Phishing attacks have led to an estimated $2.75bn (£1.55bn) in losses related to ATM and debit cards over the past 12 months, according to a new Gartner report.
The report, released on Tuesday, includes a recent survey of 5,000 US bank customers. From the survey, Gartner estimates that 3 million Americans have lost an average of more than $900 each due to online scams over the past year.
Scam artists are gleaning bank account numbers and PINs through the use of phishing attacks and keystroke logging technology, according to the report. They are then creating fake ATM and debit cards and using the cards to steal money and make purchases.
Criminals "succeed when the card-issuing bank is not validating security codes on the magnetic strip of the card while authorizing transactions," Avivah Litan, Gartner research director, said in a statement.
Banks, as a result, have it within their control to minimise their losses, Litan noted.
On the magnetic strip of every ATM card, security codes are stored on Track 2. These codes tie the physical card with the customer's account number and add an additional layer of security beyond validating a customer's PIN.
But up to half of US banks fail to validate Track 2 data and only rely on customer PINs to authorise ATM transactions, according to Litan, who based that estimate on conversations with banks and transaction processors.
"Criminals are seeking out customers of banks that are not validating ATM cards' Track 2 magnetic stripe security data," Litan said. "Hackers call these banks 'cashable'."
Banks could curtail this type of attack by modifying their ATM host systems, which would require the systems to review Track 2 security data, Litan noted.
Because customers are not aware of the Track 2 data housed on their ATM's magnetic strip, phishers cannot dupe them into providing this sensitive information, the report said. And unless a hacker were familiar with a bank's algorithms and security codes, Track 2 data generally could not be duplicated, according to the Gartner report.
Phishing is on a steep rise, according to a report released Tuesday by security software company Postini. The company found nearly 19.3 million phishing attempts in the month of July as it processed customers email — marking a 16 percent increase over June.
The July phishing attempts marked the highest levels the company has seen to date.
Talkback
A new innovative technique introduced by Green Armor Solutions
http://www.greenarmor.com,
designed by a psychologist in conjunction with an information-security expert, to help companies prevent their customers and employees from falling prey to phishing,pharming,identity theft, and online fraud.
The system, Identity Cues, which leverages a unique combination of
psychology and technology to make obvious to users whether they are
communicating with an organization's legitimate online presence or with a
phony site set up by a criminal, has already begun to impress technical
experts with its powerful, yet straightforward, approach.
A recent research-analyst report:
http://www.ovum.com/go/content/c,57016
Identity Cues offers major advantages over earlier anti-phishing offerings
from usability, security, implementation, and maintenance standpoints. For
example, there are no extra steps during the login process, and, even if
people do not make a conscious effort to use the anti-phishing/anti-pharming
system, the system can still be effective at protecting them. Users don't
have to download/install any software, carry any security devices, register
for any services, or memorize any extra secrets.