28 August 2015

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

627Posts 1,564,583Views 62Comments

ATM Skimming, Cyber Fraud Keep Bankers up at Night

13 June 2014  |  1750 views  |  0

Last year there were hundreds of cyber fraud incidents that struck banks and put consumers’ personal data at risk, even though the one involving Target stole the scenes. These crimes included payment card skimming, denial-of-service and web app tampering. 

 

As we’ve discussed, security is a top concern for banks at the board level. It’s not that the criminals are particularly bright and that’s why they’re causing so many problems, but rather, security for banks just cannot keep up with the volume and type of attacks. Security can also be under-resourced and/or putting too much of its attention in the wrong places.

A web app attack is the interference of web applications, (such as sending a phishing e-mail ) that tricks the recipient into revealing their banking information. Another example is cracking passwords.

Web attacks are ubiquitous and can be conducted by mediocre-skilled crooks, hunting for the user names and passwords of online banking customers. Banks are responding by beefing up verification processes for their customers rather than relying on just the one-step authentication.

The denial-of-service attack is the second big threat upon banks, when malicious traffic is heaped upon the institution’s web server to disrupt site operation. A malfunctioning site turns off customers—including potential customers. But a DDoS attack can also be launched to divert attention away from another planned attack that actually steals data.

Payment card skimming hits banks hard. The crook puts a phony card reader over the card-swiping device to collect the card’s data off its magnetic strip. The thief will then create phony ATM cards.

The skimming tool can be made at home with a 3D printer—and the cost of the printer can very quickly be recovered with fraudulent use of the phony cards. Skimmers are not traceable, putting a lot of load on bankers’ backs. The fact that some ATMs are remotely located doesn’t help.

There’s still room for the criminals to become savvier, joining forces and sharing ideas, getting organized etc. However, many still remain solitary, which enhances their ability to go undetected.

As renowned security expert Bruce Schneier recently said “Security is now about resilience – it’s not about defense.  Banks must up their security awareness, and have a plan in place to respond quickly and thoroughly should there be a breach. 

 

	data theft TagsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

Zeus Malware Gang take-down

25 August 2015  |  1175 views  |  0  |  Recommends 0 TagsSecurity

UL to launch Cybersecurity Cert

20 August 2015  |  1228 views  |  0  |  Recommends 0 TagsSecurity

How to stop Browser Tracking

18 August 2015  |  1210 views  |  1  |  Recommends 0 TagsSecurity

Company for sale includes your Data

14 August 2015  |  1952 views  |  0  |  Recommends 0 TagsSecurity

Even Hackers get hacked

13 August 2015  |  1161 views  |  0  |  Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Who's commenting on Robert's posts

Ulrich Rosenbaum
Revinia Curry
Balasubramaniam GD
Ketharaman Swaminathan
Matt Scott
Bjorn Soland
Prasenjit Das
John Serocold
Charmaine Oak
Iain Montgomery
Otmane EL RHAZI