrawals.

Avivah Litan, VP and research director at Gartner said that these criminals 'succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions ... These security codes are stored on Track 2 of the magnetic stripe and include PIN offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.

'Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorizing ATM and PIN debit transactions. Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.'

Withdrawing cash has benefits over online transactions for these criminals. Many of the gangs that use phishing attacks to access online bank accounts 'hire' mules through which the money is funnelled in an attempt to hide the trail to their own bank account. Taking cash out of an ATM has none of these drawbacks. But Gartner insists that 'Banks have the ability to stop these attacks' as the CVV code is not known to the customer and therefore not prey to phishing attacks - a key element for ATMs to check.

By Matt Whipp
PCPro

More in Tux Machines

Leftovers: Software

  • 3 signs your Kubernetes distro is built to last
    It's hard to turn around these days without bumping into a Kubernetes distribution. For example, Mirantis recently buffed its OpenStack distribution to use Kubernetes as an internal component and for container management. Major Linux server distributions include it now. For Kubernetes adopters, it's all good news. It means the most remarkable development in the container world since, well, containers themselves is enjoying strong uptake and acceptance.
  • Cockpit – An Easy Way to Administer Multiple Remote Linux Servers via a Web Browser
    Cockpit is a free and open source web-based system management tool where users can easily monitor and manage multiple remote Linux srvers. It is very thin and light weight utility & directly interacts with the operating system from a real Linux session and doesn’t require any difficult configuration so just install it, it is ready for use.
  • Some Useful Indicators: Ayatana, Clipboard-Autoedit, Diskstat, Files, Bulletin and Udisks
    Panel Indicators always comes in handy when you have to do some productive work on your desktop computer, to access quick functions of different applications these indicators saves you a lot of time, some indicator give you information you want to receive, it all depends on your needs. Today presenting you some useful indicators which may help you and makes your desktop experience much better. Following all the indicators are developed by just one guy and available through his PPA.
  • SRT Video Transport Protocol Open-Sourced
    In aiming to enhance online video streaming, the SRT video protocol has been open-sourced and an alliance forming around that for low-latency video. SRT is short for Secure Reliable Transport and is a low-latency video transport protocol developed by Haivision. The SRT protocol is being opened under the LGPL license.

today's howtos

Linux and Linux Foundation

KDE and GNOME