Banks make phishing easy says Gartner


Banks make phishing easy says Gartner

Tash Shifrin

Banks are leaving customers prey to theft by failing to validate security codes from the magnetic strip on the back of cash cards, IT industry analyst Gartner has warned.

Thieves who have conned customers into giving away account information using phishing techniques – fake bank e-mails requesting that recipients visit a website and enter their data – use the data to withdraw money from ATMs.

In a new report on US banking, Gartner estimates that that this fraud cost an estimated $2.75bn (£1.55bn) in the 12 months to May.

Avivah Litan, vice president and research director at Gartner, said the fraudsters could steal from accounts using just the account number and PIN. “They succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorising transactions,” she said.

“These security codes are stored on Track 2 of the magnetic stripe and include Pin offsets and Card Verification Value (CVV) codes. The codes link the physical card to the customer's account number.”

The magnetic strip data is unknown to bank customers and so cannot be phished. But Litan added, “Surprisingly, perhaps as many as half of US-based financial institutions are not validating Track 2 security data while authorising ATM and Pin debit transactions.

“Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so.”


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy