ATM Fraud: 7 Growing Threats to Financial Institutions

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

The Heartland Payment Systems (HPY) data breach may be the fraud story of year (so far), but ATM and debit card thefts are growing steadily and frighteningly at financial institutions.

Witness the recent announcement by law enforcement in New York City that a criminal gang had stolen $500,000 from hundreds of customers' bank accounts via skimming devices that read and stored account information at Sovereign Bank branches in Staten Island. The gang installed cameras onto the machines, catching victims typing in their PIN numbers. They also used the information to clone the card information, according to police.

A recent survey by security vendor Actimize shows that almost 70 percent of financial institutions experienced an increase in ATM/debit card fraud claims in 2008 compared to 2007. Twenty-three percent of respondents say those claims jumped by 5 to 9 percent, while the rest noted growth of anywhere between 10 and 74 percent. These numbers are only expected to grow in 2009, as a result of the recession.

Half of the institutions surveyed say they were hit with fraud complaints that came out of some of the major data breaches, with more than 30 percent saying they had seen fraud incidents as a result of the TJX hack, and 30 percent cited the Heartland hack.

Approximately 80 percent of the survey respondents say the big data breaches can decrease consumer confidence in ATM/debit card use. About 15 percent say they have reissued cards to more than 20 percent of their cardholder customers. In 2008, the financial institutions surveyed lost an average of $744,321 -- with some as high as $12 million -- to ATM fraud alone, and an average of $145,560, or as high as $1 million, to data breaches.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

ATM Fraud Trends
The reason that criminals target ATMs is simple. "Criminals like cards and PINs. It is much easier to cash them out, rather than to hire a mule or repackager with stolen credit cards," says fraud expert Mike Urban, Senior Director of Fraud Solutions at Fair Isaac. If the magnetic stripe data and pin is available, it is easy money for the criminal to get the cash out of the ATM. "There is no fence, no making an authentic card to use at a retailer," he says. While this crime is much harder to perpetrate, criminals prefer this over other types of credit card fraud, such as signature-based fraud.

Here are the top ATM/debit card fraud trends:

#1. Skimming -- The upswing in skimming at institutions has caught fraud experts' attention. "A higher percentage of criminals are going straight to a bank and installing a PIN pad overlay and card reader," Urban says. "This is where the transaction goes through, and the customer doesn't realize that their ATM card or debit card has been compromised. I've seen a steady increase over the last couple years on this type of fraud."

#2. Ghost ATMs -- There are also the "Ghost ATMs," where the entire ATM card reader is blocked off and customers can't perform a transaction. "The customer swipes their card, enters their PIN, and then the fake ATM says it can't complete the transaction," Urban explains. There were several of these types of ghost ATMs that popped up on the east coast back four years ago. One arrest was made in those cases, he notes.

#3. Ram Raids -- Criminals continue to target ATMs in various ways, with "ram" raids happening more often in the US. Ram raids are perpetrated when criminals physically break out ATMs from the wall at the institution. In Texas, the number of ram raids has spurred institutions to partner with law enforcement, and a task force has been formed to fight the raiders. "The opportunity that some non-hardened criminals see is an exterior ATM that can be pulled out, loaded with thousands of dollars," Urban says. "So in terms of crimes of opportunity, people feeling desperate will attempt this crime."

#4. PIN ID's -- One of the other trends Urban sees happening is where criminals are testing systems to identify PINs. One particular technique is where the criminal captures the magnetic stripe data from a retailer. They then go to an online bank site with a script written on several well known PINs, and run it against the site until they get a match.