19 December 2014

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

539Posts 1,360,796Views 59Comments

ATM Skimming, Cyber Fraud Keep Bankers up at Night

13 June 2014  |  1664 views  |  0

Last year there were hundreds of cyber fraud incidents that struck banks and put consumers’ personal data at risk, even though the one involving Target stole the scenes. These crimes included payment card skimming, denial-of-service and web app tampering. 

 

As we’ve discussed, security is a top concern for banks at the board level. It’s not that the criminals are particularly bright and that’s why they’re causing so many problems, but rather, security for banks just cannot keep up with the volume and type of attacks. Security can also be under-resourced and/or putting too much of its attention in the wrong places.

A web app attack is the interference of web applications, (such as sending a phishing e-mail ) that tricks the recipient into revealing their banking information. Another example is cracking passwords.

Web attacks are ubiquitous and can be conducted by mediocre-skilled crooks, hunting for the user names and passwords of online banking customers. Banks are responding by beefing up verification processes for their customers rather than relying on just the one-step authentication.

The denial-of-service attack is the second big threat upon banks, when malicious traffic is heaped upon the institution’s web server to disrupt site operation. A malfunctioning site turns off customers—including potential customers. But a DDoS attack can also be launched to divert attention away from another planned attack that actually steals data.

Payment card skimming hits banks hard. The crook puts a phony card reader over the card-swiping device to collect the card’s data off its magnetic strip. The thief will then create phony ATM cards.

The skimming tool can be made at home with a 3D printer—and the cost of the printer can very quickly be recovered with fraudulent use of the phony cards. Skimmers are not traceable, putting a lot of load on bankers’ backs. The fact that some ATMs are remotely located doesn’t help.

There’s still room for the criminals to become savvier, joining forces and sharing ideas, getting organized etc. However, many still remain solitary, which enhances their ability to go undetected.

As renowned security expert Bruce Schneier recently said “Security is now about resilience – it’s not about defense.  Banks must up their security awareness, and have a plan in place to respond quickly and thoroughly should there be a breach. 

 

	data theft TagsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

Card Company's boosting Payment Security with Mobile

20 hours ago  |  614 views  |  0  |  Recommends 0 TagsSecurity

Chip and PIN, will It save Us?

17 December 2014  |  781 views  |  0  |  Recommends 0 TagsSecurity

Russian Hackers getting rich from your Identity

10 December 2014  |  1252 views  |  0  |  Recommends 0 TagsSecurity

Chip and PIN vs. Chip and Signature Cards

08 December 2014  |  1289 views  |  1  |  Recommends 0 TagsSecurity

Identity Theft of the Dead affects the Living

06 December 2014  |  1086 views  |  0  |  Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Who is commenting on Robert's posts

Iain Montgomery
Otmane EL RHAZI
Ketharaman Swaminathan
Boris Taratine
Michael Rosenstein
Fred Pyziak
Matt Scott
Paul Love
Mike McCormack