Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat
PhoneFactor Blog

ATM Fraud in Broad Daylight

Posted  April 30, 2010 By Steve

Before you hit play and watch this news story, just know that the Bad Guy didn’t even have to try as hard as he did. This crime is easier to commit than this news segment shows, and there are places a whole lot more vulnerable than an ATM vestibule in the middle of the day.

It’s an important case because we rely more and more heavily on ATM/Debit and Credit Cards as we move toward a cashless society. And they’re all vulnerable to the type of attack detailed here. New card skimmers are showing up that get the mag stripe data. Some are coupled with small cameras that watch you enter your PIN. The info is sent to a Bad Guy via a wireless network, and the Bad Guy makes a new mag stripe card, drives across town, withdraws money out of another ATM or makes a purchase at a retail store (no PIN is required if the transaction is run as a credit card purchase), and disappears into the sunset. You’ll never see your money again.

Roll ‘em:

Basically, the Bad Guy just needs a few seconds to attach a skimmer to the ATM and attach a camera to a convenient location in view of the keypad. Everything can be pre-programmed, so this whole operation can be done in the blink of an eye. The system works by wirelessly transmitting all of the information to the crook, at a safe distance from the ATM.

The point is it’s easy to read magnetic stripes, it’s easy to re-encode magnetic stripes, and it’s easy to buy a bunch of blank credit-card-sized magnetic stripe cards and encode those stripes with stolen numbers. Since merchants don’t verify that you have a genuine— or even genuine-looking— card anymore, a Bad Guy can copy your card and use it at any gas station, any ATM, or any self-service kiosk, and probably not get caught.

Numerous incidents of ATM skimming have been reported recently, including:

So, what can be done about this?
There are a few things consumers can do to dramatically improve security in their life, like monitoring their transactions, using known ATM machines and keeping an eye out for changes, etc. But just like passwords are no longer considered a sufficient means of protecting access to online accounts due to things like phishing, relying on a magnetic stripe on a credit card is just not enough to protect your financial transactions. Adding a second method to verify that the account owner is, in fact, the person conducting the transaction would offer material benefit.

PhoneFactor’s Transaction Verification is an easy, effective means of protecting consumers. PhoneFactor simply calls the card holder to verify the transaction before dispensing the cash or completing the transaction. It works for online transactions as well as in person transactions as ATMs and retail locations.

- Steve

Share This
  • Twitthis
  • Facebook
  • E-mail this story to a friend!
  • Digg
  • Technorati
  • del.icio.us
  • StumbleUpon
  • Slashdot

Leave a Reply

   Legal  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates