Language Selection

English French German Italian Portuguese Spanish

Lax security enables ATM card fraud, report says

Filed under

An unprecedented wave of Internet-based bank fraud has been enabled in part by banks that don't bother to check security codes on cash cards, according to a report released on Tuesday.

Roughly half of U.S. banks in recent years have stopped checking codes embedded in the magnetic stripe of ATM and debit cards, making it easier for online con artists to suck cash out of consumers' accounts, Gartner Inc. analyst Avivah Litan said.

"The only reason they don't check these things is because they forgot about it," Litan said. "Really, I'm furious."

Litan found that con artists took $2.75 billion in cash from bank accounts over the past 12 months, often by tricking consumers to reveal their bank-account numbers and passwords in a technique known as "phishing."

Banks usually cover consumer losses due to fraud.

About 70 percent of those losses could have been prevented if banks had verified magnetic-stripe information rather than relying only on account numbers and passwords known by consumers, Litan said.

But that would make it more difficult for customers to change their PIN numbers when they're worried about fraud, as they'd have to come into a branch office rather than simply picking up the phone or logging on to the bank's Web site, she said.

Another security code, the three-digit CVV code printed on the back of the card, can be easily guessed by fraud artists using an automated "brute force" attack, she said.


Full Story.

More in Tux Machines

LibreSSL 2.7.1 Released, OpenSSH 7.7 Being Tested

today's howtos

Programming: Python 2.*, Functional Computation, and Plagiarism in CS

  • 1.5 Year Warning: Python2 will be End of Lifed
    The end of upstream Python 2.7 support will be January 1, 2020 (2020-01-01) and the Fedora Project is working out what to do with it. As Fedora 29 would be released in 2019-11 and would get 1.5 years of support, the last release which would be considered supportable would be the upcoming release of Fedora 28. This is why the current Python maintainers are looking to orphan python2. They have made a list of the packages that would be affected by this and have started a discussion on the Fedora development lists, but people who only see notes of this from blogs or LWN posts may not have seen it yet.
  • Why is functional programming seen as the opposite of OOP rather than an addition to it?

    So: both OOP and functional computation can be completely compatible (and should be!). There is no reason to munge state in objects, and there is no reason to invent “monads” in FP. We just have to realize that “computers are simulators” and figure out what to simulate.

  • Why we still can’t stop plagiarism in undergraduate computer science

    The most important goal is to keep the course fair for students who do honest work. Instructors must assign grades that accurately reflect performance. A student who grapples with a problem — becoming a stronger programmer in the process — should never receive a lower grade than one who copies and pastes.


    University administrators should communicate their support. Instructors should know that, not only will they suffer no retaliation, but that the university encourages them to enforce university policies. This might require administrators to acknowledge the inconvenient truth of widespread plagiarism.

Debian: Turris Omnia With Debian, ClojureSYNC, Debconf 2018

  • Using the switch on Turris Omnia with Debian
    After installing Debian on Turris Omnia there are a few more steps needed to make use of the network switch. The Armada 385 CPU provides three network interfaces. Two are connected to the switch (but only one of them is used to "talk" to the switch), and one is routed directly to the WAN port.
  • ClojureSYNC Talk Resources
  • Debconf 2018, MATE 1.2.0, libqalculate transition etc
    First up is news on Debconf 2018 which will be held in Hsinchu, Taiwan. Apparently, the CFP or Call for Proposals was made just a few days ago and I probably forgot to share about it. Registration has also been opened now. The only thing most people have to figure out is how to get a system-generated certificate, make sure to have an expiry date, I usually have a year, make it at least 6 months as you would need to put up your proposal for contention and let the content-team decide it on the proposal merit. This may at some point move from alioth to salsa as the alioth service is going away. The best advice I can give is to put your proposal in and keep reworking/polishing it till the end date for applications is near. At the same time do not over commit yourself. From a very Indian perspective and somebody who has been to one debconf, you can think of the debconf as a kind of ‘khumb‘ Mela or gathering as you will. You can definitely network with all the topics and people you care for, but the most rewarding are those talks which were totally unplanned for. Also it does get crazy sometime so it’s nice if you are able to have some sane time for yourself even if it just a 5-10 minute walk.