New Credit Card Fraud Technique Proves Hard to Detect for Banks

[tipo]

Credit card fraudsters are increasingly resorting to salami ATM attacks, that are very difficult to detect and can result in significant losses.

The new method was described by Gartner Vice President and Analyst Avivah Litan, who calls it "flash attack," because it involves hitting many ATMs at the same time.

The attacks are based on the "salami slicing" concept, where extremely small ammounts are stolen from multiple sources in order to fly under the radar.

According to Ms. Litan, it all starts with a gang of fraudsters installing rogue PoS devices, capable of stealing credit card data and PINs, at stores belonging to a particular retailer, in multiple cities and states.

The skimmers planted inside these terminals send data to a central database, from where it is used to create hundreds of counterfeit credit cards.

The cards get the associated PIN numbers sticked onto them and are handed out to a network of money mules, dispersed around the country.

All mules are given around five fake cards at once and are instructed to withdraw very small amounts from each of them. Hundreds of ATMs in different cities are hit the same time.

"[...] Within ten minutes, simultaneous withdrawals at all these ATM machines add up to about $100,000 in proceeds," the Gartner analyst explains.

The gang repeats the operation five times a month with different cards and they earn $500,000, of which a portion is used to pay the money mule network.

Ms. Litan learned of the new attack from several affected banks and payment processors, who told her that this type of fraud is notoriously hard to detect or block.

Possible mitigation involves determining the source of compromise and suspending all cards used there over a long period of time, which can prove extremely costly.

In addition, finding the point-of-breach can be very complicated, because the fradusters begin abusing the cards a long time after they were compromised, sometimes a year or more.

"The long term solution: Stronger cardholder authentication, whether using Chip and PIN, dynamic PINs, mobile geolocation information, or other authentication alternatives," Litan concludes.

link

[irefay]

Damn. Decentralization works. I am curious how ATM video footage is being used. Sure they could just use a mask, cover up the camera, ect. Eventualy though, one makes a mistake. Then you have an opening to backtrack to the source.

[myidisbb]

Damn. Decentralization works. I am curious how ATM video footage is being used. Sure they could just use a mask, cover up the camera, ect. Eventualy though, one makes a mistake. Then you have an opening to backtrack to the source.

last great attack on atms they got busted after a few months. when these bast retards come to count just goggle they name for their place of living and rob them

[LeetPirate]

Hmm, my bank send me a note harassing me to upgrade my card to this new chip and pin thing. I kinda ignored it cuz of laziness but maybe I should go get the chip and pin upgrade to be on the safe side. :fear:

[myidisbb]

Hmm, my bank send me a note harassing me to upgrade my card to this new chip and pin thing. I kinda ignored it cuz of laziness but maybe I should go get the chip and pin upgrade to be on the safe side. :fear:

in the usa the credit card companies have been replacing mass amounts of cards if there seems to be a possbile leak, problem etc