• Skip to content
  • Skip to menu

DISC InfoSec blog

InfoSec and Compliance 

Rss 2.0

  • Home
  • About
  • Contact
  • InfoSec Books
  • InfoSec Threats
  • InfoSec webinars & blogs

Apr 28 2010

U.S. businesses face skimming fraud increase

Category: Cybercrime,pci dss — DISC @ 2:29 pm
atm machine

Image by TheTruthAbout… via Flickr

City woman victim of skimming; Credit card number used for purchases at store in Florida.(City): An article from: Winnipeg Free Press

By Angela Moscaritolo – SCMagazineUS.com

U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and PINs, according to a Gartner analyst.
These types of attacks are not new, but the scale and the organization behind them is, Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com on Tuesday. Over the past six months, fraudsters increasingly have been mounting well-organized and systematic attacks that involve placing skimming devices on not just ATM machines — the most commonly targeted device — but also point-of-sale systems and gas-pump card readers.

Litan said she heard about the increase in skimming at a recent fraud conference attended by numerous financial services companies. There, she learned that skimming is currently one of the top problems with which banks are dealing.

Last summer, Chris Paget, chief hacker for H4RDW4RE, a security consulting company that specializes in hardware and radio reverse engineering and assessment, unknowingly encountered a rigged ATM at the Rio All-Suites Hotel & Casino in Las Vegas. As a result, Paget, who was in town to attend the Black Hat hacker conference, lost $200.

In his case, the ATM contained no signs of tampering and apparently was internally compromised. But Paget, best known for his research around RFID technology, said externally placed skimming devices are becoming more advanced.

“Skimmers are reaching the stage now where it’s impossible to detect them reliably,” Paget said. “In most cases, the externally attached devices are made well enough that they blend in perfectly unless you know what to look for.”

According to a report issued early this month by Javelin Strategy & Research, nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008. The report also found that 10 percent of all fraud victims had cash withdrawn from their accounts via fraudulent ATM transactions.

And two weeks ago, the U.S. Secret Service in South Carolina issued a warning to consumers to be on the lookout for what authorities believe is an international operation to attach skimming devices to card readers, according to published reports. Authorities located roughly 10 skimmers at various ATMs, prompting the advisory.

In November, industry trade group the ATM Industry Association, which attributes $1 billion in annual global losses to skimming, called for tougher penalties for offenders.

The ATMs of major banks are being targeted with this type of fraud, and it is not only occurring in remote locations, Litan said. For example, skimmers have been placed on ATMs directly outside of bank branch locations in major U.S. cities. In addition, fraudsters have been systematically swapping out U.S. retailers’ point-of-sale systems with their own devices, which have been crafted to steal consumer information.

Banks are taking this issue seriously because they generally have to pay the fraud costs associated with skimming, Litan said. Banks incur skimming costs because they are liable for card-present transactions, or those in which the card and the cardholder are physically present at the time the payment is processed.

As a result, banks have been putting in place additional fraud detection measures and have begun reaching out to clients to educate them in ways they haven’t in the past, Litan said. However, it is often difficult to tune fraud detection systems so they don’t inconvenience customers by rejecting transactions.

“It’s a pretty sad sate all around that the average citizen is powerless to protect against,” Paget said. “You can only hope that your bank protects you when you do eventually get scammed.”

To increase the security of transactions, many countries have already begun or completed the transition to chip cards, which securely store a cardholder’s account number and PIN on an embedded micro-computer chip that is virtually impossible to skim, Litan said. The transition here because of the cost and the high number of banks and retailers that would have to support the initiative.

But the United States may move to chip cards sooner than expected if current levels of skimming fraud continue, Litan said.

Related articles by Zemanta
  • 2 arrested in ATM tampering scheme (cbc.ca)
  • ATM skimmers: man, these things are scary (boingboing.net)

ATM Security Breach News Video

Protect Yourself From Fraud In 2018

Tags: ATM, Automated teller machine, Avivah Litan, Bank account, Credit card, credit card fraud, debit card, debit card fraud, fraud, Las Vegas Nevada, Point of sale, United States

Comments (1)

One Response to “U.S. businesses face skimming fraud increase”

  1. Yasshuja says:
    July 6th, 2010 2:08 am

    Good article…

Leave a Reply

Click here to cancel reply.


  • Click below to Follow DISC InfoSec blog
      👇           👇           👇

    Follow DISC InfoSec blog

    DISC InfoSec Titles

  • DISC InfoSec Services

    👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet
  • Get a Cyber Aware Cheat Sheet now!
  • “Like” our FB DISC InfoSec page

    >>> DISC InfoSec Facebook Page <<<

  • DISC InfoSec Store

    DISC online store for recommended InfoSec products

  • DISC InfoSec Online Services
    DISC InoSec Services
  • Download ISO27k Standards

    vCISO as a service



  • Search DISC InfoSec blog
  • Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
  • Blogroll
    • (ISC)2 blog
    • Aylward blog
    • CERT Podcast
    • Gartner
    • Get Safe Online
    • IdentityTheft.org.uk
    • Krebs on security
    • MicroSoftTechNet
    • Noticebored blog
    • SANS Internet Storm Center
    • Schneier blog
  • Archives
  • Categories
  • Tags
    Business Chief Information Security Officer china CISA CISO Cloud computing cloud security Computer security Credit card cyberwarfare dark web data breach data security facebook Financial services gdpr Google Hacking Health Insurance Portability and Accountability Act hipaa Identity Theft Information Security Information Security Management System International Organization for Standardization isms ISO/IEC 27001 iso 27001 iso 27001 certification iso 27002 Log4shell Malware Microsoft Payment Card Industry Data Security Standard pci dss Pegasus spyware phishing privacy Ransomware Protection Playbook Risk Assessment Risk management Security Security Risk Assessment Spyware United States vCISO
  • For an InfoSec and Compliance question
    Contact us

    Support us
  • Best Sellers Books in Computer Security

    New Releases in Computer Security

top

Powered by WordPress and Stardust

Created by Tommaso Baldovino