Blog article
See all stories »

An article relating to this blog post on Finextra:

US charges eight over $45m ATM theft

US authorities have charged eight people with taking part in two cyber-attacks that saw card data stolen from payment processors and used to withdraw $45 million from ATMs around the world.


See article

Latest ATM Fraud: another 45 million reasons for change

Once again we have been reminded of the vulnerability of financial institutions to credit card fraud. Last week we saw the news that a large gang of thieves (a number of whom have just been arrested in New York) managed to steal an enormous $45 million from thousands of ATMs in just a matter of hours.

This latest crime may have been complex in its deployment – the sheer scale of it was staggering – but at its heart was the “traditional” technique that I have spoken of before: obtaining customers’ credit card details and later using the data to manufacture false credit cards.

Questions must be asked of a system that allowed $40 million to be withdrawn from 36,000 cross-border transactions in just 10 hours. Sadly, it may not be an isolated case. This crime highlights the fact that cross-border fraud, committed at ATMs and Point-of-Sale (POS) devices, remains a major problem for card-issuers the world over.

Many current bank systems are either missing fraudulent transactions (as we’ve seen here) or, conversely, are dogged by false positives (declining legitimate transactions) in order to stop fraudulent transactions, which can result in inconvenienced customers and higher costs. But there is technology already being used that mitigates both issues, essentially by ‘tying’ individuals’ credit cards to their mobile phone and using proximity correlation analysis.

If the accounts affected by this crime had this technology incorporated, the thieves would not have been able to withdraw money from their various ATMs because the system would have picked up that the account holder’s mobile phone wasn’t in the same proximity as the fake card. 

This latest crime underlines once more the need for efficient, real-time detection, prevention and resolution, protecting the customer and the banking organization from both fraudulent transactions and false positives.

6326

Comments: (2)

A Finextra member
A Finextra member 17 May, 2013, 14:06Be the first to give this comment the thumbs up 0 likes

Yes, appropriate technology would have prevented this fraud, but 'simple' EMV chip technology in the cards and ATMs would have been enough to prevent this cloning scam, where stolen card details were written onto other magnetic stripe cards. However, a much more serious aspect of this fraud is that the criminals were able to discover or to reset the PINs associated with these card accounts, which was essential to allow them to withdraw cash. And of course with the correct PIN entered and the card apparently present, the issuing banks approved the withdrawals. What issuing institutions should be looking at as a result is how secure their back office PIN management systems are.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 20 May, 2013, 10:03Be the first to give this comment the thumbs up 0 likes

This is a cross-border fraud. Many people don't use the regular SIM of their mobile phones while traveling abroad due to exorbitant international roaming costs. Any authentication based on "registered mobile phone" simply won't work. Besides, given patchy mobile connections indoors, in congested places and while on roaming mode, I fail to see how this technology won't lead to greater false-positive rates. While EMV will help, it's not so 'simple'! I've a hunch that we don't need any additional technology to prevent such frauds. But I'll await feedback on the questions I've raised around standard operating procedures in my following post:

Why Is This Data Breach Different?

Pat Carroll

Pat Carroll

Founder/Executive Chairman

ValidSoft

Member since

17 Mar 2011

Location

London

Blog posts

79

Comments

40

This post is from a series of posts in the group:

Disruption in Retail Banking

Growth in internet and mobile technologies has transformed many industries and economies. The market forces and competitive landscape has completely changed in many sectors. iTunes has fundamentally changed music industry, Amazon has driven most big brick and mortar book sellers out of business, Expedia is one of the worlds' biggest travel company….. the list goes on.


See all

Now hiring