- Related Stories
-
FDIC to banks: Watch out for spyware
July 25, 2005 -
Between phishers and the deep blue sea
July 18, 2005 -
Bank of America takes on cyberscams
May 26, 2005 -
Phishing attacks take a new twist
May 4, 2005
The report, released Tuesday, includes a recent survey of 5,000 U.S. bank customers. From the survey, Gartner estimates that 3 million Americans have lost an average of more than $900 each due to online scams over the past year.
Scam artists are gleaning bank account numbers and personal identification numbers (PINs) through the use of phishing attacks and keystroke logging technology, according to the report. They are then creating fake ATM and debit cards and using the cards to steal money and make purchases.
Criminals "succeed when the card-issuing bank is not validating security codes on the magnetic strip of the card while authorizing transactions," Avivah Litan, Gartner research director, said in a statement.
Banks, as a result, have it within their control to minimize their losses, Litan noted.
On the magnetic strip of every ATM card, security codes are stored on Track 2. These codes tie the physical card with the customer's account number and add an additional layer of security beyond validating a customer's PIN.
But up to half of U.S. banks fail to validate Track 2 data and only rely on customer PINs to authorize ATM transactions, according to Litan, who based that estimate on conversations with banks and transaction processors.
"Criminals are seeking out customers of banks that are not validating ATM cards' Track 2 magnetic stripe security data," Litan said. "Hackers call these banks 'cashable.'"
Banks could curtail this type of attack by modifying their ATM host systems, which would require the systems to review Track 2 security data, Litan noted.
Because customers are not aware of the Track 2 data housed on their ATM's magnetic strip, phishers cannot dupe them into providing this sensitive information, the report said. And unless a hacker were familiar with a bank's algorithms and security codes, Track 2 data generally could not be duplicated, according to the Gartner report.
Phishing is on a steep rise, according to a report released Tuesday by security software company Postini. The company found nearly 19.3 million phishing attempts in the month of July as it processed customers email--marking a 16 percent increase over June.
The July phishing attempts marked the highest levels the company has seen to date.
- More from News.com on this story's topics
Spam and phishing
Banking
Analyst reports
See more CNET content tagged:
ATM,
phishing,
debit card,
keystroke logging,
bank
Business web hosting from Aplus.Net
The ACH or Automated Clearing House handles the check transaction from the time you buy gas at Holiday and then they run your check through the machine.
The machine tells the processing company that your checking account seems valid, but in the case where my brother was using 7 year old account numbers at Rainbow Foods in Chaska MN, as well as the Subway's in Waconia, and Hutchinson.
These checks were allowed to go through the ACH process unscathed as bad account numbers. Yet these companies authorized the checks (4 in one day at Rainbow Foods) and allowed my brother to commit identity theft as well as check fraud.
Due to lack of policy control through Rainbow Foods Corporation and Subway Corporation, these companies are contributing to identity theft and the overall decline of our economics.
There is a serious need for stringent guidelines and regulation on all companies that deal with monies or monies transactions. Until that happens, the banks and companies like Rainbow and Subway will only care about the money that is being put in their pockets and not the consumer!
You can read more about this story at:
Techviewstoday.tech01.net
Stronger Regulation by the FED's is the only way people will listen!
-Justin
The ACH or Automated Clearing House handles the check transaction from the time you buy gas at Holiday and then they run your check through the machine.
The machine tells the processing company that your checking account seems valid, but in the case where my brother was using 7 year old account numbers at Rainbow Foods in Chaska MN, as well as the Subway's in Waconia, and Hutchinson.
These checks were allowed to go through the ACH process unscathed as bad account numbers. Yet these companies authorized the checks (4 in one day at Rainbow Foods) and allowed my brother to commit identity theft as well as check fraud.
Due to lack of policy control through Rainbow Foods Corporation and Subway Corporation, these companies are contributing to identity theft and the overall decline of our economics.
There is a serious need for stringent guidelines and regulation on all companies that deal with monies or monies transactions. Until that happens, the banks and companies like Rainbow and Subway will only care about the money that is being put in their pockets and not the consumer!
You can read more about this story at:
Techviewstoday.tech01.net
Stronger Regulation by the FED's is the only way people will listen!
-Justin
Mr. AT Alishtari, POA and Founder EDI Secure LLLP, says the lack of two factor authentication with offline devices for ATM machines allows ID fraud. Included in our IP is a patent pending for ATM machines that fits new US Commerce Dept National Institute of Standards and Technology, NIST, level 4 two factor authentication with an offline device.
The United States Patent Trademark Office was going to grant it last year but it sited previous art, our first patent for Nist Level 4 authentication for single use credit card number ID granted July 22, 2003, as a block. We sent it back to the USPTO is recertify it to see if we are not in objection to our own prior art. Go figure tax dollars at work.
Mr. AT Alishtari, POA and Founder EDI Secure LLLP, says the lack of two factor authentication with offline devices for ATM machines allows ID fraud. Included in our IP is a patent pending for ATM machines that fits new US Commerce Dept National Institute of Standards and Technology, NIST, level 4 two factor authentication with an offline device.
The United States Patent Trademark Office was going to grant it last year but it sited previous art, our first patent for Nist Level 4 authentication for single use credit card number ID granted July 22, 2003, as a block. We sent it back to the USPTO is recertify it to see if we are not in objection to our own prior art. Go figure tax dollars at work.
"Banks could...require the [ATM] systems to review Track 2 security data"
So which banks ARE and which AREN'T validating Track 2 security data? Do we as consumers have access to this info, or is it just the CRIMINALS who do???
"Banks could...require the [ATM] systems to review Track 2 security data"
So which banks ARE and which AREN'T validating Track 2 security data? Do we as consumers have access to this info, or is it just the CRIMINALS who do???
http://jmaximus.blogspot.com
http://jmaximus.blogspot.com
mark d.
mark d.