• Skip to content
  • Skip to menu

DISC InfoSec blog

InfoSec and Compliance 

Rss 2.0

  • Home
  • About
  • Contact
  • InfoSec Books
  • InfoSec Threats
  • InfoSec webinars & blogs

Apr 28 2010

U.S. businesses face skimming fraud increase

Category: Cybercrime,pci dss — DISC @ 2:29 pm
atm machine

Image by TheTruthAbout… via Flickr

City woman victim of skimming; Credit card number used for purchases at store in Florida.(City): An article from: Winnipeg Free Press

By Angela Moscaritolo – SCMagazineUS.com

U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and PINs, according to a Gartner analyst.
These types of attacks are not new, but the scale and the organization behind them is, Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com on Tuesday. Over the past six months, fraudsters increasingly have been mounting well-organized and systematic attacks that involve placing skimming devices on not just ATM machines — the most commonly targeted device — but also point-of-sale systems and gas-pump card readers.

Litan said she heard about the increase in skimming at a recent fraud conference attended by numerous financial services companies. There, she learned that skimming is currently one of the top problems with which banks are dealing.

Last summer, Chris Paget, chief hacker for H4RDW4RE, a security consulting company that specializes in hardware and radio reverse engineering and assessment, unknowingly encountered a rigged ATM at the Rio All-Suites Hotel & Casino in Las Vegas. As a result, Paget, who was in town to attend the Black Hat hacker conference, lost $200.

In his case, the ATM contained no signs of tampering and apparently was internally compromised. But Paget, best known for his research around RFID technology, said externally placed skimming devices are becoming more advanced.

“Skimmers are reaching the stage now where it’s impossible to detect them reliably,” Paget said. “In most cases, the externally attached devices are made well enough that they blend in perfectly unless you know what to look for.”

According to a report issued early this month by Javelin Strategy & Research, nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008. The report also found that 10 percent of all fraud victims had cash withdrawn from their accounts via fraudulent ATM transactions.

And two weeks ago, the U.S. Secret Service in South Carolina issued a warning to consumers to be on the lookout for what authorities believe is an international operation to attach skimming devices to card readers, according to published reports. Authorities located roughly 10 skimmers at various ATMs, prompting the advisory.

In November, industry trade group the ATM Industry Association, which attributes $1 billion in annual global losses to skimming, called for tougher penalties for offenders.

The ATMs of major banks are being targeted with this type of fraud, and it is not only occurring in remote locations, Litan said. For example, skimmers have been placed on ATMs directly outside of bank branch locations in major U.S. cities. In addition, fraudsters have been systematically swapping out U.S. retailers’ point-of-sale systems with their own devices, which have been crafted to steal consumer information.

Banks are taking this issue seriously because they generally have to pay the fraud costs associated with skimming, Litan said. Banks incur skimming costs because they are liable for card-present transactions, or those in which the card and the cardholder are physically present at the time the payment is processed.

As a result, banks have been putting in place additional fraud detection measures and have begun reaching out to clients to educate them in ways they haven’t in the past, Litan said. However, it is often difficult to tune fraud detection systems so they don’t inconvenience customers by rejecting transactions.

“It’s a pretty sad sate all around that the average citizen is powerless to protect against,” Paget said. “You can only hope that your bank protects you when you do eventually get scammed.”

To increase the security of transactions, many countries have already begun or completed the transition to chip cards, which securely store a cardholder’s account number and PIN on an embedded micro-computer chip that is virtually impossible to skim, Litan said. The transition here because of the cost and the high number of banks and retailers that would have to support the initiative.

But the United States may move to chip cards sooner than expected if current levels of skimming fraud continue, Litan said.

Related articles by Zemanta
  • 2 arrested in ATM tampering scheme (cbc.ca)
  • ATM skimmers: man, these things are scary (boingboing.net)

ATM Security Breach News Video

Protect Yourself From Fraud In 2018

Tags: ATM, Automated teller machine, Avivah Litan, Bank account, Credit card, credit card fraud, debit card, debit card fraud, fraud, Las Vegas Nevada, Point of sale, United States

Comments (1)


Mar 31 2010

Debit Card Fraud: Is Your Money at Risk?

Category: Information Security,pci dss — DISC @ 2:12 am


by Amy Fontinelle @ investopedia.com

Debit card fraud occurs when a criminal gains access to your debit card number and, in some cases, PIN, to make unauthorized purchases and/or withdraw cash from your account. There are many different methods of obtaining your information, from unscrupulous employees to hackers gaining access to your data from a retailer’s unsecure computer.

When your debit card is used fraudulently, the money is missing from your account instantly. Payments you’ve scheduled or checks you’ve mailed may bounce; you may not be able to afford necessities, and it can take awhile for the fraud to be cleared up and the money restored to your account.

How to Detect Debit Card Fraud

Fortunately, it doesn’t take any special skills to detect debit card fraud. The easiest way to spot problems early is to sign up for online banking, if you haven’t already. Check your balance and recent transactions daily. The sooner you detect fraud, the easier it will be to limit its impact on your finances and your life. If you see unfamiliar transactions, call the bank right away. If you’re the forgetful type, start hanging on to the receipts from your debit card transactions so you can compare these against your online transactions.

If you don’t want to bank online, you can keep tabs on your recent transactions via phone banking. In the very least, you should review your monthly bank statement as soon as you receive them, and check your account balance whenever you visit an ATM or bank teller. However, it can take much longer to detect fraud using these methods.

9 Easy Ways to Protect Yourself

While you may not have any control over hackers and other thieves, there are many things you can control that will help you avoid becoming a victim.

• Get banking alerts. In addition to checking your balance and recent transactions online daily, you can sign up for banking alerts. Your bank will then contact you by email or text message when certain activity occurs on your account, such as a withdrawal exceeding an amount you specify or a change of address.

• Go paperless. Signing up for paperless bank statements will eliminate the possibility of having bank account information stolen from your mailbox. Shredding existing bank statements and debit card receipts using a diamond-cut shredder when you’re done with them will greatly reduce the possibility of having bank account information stolen from your trash.

• Don’t make purchases with your debit card. Use a credit card instead, because it offers greater protection against fraud. If you do make debit card purchases, don’t use your PIN – tell the cashier to select the credit option. The money for your purchase will still be withdrawn from your account right away, but you won’t expose yourself to PIN theft.

• Stick to bank ATMs. They tend to have better security (video cameras) than ATMs at convenience stores, restaurants and other places.

• Destroy old debit cards. Some shredders will take care of this for you.

• Don’t keep all your money in one place. If your checking account is compromised, you want to be able to access cash from another source to pay for necessities and meet your financial obligations.

• Beware of phishing scams. When checking your email or doing business online, make sure you know who you’re interacting with.

• Protect your computer. Use firewall, anti-virus and anti-spyware software on your computer, and keep it updated regularly.

• Use a secured network. Don’t do financial transactions online, when using your computer in a public place and/or over an unsecured network.

What to Do If It Happens to You

If you learn that your debit card information has been compromised, contact your bank immediately to limit the damage the thief can do, and limit your financial responsibility for the fraud. Make contact immediately by phone, and follow up with a detailed letter stating the full name of the bank employee you spoke with, details of the fraudulent transactions, and any ideas you have about how your account may have been compromised. Ask your bank to waive any NSF fees that may be incurred because of the fraud, and to restore the fraudulently withdrawn funds to your account.

Hopefully, you won’t have any trouble resolving the issue directly with your bank, but if you do, you can contact a legitimate consumer advocacy group such as Privacy Rights Clearinghouse. There are also government organizations to contact if your bank isn’t cooperating. The agency to contact depends on the type of bank you use.

• The Federal Reserve Board of Governors handles complaints for state-chartered Federal Reserve System banks, bank holding companies and branches of foreign banks.
• The FDIC deals with state-chartered, non-FRS banks.
• The National Credit Union Association handles federally chartered credit unions.
• The Office of the Comptroller of the Currency (OCC) oversees national banks.
• The Office of Thrift Supervision keeps an eye on federal savings and loans and federal savings banks.
• The Federal Trade Commission handles everything else.

If you’re not sure which one to call, start with the OCC.

If you will have trouble making any of your monthly payments because of the fraud, contact those creditors, explain the situation and ask if they can do anything for you. This step is extremely important, as failure to do so implies your unwillingness to pay them. However, if they know about your hardship, they may be willing to work with you to reschedule payments.

Conclusion

Anything you can do to make a thief’s work more difficult, whether it’s staying on top of your balance, spreading your cash out across multiple accounts or making purchases with credit cards instead of debit, will help safeguard your checking account and decrease your chances of becoming a victim of debit card fraud

Tags: ATM, debit card, debit card fraud, Federal Trade Commission, OCC, PIN theft

Comments (9)



  • Click below to Follow DISC InfoSec blog
      👇           👇           👇

    Follow DISC InfoSec blog

    DISC InfoSec Titles

  • DISC InfoSec Services

    👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet
  • Get a Cyber Aware Cheat Sheet now!
  • “Like” our FB DISC InfoSec page

    >>> DISC InfoSec Facebook Page <<<

  • DISC InfoSec Store

    DISC online store for recommended InfoSec products

  • DISC InfoSec Online Services
    DISC InoSec Services
  • Download ISO27k Standards

    vCISO as a service



  • Search DISC InfoSec blog
  • Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
  • Blogroll
    • (ISC)2 blog
    • Aylward blog
    • CERT Podcast
    • Gartner
    • Get Safe Online
    • IdentityTheft.org.uk
    • Krebs on security
    • MicroSoftTechNet
    • Noticebored blog
    • SANS Internet Storm Center
    • Schneier blog
  • Archives
  • Categories
  • Tags
    Business Chief Information Security Officer china CISA CISO Cloud computing cloud security Computer security Credit card cyberwarfare dark web data breach data security facebook Financial services gdpr Google Hacking Health Insurance Portability and Accountability Act hipaa Identity Theft Information Security Information Security Management System International Organization for Standardization isms ISO/IEC 27001 iso 27001 iso 27001 certification iso 27002 Log4shell Malware Microsoft Payment Card Industry Data Security Standard pci dss Pegasus spyware phishing privacy Ransomware Protection Playbook Risk Assessment Risk management Security Security Risk Assessment Spyware United States vCISO
  • For an InfoSec and Compliance question
    Contact us

    Support us
  • Best Sellers Books in Computer Security

    New Releases in Computer Security

top

Powered by WordPress and Stardust

Created by Tommaso Baldovino