Language Selection

English French German Italian Portuguese Spanish

Lax security enables ATM card fraud, report says

Filed under
Security

An unprecedented wave of Internet-based bank fraud has been enabled in part by banks that don't bother to check security codes on cash cards, according to a report released on Tuesday.

Roughly half of U.S. banks in recent years have stopped checking codes embedded in the magnetic stripe of ATM and debit cards, making it easier for online con artists to suck cash out of consumers' accounts, Gartner Inc. analyst Avivah Litan said.

"The only reason they don't check these things is because they forgot about it," Litan said. "Really, I'm furious."

Litan found that con artists took $2.75 billion in cash from bank accounts over the past 12 months, often by tricking consumers to reveal their bank-account numbers and passwords in a technique known as "phishing."

Banks usually cover consumer losses due to fraud.

About 70 percent of those losses could have been prevented if banks had verified magnetic-stripe information rather than relying only on account numbers and passwords known by consumers, Litan said.

But that would make it more difficult for customers to change their PIN numbers when they're worried about fraud, as they'd have to come into a branch office rather than simply picking up the phone or logging on to the bank's Web site, she said.

Another security code, the three-digit CVV code printed on the back of the card, can be easily guessed by fraud artists using an automated "brute force" attack, she said.

BANKS QUESTION ACCURACY OF REPORT

Full Story.

More in Tux Machines

Boards With Linux

  • Latest Linux Maker Boards Gamble on Diversity
    As usual, last week’s Embedded World show in Nuremberg, Germany was primarily focused on commercial embedded single board computers (SBCs), computer-on-modules, and rugged industrial systems for the OEM market. Yet, we also saw a growing number of community-backed maker boards, which, like most of the commercial boards, run Linux. The new crop shows the growing diversity of hacker SBCs, which range from completely open source models to proprietary prototyping boards that nevertheless offer low prices and community services such as forums and open source Linux distributions.
  • Rugged, expandable 3.5-inch Skylake SBC supports Linux
    Diamond’s 3.5-inch “Venus” SBC offers an Intel 6th Gen CPU, -40 to 85°C support, up to 20GB of ruggedized RAM, and mini-PCIe and PCIe/104 OneBank.
  • How enthusiasts designed a powerful desktop PC with an ARM processor

    The purpose of the gathering was to get the ball rolling for the development of a real desktop based on ARM. The PC will likely be developed by 96boards, which provides specifications to build open-source development boards.

Has Interest in Ubuntu Peaked?

This graph represents Google search volume for Ubuntu (the OS) from 2004 until now, 2017. Looking at the image it us hard to not conclude one thing: that interest in Ubuntu has peaked. Read more Also: Ubuntu splats TITSUP bug spread in update

Leftovers: OSS

Security Leftovers

  • Windows flaw lets attackers take over A-V software

    A 15-year-old flaw in every version of Windows right from XP to Windows 10 allows a malicious attacker to take control of a system through the anti-virus software running on the system.

  • Google Continues to Make Strides in Improving Android Security
  • Google cites progress in Android security, but patching issues linger
  • Dark Matter
    Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware. Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.