Fraudulent US ATM withdrawals on the rise - Javelin

Fraudulent US ATM withdrawals on the rise - Javelin

With around 10% of US fraud victims having their details used to make withdrawals at ATMs, banks need to beef up their machines' security, according to a report from Javelin Strategy & Research.

Of these victims, nearly a quarter dump their financial institution, says the research firm, which collected data from 3294 Americans online and 4874 by phone.

Javelin says criminals have long been skimming consumer PINs by stealing ATMs and installing card readers and fake machines but they are now also employing new techniques. These include manipulating ATM software, posing as consumers wanting to change their PIN and sending out false mobile text alerts with requests for personal information.

This has contributed to nearly one in five fraud victims having their credit card or debit card ATM PIN information stolen in 2009, a considerable increase over 2008.

In addition, Javelin warns that fraudsters may increase their attacks on US cash machines as neighbouring countries such as Canada and Mexico migrate to EMV chip cards.

The report also notes that consumers are not consistently protected on ATM PIN losses. Bank of America, Chase, Citibank and Wells Fargo are among the leaders covering debit ATM PIN losses but, in general, other institutions cover PIN transactions at the register or online, but may not necessarily do so at the ATM.

Robert Vamosi, analyst, risk, fraud and security, Javelin, says: "US financial institutions should consider this a cautionary tale and learn from it. They can reduce their own losses, build consumer trust and slow the exodus of defrauded customers by adopting progressive security technologies, covering ATM PIN losses and educating consumers."

Comments: (4)

A Finextra member
A Finextra member 07 April, 2010, 09:43Be the first to give this comment the thumbs up 0 likes

Am I or am I not surprised?  And I bet the the answer is going to be that we need more security around the PIN and the protection of the PIN.  Hogwash and Piffle!  

With the widespread use of PIN-protected POS transactions, PINs are now very easy for the fraudster to harvest.  In Chipland this is of little consequence as the strength of the consumer payment proposition lies with the card and not with the PIN.  The weakness in the US is a result of card technology that 9-year olds can compromise in their bedrooms.  It's all too easy: I have the card details, I have the PIN, I have all of your money.  In Chipland, this just isn't the case: even if I have the PIN, without the REAL card, capable of generating a real ARQC, I can't do a thing.

The bottom line is that regardless of the security measures that we might impose to protect cardholder data, the truth is that the card data remains in the clear and valuable - and vulnerable! 

Why is it that we seem to be selling security as a remedy for stupidity?

Nick Green
Nick Green - ISD Consultants - Northampton 07 April, 2010, 11:20Be the first to give this comment the thumbs up 0 likes

Chip and PIN - Resistance is Futile, You will comply.

Lachlan Gunn
Lachlan Gunn - BenAlpin Ltd - Perth 08 April, 2010, 19:28Be the first to give this comment the thumbs up 0 likes

Yes, crunch time for a centralised US decision on Chip and PIN implementation must be getting closer.  Until they adopt it the pain is going to get worse......................isn't it nice having something that Europe can agree on?

Ian Kerr
Ian Kerr - Bolero - Hersham 12 April, 2010, 11:52Be the first to give this comment the thumbs up 0 likes

This research adds further weight to the argument that non-EMV compliant regions will become ever more vulnerable to fraud as criminals desert those parts of the world that have already implemented the EMV standard. With their neighbours migrating to EMV over the next couple of years, arguably the US could be shooting itself in the foot by avoiding the short term challenges that migration would incur.

Currently, US banks are putting off migration due to a number of factors, not least the cost involved in upgrading POS terminals and ATMs such as new software platforms required to facilitate integration with EMV kernels and new EMV transaction message types. Moreover, banks will also need to consider the long term changes to ATM maintenance as they will need to implement extensive automated testing procedures to ensure ATM uptime is maintained following EMV migration. As a result, the US is deploying interim measures against skimming which are clearly meeting with limited success.

The costs involved with EMV will be more than outweighed by the benefits. Experience from countries such as the UK and Saudi Arabia has shown that they must seriously consider migrating to Chip and PIN and getting rid of the magnetic stripe card if they are to make significant headway in the fight against card fraud. Clearly the time for action is now if US banks are to maintain customer trust, reduce the cost of fraud and avoid singling themselves out as an easy target for fraudsters.


Trending Stories

Featured Job
All Jobs »
Reading, UK

Product Manager, Open Banking Payment Solutions (Reading, UK)

Guide: to £85K base + bonus + benefits

15 May