Gartner: Bank card fraud too easy for phishers

By not using all available security features, U.S. banks are making it easier for phishers to commit ATM fraud, Gartner says.

U.S. banks are putting customer convenience ahead of security and, in the process, making it much easier for online "phishers" to create counterfeit bank cards, according to a Gartner report released Tuesday. And with the Internet now a common source of stolen account information, phishers are accounting for a growing portion of the estimated US$2.75 billion in annual losses that bank card abuse is costing U.S. banks, the research firm said.

Though U.S. banks are aware that both bank card fraud and phishing -- the criminal practice of tricking people into entering confidential information into fake Web sites -- are problems, the link between these two phenomena is not always well understood, said Avivah Litan, a Gartner vice president and research director.

And with bank card fraud on the rise, this can make things harder on the victims of identity theft, she said.

"It's a nightmare for consumers, and they don't always get their money back," she said. "Some banks say, 'We have no proof that a criminal did this.'"

Part of the problem is that about half of U.S. banks no longer use a security feature that would make phishing attacks much less effective, Litan said.

At a minimum, banks in the U.S. require an account number and PIN (personal information number) in order for funds to be withdrawn from an account. But banks are also capable of storing on a card's magnetic strip a third number, unknown to the consumer, that can be used to further authenticate its validity.

Though this third number, called a PIN offset, was widely used when cash machine cards were first introduced, only about one half of U.S. banks still use this type of security today, because it generally requires that a card be brought into the bank every time its PIN number is changed. Customers prefer to be able to change their PIN numbers via telephone, and so many U.S. banks have simply dropped the PIN offset, she said.

The unintended side-effect of this change is that things are now much easier for phishers, who no longer need to read that third number directly from bank cards to make counterfeits.

Based on a survey of 5,000 U.S. adults conducted in May, Gartner estimates that about 3 million U.S. consumers were the victims of bank card fraud over the past year. The most common way for thieves to get access to bank card information was either by stealing a wallet, or stealing information from the Internet, Litan said.

Phishing is a particularly popular among cash machine card fraudsters, she said. "I would say it's probably the cause of 70 percent of (cash machine card) fraud," Litan said.

That may be one reason why phishing attacks have been on the rise lately.

E-mail security vendor Postini Inc. said that e-mail containing links to phishing Web sites reached an all-time high in July. The company intercepted more than 19 million phishing emails during the month, nearly double the amount that it saw in April of this year.

"We have seen it start to ratchet up," said Andrew Lochart, a senior director of marketing at Postini. In April, his company intercepted 9.7 million phishing e-mails, he added.

Still, phishing spam accounts for a relatively small percentage of the 8 billion e-mail messages that Postini quarantines and examines every month, he said.

"It's a harder kind of spam to engage in," Lochart said. "You have to make your message look good and you have to craft a landing page that you're going to direct the victim to. ... It's harder than blasting out a million copies of a spam for toner cartridges or preapproved mortgages."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?