ATMs may be an easy target for thieves

< Prev | 1 | 2 | 3

FREE VIDEO

White card scam
Aug. 2: A recently-released report suggests lax security is making it easier for criminals to target ATMs. MSNBC.com's Bob Sullivan reports.

MSNBC

MSN Tech and Gadgets

The PC World 100: Best products of 2009

Get the most out of Black Friday bargains

Evolution of the MP3 player

Most popular

• Most viewed

• Top rated

• Most e-mailed

It’s prime time for colorful meteor shower

Tax credit is coming back to bite millions

Facebook’s ‘unfriend’ is Word of the Year

New advice: Wait until 50 for mammograms

Girl in prostitution-kid case found dead

Most viewed on msnbc.com

RSS feeds on msnbc.com

Add these headlines to your news reader

Security

Learn more about RSS

Hidden security code
The magnetic stripe on the back of a credit card is similar to magnetic tape used for cassette recordings, or to back up computer data. Every ATM card stripe is loaded with a three-digit security code, known as either CVV (Card Verification Value) or CVC (Card Verification Code). The characters are different from the CVV2 value that's actually printed on the card, and often requested of consumers when shopping online.

These CVV or CVC codes are invisible to consumers, so they can't be tricked into divulging the information. The secret data is supposed to prove the plastic inserted into an ATM machine is really the plastic issued to the consumer by the bank.

But many banks don't check the codes. They just skip the process, assuming that if the PIN is accurate, the card must be authentic.

"Banks are not checking the magnetic stripe data as they should ... It's not clear why," Litan said. "It's not an expensive process. It doesn't add much to the cost of the transaction."

Jevans said most banks just didn't think it was necessary until recently.

"Tons of people don't set up their ATMs to check (the security codes)," he said. "They never thought to turn it on. It was never a problem."

Banks targeted by such fraud can spend months trying to figure out what's happening, Litan said. But once they do, adding the security code check stops the thieves cold, she said.

"They are often quickly able to stop the crime with a relatively simple solution," she said. Would-be thieves then just move to the next "cashable" bank.

SunTrust Bank Inc. ATMs were described as "cashable" until last December in an online bulletin board devoted to ATM fraud. On the bulletin board pages, described by a bank security expert as a discussion between con artists talking about ATM white card fraud, criminals lament SunTrust's upgrade.

"Hey everyone. Again, really bad news," one bulletin board participant writes. "SunTrust is not cashable anymore, anywhere in the world. So I think we should start some other banks."

Responding to a question regarding the bulletin board, Hugh Suhr, a spokesman for SunTrust said: "(We) don’t have any input as this appears to pertain to security-related matters and we don’t publicly discuss as we see that as counterproductive to those efforts."

Going after smaller fish
Jevans, of the Anti-Phishing Working Group, says most big U.S. banks have fixed the problem. "The bigger guys are way farther ahead on these things. So the bad guys move on to smaller targets who are less sophisticated," he said.

A spokesman for a small-bank interest group denied white card fraud was a problem for those institutions.

"We're not seeing much if any of this," said Dave Petro, executive vice president for the Independent Community Bankers Association Bankcard division, which helps smaller banks process ATM transactions. "Eight or nine years ago there were some programs that didn't do CVC or CVV validations, but they do that validation now. ... I wouldn't be surprised that some of the smaller processors may not be doing it. But I would be very surprised, shocked if it was widespread."

Either way, there's not much consumers can do to protect themselves, other than follow the standard advice: don't reveal your PIN to anyone, even over e-mail; and check your bank statement each month for signs of fraud.

In this case, it's up to banks to turn up the protection, Litan said. Implementing the added step of checking all the magnetic stripe information will largely stop the crime, she said.

But Feddis said the cat-and-mouse game with criminals will simply continue.

"Nothing is infallible," she said. "First there were cards with account numbers, then magnetic strips, then we put holograms on the cards. You are always trying to stay one step ahead."

Bob Sullivan is author of Your Evil Twin: Behind the Identity Theft Epidemic

< Prev | 1 | 2 | 3

Discuss Story On Newsvine
Rate Story:
View popularLowHigh
Email
Instant Message
Print