Lax security enables ATM card fraud, report says
An unprecedented wave of Internet-based bank fraud has been enabled in part by banks that don't bother to check security codes on cash cards, according to a report released on Tuesday.
Roughly half of U.S. banks in recent years have stopped checking codes embedded in the magnetic stripe of ATM and debit cards, making it easier for online con artists to suck cash out of consumers' accounts, Gartner Inc. analyst Avivah Litan said.
"The only reason they don't check these things is because they forgot about it," Litan said. "Really, I'm furious."
Litan found that con artists took $2.75 billion in cash from bank accounts over the past 12 months, often by tricking consumers to reveal their bank-account numbers and passwords in a technique known as "phishing."
Banks usually cover consumer losses due to fraud.
About 70 percent of those losses could have been prevented if banks had verified magnetic-stripe information rather than relying only on account numbers and passwords known by consumers, Litan said.
But that would make it more difficult for customers to change their PIN numbers when they're worried about fraud, as they'd have to come into a branch office rather than simply picking up the phone or logging on to the bank's Web site, she said.
Another security code, the three-digit CVV code printed on the back of the card, can be easily guessed by fraud artists using an automated "brute force" attack, she said.
BANKS QUESTION ACCURACY OF REPORT