Thursday, January 24, 2013 - 4:54 PM

VISA, FICO Warn Card Issuers Of More Sophisticated ATM Crimes

From Consumerist:

[P]eople using ...skimmed data were generally limited to how much cash they could pull out of victim’s accounts in a day. And so a new breed of criminal has figured out a way to steal hundreds of thousands of dollars from ATMs.

... “In a recently reported case, criminals used a small number of cards to conduct 1000′s of ATM withdrawals in multiple countries around the world in one weekend,” ... perpetrators are “gaining access to issuer authorization systems and card parameter information” with the goal of using individual ATM cards to “facilitate massive fraud.”

And they don’t mean a few hundred bucks.

“In some instances over $500K USD has been withdrawn on a single card in less than 24 hours,” writes Visa.

The hackers “may have accessed or penetrated the point-of-sale systems for a couple of merchants in the U.S.”

pearlbrown1,006 posts since
Nov 2, 2010
Rep Points: 3,867

1. Thursday, January 24, 2013 - 5:32 PM

This quote from the newspaper article is downright scary:

"Kellermann, at Trend Micro, said he still doesn't see fraud levels lighting any fires in this country. "As long as the fraud stays below 2 percent (of revenue) they're not going to change," he said. Kellermann's prediction is that the security issues will worsen as banking-by-smartphone takes off: "In 2013, you're going to see massive cash-out schemes involving mobile devices."

Shorebreak1,294 posts since
Apr 6, 2010
Rep Points: 4,852

2. Thursday, January 24, 2013 - 5:46 PM

It's hard to believe that effective solutions cannot be developed with the same 2% of revenue which issuers appears to be willing to accept as the threshhold of "acceptable losses".

pearlbrown1,006 posts since
Nov 2, 2010
Rep Points: 3,867

3. Thursday, January 24, 2013 - 6:08 PM

Cyber Attack/Security will be extremely important and popular for the current era and onward.

To name just a few risk areas:

1. ATM, gas station, etc. have vunerability that can be easily exploited.

2. ACH, internet, e-mail systems etc. are not fraud-resistant at all.

3. Credit card, debit card, gift card and their systems are fundamentally old-technology with no consideration against intelligent detection and exploitation.

4. Banking systems/accounts are open to various attacks both online and by physical means.

5. Investment firms with 401K and various stock trades are subject to smart manipulation and intended information gathering and gaining.

It is truly a scary world out there folks. Even the ID protection, Internet security (against spyware, hacking, etc.), and other meaures one can think of are definitely insufficient.

51hh1,036 posts since
Jan 16, 2010
Rep Points: 4,743