A recent Gartner study claims ATM and debit card fraud cost $2.75 billion in losses last year.
For the 12 months ending in May 2005, Gartner estimates online phishing and keylogging attacks led to $2.75 billion USD lost to criminal activity, with an average loss of $900. According to a Gartner press release, banks and other financial institutions covered the losses.
“Criminals sometimes counterfeit ATM/debit cards with just account numbers and PINs in hand, and they can use this stolen information at ATMs to withdraw cash from a cardholder’s account,” Avivah Litan, vice president and research director at Gartner, said in a statement. “They succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorizing transactions.”
Ms. Litan goes on to observe that as many as half of US financial institutions do not verify that information, called Track 2 data. “Criminals are seeking out customers of banks that are not validating ATM cards’ Track 2 magnetic stripe security data during cash withdrawal transactions,” she said in the release.
I opened a new bank account recently and registered for online access. The bank’s online portal asked if I would like to provide an email address so the bank could contact me that way. I declined. If I receive an email purportedly from my bank, I’ll know immediately that it’s probably a phishing scam.
Paranoid? Possibly. But I went shopping at a local grocery store a couple of years ago, only to have my debit card declined at checkout. Upon checking with the bank, I was told a number of the institution’s debit cards had been improperly accessed at Visa, and that my card along with many others had been canceled as a safety measure.
Sorry, but if my new bank needs to reach me, they can send me a letter.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
