ATM Skimming Undeterred

by Mercator Advisory Group 0

ATM skimming is a growing global problem, despite steps taken in Europe and other markets to curb attacks on credit and debit cards.
A new report from the European ATM Security Team shows fraud trends have continued to climb, and so have losses. For the first six months of 2011, financial losses linked to ATM skimming were reported by 64 countries, the majority of which fall outside the Single Euro Payments Area, better known as SEPA, where migrations to the Europay, MasterCard, Visa standard are, for the most part, complete.

But skimming attacks remain a problem even in SEPA. In fact, attacks on ATMs were reported by all but two of the countries included in the EAST report. Seven of the 64 identified upticks in skimming, while only four experienced decreases.

So, even though SEPA countries have shifted from the magnetic stripe to the more secure chip technology, they continue to see losses. They also say they’ve found the brazenness of criminals to be escalating. Most countries included in EAST’s report said skimming devices were being left on ATMs for longer stretches of time – in some cases, for as long as a week.

EAST did not elaborate on why fraudsters felt more confident. But I suspect part of the reason is because of migrations to EMV. Now that those countries have moved away from the legacy mag-stripe (which, incidentally, continues to reign in the U.S.), they’ve acquired false senses of security.

While EMV chip technology is more secure, it remains vulnerable. Why? Because until every global market completes a migration to some form of EMV-compliant technology, mag-stripes will remain. And as long as mag-stripes exist on cards (even chip cards) in formats that can be read, they will be skimmed.

As is often the case, enterprising fraudsters find ways to follow the next opportunity. And with the adoption of EMV occurring in phased rollouts in various markets, there can be confusion by users, and opportunities for those with nefarious intentions.

This should be a warning to those FIs in the United States awaiting EMV adoption that they should not be lulled into a false sense of security. They should be wary and not let their guard down. They should ensure that anti-skimming security measures are in place at all ATMs, including EMV-enabled machines.

Read full article: http://www.bankinfosecurity.com/blogs.php?postID=1226