August 2, 2005 7:53 AM PDT

Phishers cash in on ATM cards

Phishing attacks have led to an estimated $2.75 billion in losses related to ATM and debit cards over the past 12 months, according to a new Gartner report.

The report, released Tuesday, includes a recent survey of 5,000 U.S. bank customers. From the survey, Gartner estimates that 3 million Americans have lost an average of more than $900 each due to online scams over the past year.

Scam artists are gleaning bank account numbers and personal identification numbers (PINs) through the use of phishing attacks and keystroke logging technology, according to the report. They are then creating fake ATM and debit cards and using the cards to steal money and make purchases.

Criminals "succeed when the card-issuing bank is not validating security codes on the magnetic strip of the card while authorizing transactions," Avivah Litan, Gartner research director, said in a statement.

Banks, as a result, have it within their control to minimize their losses, Litan noted.

On the magnetic strip of every ATM card, security codes are stored on Track 2. These codes tie the physical card with the customer's account number and add an additional layer of security beyond validating a customer's PIN.

But up to half of U.S. banks fail to validate Track 2 data and only rely on customer PINs to authorize ATM transactions, according to Litan, who based that estimate on conversations with banks and transaction processors.

"Criminals are seeking out customers of banks that are not validating ATM cards' Track 2 magnetic stripe security data," Litan said. "Hackers call these banks 'cashable.'"

Banks could curtail this type of attack by modifying their ATM host systems, which would require the systems to review Track 2 security data, Litan noted.

Because customers are not aware of the Track 2 data housed on their ATM's magnetic strip, phishers cannot dupe them into providing this sensitive information, the report said. And unless a hacker were familiar with a bank's algorithms and security codes, Track 2 data generally could not be duplicated, according to the Gartner report.

Phishing is on a steep rise, according to a report released Tuesday by security software company Postini. The company found nearly 19.3 million phishing attempts in the month of July as it processed customers email--marking a 16 percent increase over June.

The July phishing attempts marked the highest levels the company has seen to date.

15 comments

Join the conversation!
Add your comment
You think the ATM's are bad?
Check out the process by which your checks are being abused using an Automated Clearing House or the common ACH in your checking account.

The ACH or Automated Clearing House handles the check transaction from the time you buy gas at Holiday and then they run your check through the machine.

The machine tells the processing company that your checking account seems valid, but in the case where my brother was using 7 year old account numbers at Rainbow Foods in Chaska MN, as well as the Subway's in Waconia, and Hutchinson.

These checks were allowed to go through the ACH process unscathed as bad account numbers. Yet these companies authorized the checks (4 in one day at Rainbow Foods) and allowed my brother to commit identity theft as well as check fraud.

Due to lack of policy control through Rainbow Foods Corporation and Subway Corporation, these companies are contributing to identity theft and the overall decline of our economics.

There is a serious need for stringent guidelines and regulation on all companies that deal with monies or monies transactions. Until that happens, the banks and companies like Rainbow and Subway will only care about the money that is being put in their pockets and not the consumer!

You can read more about this story at:

Techviewstoday.tech01.net

Stronger Regulation by the FED's is the only way people will listen!

-Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Identity Theft
Dear Justin:
I may be able to assist you resolving your case at Subway and Rainbow. I am aware of certain things that these companies are doing to stop Identity Theft. If you are interested in my assistance, please provide me with the exact time/date of the transactions and I will have my friends at these companies take a look, so you can get the matter resolved. Also, did you file a police report? This ussually helps, if you did, please send a case number. Thanks...
Posted by rainbow_6 (2 comments )
Link Flag
You think the ATM's are bad?
Check out the process by which your checks are being abused using an Automated Clearing House or the common ACH in your checking account.

The ACH or Automated Clearing House handles the check transaction from the time you buy gas at Holiday and then they run your check through the machine.

The machine tells the processing company that your checking account seems valid, but in the case where my brother was using 7 year old account numbers at Rainbow Foods in Chaska MN, as well as the Subway's in Waconia, and Hutchinson.

These checks were allowed to go through the ACH process unscathed as bad account numbers. Yet these companies authorized the checks (4 in one day at Rainbow Foods) and allowed my brother to commit identity theft as well as check fraud.

Due to lack of policy control through Rainbow Foods Corporation and Subway Corporation, these companies are contributing to identity theft and the overall decline of our economics.

There is a serious need for stringent guidelines and regulation on all companies that deal with monies or monies transactions. Until that happens, the banks and companies like Rainbow and Subway will only care about the money that is being put in their pockets and not the consumer!

You can read more about this story at:

Techviewstoday.tech01.net

Stronger Regulation by the FED's is the only way people will listen!

-Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Identity Theft
Dear Justin:
I may be able to assist you resolving your case at Subway and Rainbow. I am aware of certain things that these companies are doing to stop Identity Theft. If you are interested in my assistance, please provide me with the exact time/date of the transactions and I will have my friends at these companies take a look, so you can get the matter resolved. Also, did you file a police report? This ussually helps, if you did, please send a case number. Thanks...
Posted by rainbow_6 (2 comments )
Link Flag
Phishers cash in on ATM cards
Phishers cash in on ATM cards

Mr. AT Alishtari, POA and Founder EDI Secure LLLP, says the lack of two factor authentication with offline devices for ATM machines allows ID fraud. Included in our IP is a patent pending for ATM machines that fits new US Commerce Dept National Institute of Standards and Technology, NIST, level 4 two factor authentication with an offline device.

The United States Patent Trademark Office was going to grant it last year but it sited previous art, our first patent for Nist Level 4 authentication for single use credit card number ID granted July 22, 2003, as a block. We sent it back to the USPTO is recertify it to see if we are not in objection to our own prior art. Go figure tax dollars at work.
Posted by (66 comments )
Reply Link Flag
I agree with and add to the statement the below due to EDI Secure LLLP sale
I agree with and add to the statement the below due to EDI Secure LLLP sale


A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Phishers cash in on ATM cards
Phishers cash in on ATM cards

Mr. AT Alishtari, POA and Founder EDI Secure LLLP, says the lack of two factor authentication with offline devices for ATM machines allows ID fraud. Included in our IP is a patent pending for ATM machines that fits new US Commerce Dept National Institute of Standards and Technology, NIST, level 4 two factor authentication with an offline device.

The United States Patent Trademark Office was going to grant it last year but it sited previous art, our first patent for Nist Level 4 authentication for single use credit card number ID granted July 22, 2003, as a block. We sent it back to the USPTO is recertify it to see if we are not in objection to our own prior art. Go figure tax dollars at work.
Posted by (66 comments )
Reply Link Flag
I agree with and add to the statement the below due to EDI Secure LLLP sale
I agree with and add to the statement the below due to EDI Secure LLLP sale


A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
So which banks ARE and which AREN'T validating?
"Criminals are seeking out customers of banks that are not validating ATM cards' Track 2 magnetic stripe security data,"

"Banks could...require the [ATM] systems to review Track 2 security data"

So which banks ARE and which AREN'T validating Track 2 security data? Do we as consumers have access to this info, or is it just the CRIMINALS who do???
Posted by danlia (5 comments )
Reply Link Flag
So which banks ARE and which AREN'T validating?
"Criminals are seeking out customers of banks that are not validating ATM cards' Track 2 magnetic stripe security data,"

"Banks could...require the [ATM] systems to review Track 2 security data"

So which banks ARE and which AREN'T validating Track 2 security data? Do we as consumers have access to this info, or is it just the CRIMINALS who do???
Posted by danlia (5 comments )
Reply Link Flag
Banks need to held accountable
Banks and financial institutions are losing our private information to hackers on a daily basis. They need to held liable for the loss of this information, and must be forced to tell us when it happens. Yes I understand what a constant and growing problem this, but the times they are a changing.

<a class="jive-link-external" href="http://jmaximus.blogspot.com" target="_newWindow">http://jmaximus.blogspot.com</a>
Posted by jmaximus9 (86 comments )
Reply Link Flag
Banks need to held accountable
Banks and financial institutions are losing our private information to hackers on a daily basis. They need to held liable for the loss of this information, and must be forced to tell us when it happens. Yes I understand what a constant and growing problem this, but the times they are a changing.

<a class="jive-link-external" href="http://jmaximus.blogspot.com" target="_newWindow">http://jmaximus.blogspot.com</a>
Posted by jmaximus9 (86 comments )
Reply Link Flag
Phishing an ATM Card?
are there really 3,000,000 Americans out there who coughed up their atm/debit card pin number on the internet, or entered it into their computers in any fashion whatsoever? think about that. your atm/debit card pin number into your computer? that fails the sanity check!

mark d.
Posted by markdoiron (1138 comments )
Reply Link Flag
Phishing an ATM Card?
are there really 3,000,000 Americans out there who coughed up their atm/debit card pin number on the internet, or entered it into their computers in any fashion whatsoever? think about that. your atm/debit card pin number into your computer? that fails the sanity check!

mark d.
Posted by markdoiron (1138 comments )
Reply Link Flag
Why To Install An Atm Machine In Your Business?

Have you heard about the atm machines business, but didn?t know who to contact to get one to your business? Atm machines are great source of income to your existing business. It is another service you can offer to your clients and stand out from your competitors.

You can lease or buy an atm machine to your business. Many companies will take care of the processing and maintenance of the machines for you. We make the process much easier for the business owner.

There are many types of atm machines. So how will you know which atm machine is right for your business? There are many experts for atm machines, but you need only one that you trust. The atm?s process is very simple, but like in every business you need to know what you?re doing.

If purchasing an atm machine is too costly, but you would like to operate and retain the profits, then leasing is the solution for you. Leasing allows you to spread out the cost of the machine over several years. The surcharge profits will be greater than your monthly payments, and your business will recognize net gains immediately.

Many businesses want their clients to come back and purchase. If costumers regularly ask for cash and your business has no atm machine, your business is losing out on significant profits. An atm machine is important to your business.

How much cash do I need to keep my atm machine full? You will be pleasantly surprised that it takes much less than you think. As cash is withdrawn from the atm machine, these funds are then redeposit back into your bank account within 24 hours. You basically need enough money to keep the atm machine full for three days. Then withdraw the same funds to start the process all over again.

What about outdoor atm machines? The most rewarding aspect of an outdoor atm machine, is convenience. Consumers simply won?t find a more convenient way to withdraw cash than outdoor atm machine. It allows a business owner to provide a fast atm location to a wider range of costumers and passer-by.

So what is the main benefit of having an atm machine? The location owner does absolutely nothing but cash the checks when they arrive in the mail from the atm distributor. Leasing atm machines can be a good way to make money without the risks and headaches involved in purchasing. So the only thing you should think about is which atm company you want to go with for your new atm placement.


The most important in purchasing or leasing an atm machine is the location. You have to make sure that you will have traffic in your location, so you will not invest in an atm machine for nothing.

<a class="jive-link-external" href="http://1atm.org" target="_newWindow">http://1atm.org</a>
Posted by yanniraz (5 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.