As more criminals target branch ATMs, industry experts wonder if links to insider fraud might not be to blame. Recent brazen attacks prove even in a bank or credit union lobby, ATM skimming can strike.
The Fed's ruling on interchange cuts mandated by the Durbin Amendment will aid fraud prevention and could accelerate a move to chip-based payments, says Randy Vanderhoof, director of the Smart Card Alliance.
"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
"Most convenience stores are concerned about pay-at-the-pump skimming. But they can only focus on so much," says Gray Taylor, a security and compliance expert with the National Association of Convenience Stores.
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
Police in Beaverton, Ore., have asked for the public's help to identify four suspects who were caught on camera using fake payment cards allegedly created from details skimmed by fraudsters at area Michaels stores.
Building on existing contactless NFC technology could bridge the gap between the mag-stripe and chip and PIN. And the Smart Card Alliance says merchants should begin investing in infrastructure upgrades now.
A breach of debit card accounts, which began in April, has so far affected nearly two dozen banks and credit unions in the Northeast Ohio area, including Keybank, Fifth Third and Century Federal Credit union.
Card-skimming trends continue to pose a threat to financial institutions and retail outlets, but there are steps organizations can take to fight back, says John Pearce, director of financial services for ADT Security Services.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
When a database breach occurs, consumer notification continues to be a public problem. And it's time for the federal government to step in, says Linda Foley, co-founder of the non-profit Identity Theft Resource Center.
"I think this is another great example of the lengths to which criminals will go to perpetrate these schemes, and the amount of homework they do," says Julie McNelley, banking and payments fraud analyst at Aite Group.
A new federal suit against Michaels claims the crafts retailer, hit by a POS skimming scheme in May, took too long to notify customers after it learned of the breach that affected stores in 20 U.S. states.