The Fraud Blog with Tracy Kitten

ATM Skimming Undeterred ATMs Remain Under Attack Across Global Markets

ATM skimming is a growing global problem, despite steps taken in Europe and other markets to curb attacks on credit and debit cards.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

A new report from the European ATM Security Team shows fraud trends have continued to climb, and so have losses. For the first six months of 2011, financial losses linked to ATM skimming were reported by 64 countries, the majority of which fall outside the Single Euro Payments Area, better known as SEPA, where migrations to the Europay, MasterCard, Visa standard are, for the most part, complete.

For the first six months of 2011, financial losses linked to ATM skimming were reported by 64 countries. 

But skimming attacks remain a problem even in SEPA. In fact, attacks on ATMs were reported by all but two of the countries included in the EAST report. Seven of the 64 identified upticks in skimming, while only four experienced decreases.

So, even though SEPA countries have shifted from the magnetic stripe to the more secure chip technology, they continue to see losses. They also say they've found the brazenness of criminals to be escalating. Most countries included in EAST's report said skimming devices were being left on ATMs for longer stretches of time - in some cases, for as long as a week.

EAST did not elaborate on why fraudsters felt more confident. But I suspect part of the reason is because of migrations to EMV. Now that those countries have moved away from the legacy mag-stripe (which, incidentally, continues to reign in the U.S.), they've acquired false senses of security.

While EMV chip technology is more secure, it remains vulnerable. Why? Because until every global market completes a migration to some form of EMV-compliant technology, mag-stripes will remain. And as long as mag-stripes exist on cards (even chip cards) in formats that can be read, they will be skimmed.

This is a vulnerability EAST acknowledges in its report. Most of the financial losses that hit European cardholders resulted from transactions conducted in countries outside SEPA; thus, those that fall beyond the reach of EMV. From January 2011 to January 2012, financial losses to skimming fraud were reported in 50 countries outside SEPA and only 14 within.

"The USA remains the top location for such losses, followed by the Dominican Republic, Colombia and Russia," EAST notes.

In response, many European markets are blocking card transactions. Card issuers and acquirers in SEPA are increasingly only allowing transactions to be conducted with domestic cards. And the trend seems to be helping. "Regional card blocking continues to be successful, with three countries reporting resultant falls in skimming incidents and related losses," EAST says.

None of that is positive for the U.S. and its citizens who travel abroad.

Efforts are progressing in the U.S. to get cardholders and merchants on the EMV bandwagon. But it's not a movement that can progress quickly enough, despite some industry pundits' persistence that mobile can accelerate the process.

I don't know that mobile is the final answer, but I do agree it's a step. What I don't know, however, is how many banks and credit unions are even thinking about mobile in the context of EMV. Guessing? I don't think most even have EMV on their radar.

What I can say is that we can all expect the card-blocking trend in Europe to continue. And as more countries throughout the world transition card platforms and portfolios to EMV, card-blocking will bleed into other markets beyond SEPA.

How will card-issuing institutions in the U.S. react? Good question. As a cardholder, I know that trend won't sit well, when I find I can't use my card as ubiquitously as I once could.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network