Gartner: Bank card fraud too easy for phishers

By not using all available security features, U.S. banks are making it easier for phishers to commit ATM fraud, Gartner says.

U.S. banks are putting customer convenience ahead of security and, in the process, making it much easier for online "phishers" to create counterfeit bank cards, according to a Gartner report released Tuesday. And with the Internet now a common source of stolen account information, phishers are accounting for a growing portion of the estimated US$2.75 billion in annual losses that bank card abuse is costing U.S. banks, the research firm said.

Though U.S. banks are aware that both bank card fraud and phishing -- the criminal practice of tricking people into entering confidential information into fake Web sites -- are problems, the link between these two phenomena is not always well understood, said Avivah Litan, a Gartner vice president and research director.

And with bank card fraud on the rise, this can make things harder on the victims of identity theft, she said.

"It's a nightmare for consumers, and they don't always get their money back," she said. "Some banks say, 'We have no proof that a criminal did this.'"

Part of the problem is that about half of U.S. banks no longer use a security feature that would make phishing attacks much less effective, Litan said.

At a minimum, banks in the U.S. require an account number and PIN (personal information number) in order for funds to be withdrawn from an account. But banks are also capable of storing on a card's magnetic strip a third number, unknown to the consumer, that can be used to further authenticate its validity.

Though this third number, called a PIN offset, was widely used when cash machine cards were first introduced, only about one half of U.S. banks still use this type of security today, because it generally requires that a card be brought into the bank every time its PIN number is changed. Customers prefer to be able to change their PIN numbers via telephone, and so many U.S. banks have simply dropped the PIN offset, she said.

The unintended side-effect of this change is that things are now much easier for phishers, who no longer need to read that third number directly from bank cards to make counterfeits.

Based on a survey of 5,000 U.S. adults conducted in May, Gartner estimates that about 3 million U.S. consumers were the victims of bank card fraud over the past year. The most common way for thieves to get access to bank card information was either by stealing a wallet, or stealing information from the Internet, Litan said.

Phishing is a particularly popular among cash machine card fraudsters, she said. "I would say it's probably the cause of 70 percent of (cash machine card) fraud," Litan said.

That may be one reason why phishing attacks have been on the rise lately.

E-mail security vendor Postini Inc. said that e-mail containing links to phishing Web sites reached an all-time high in July. The company intercepted more than 19 million phishing emails during the month, nearly double the amount that it saw in April of this year.

"We have seen it start to ratchet up," said Andrew Lochart, a senior director of marketing at Postini. In April, his company intercepted 9.7 million phishing e-mails, he added.

Still, phishing spam accounts for a relatively small percentage of the 8 billion e-mail messages that Postini quarantines and examines every month, he said.

"It's a harder kind of spam to engage in," Lochart said. "You have to make your message look good and you have to craft a landing page that you're going to direct the victim to. ... It's harder than blasting out a million copies of a spam for toner cartridges or preapproved mortgages."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?