Gartner: Bank card fraud too easy for phishers

By not using all available security features, U.S. banks are making it easier for phishers to commit ATM fraud, Gartner says.

U.S. banks are putting customer convenience ahead of security and, in the process, making it much easier for online "phishers" to create counterfeit bank cards, according to a Gartner report released Tuesday. And with the Internet now a common source of stolen account information, phishers are accounting for a growing portion of the estimated US$2.75 billion in annual losses that bank card abuse is costing U.S. banks, the research firm said.

Though U.S. banks are aware that both bank card fraud and phishing -- the criminal practice of tricking people into entering confidential information into fake Web sites -- are problems, the link between these two phenomena is not always well understood, said Avivah Litan, a Gartner vice president and research director.

And with bank card fraud on the rise, this can make things harder on the victims of identity theft, she said.

"It's a nightmare for consumers, and they don't always get their money back," she said. "Some banks say, 'We have no proof that a criminal did this.'"

Part of the problem is that about half of U.S. banks no longer use a security feature that would make phishing attacks much less effective, Litan said.

At a minimum, banks in the U.S. require an account number and PIN (personal information number) in order for funds to be withdrawn from an account. But banks are also capable of storing on a card's magnetic strip a third number, unknown to the consumer, that can be used to further authenticate its validity.

Though this third number, called a PIN offset, was widely used when cash machine cards were first introduced, only about one half of U.S. banks still use this type of security today, because it generally requires that a card be brought into the bank every time its PIN number is changed. Customers prefer to be able to change their PIN numbers via telephone, and so many U.S. banks have simply dropped the PIN offset, she said.

The unintended side-effect of this change is that things are now much easier for phishers, who no longer need to read that third number directly from bank cards to make counterfeits.

Based on a survey of 5,000 U.S. adults conducted in May, Gartner estimates that about 3 million U.S. consumers were the victims of bank card fraud over the past year. The most common way for thieves to get access to bank card information was either by stealing a wallet, or stealing information from the Internet, Litan said.

Phishing is a particularly popular among cash machine card fraudsters, she said. "I would say it's probably the cause of 70 percent of (cash machine card) fraud," Litan said.

That may be one reason why phishing attacks have been on the rise lately.

E-mail security vendor Postini Inc. said that e-mail containing links to phishing Web sites reached an all-time high in July. The company intercepted more than 19 million phishing emails during the month, nearly double the amount that it saw in April of this year.

"We have seen it start to ratchet up," said Andrew Lochart, a senior director of marketing at Postini. In April, his company intercepted 9.7 million phishing e-mails, he added.

Still, phishing spam accounts for a relatively small percentage of the 8 billion e-mail messages that Postini quarantines and examines every month, he said.

"It's a harder kind of spam to engage in," Lochart said. "You have to make your message look good and you have to craft a landing page that you're going to direct the victim to. ... It's harder than blasting out a million copies of a spam for toner cartridges or preapproved mortgages."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?