Debit Card Data Theft Via ATM On The Rise

Just as merchants are cracking down at the point of sale, data thieves are finding a new target from which to skim debit card data – the ATM. Between January and April of this year alone, the number of assaults on consumer debit launched through the ATM has reached its highest level in years, according The Wall Street Journal, which cited data released by FICO. During that time period, compromises at ATMs located on bank property jumped 174 percent from Jan. 1 to April 9 when compared to the same time period in 2014. Successful attacks at nonbank machines were up an even more disturbing 317 percent, according to FICO.

“These tremendous spikes in fraud are unprecedented,” said John Buzzard, who manages FICO’s card-alert service, according to WSJ.

FICO did not report the total number of such incidents, claiming contractual relationships with customers prohibited it.

While EMV Chip tech has theoretically made it more difficult for thieves to create counterfeit pay cards, ATMs are still not onboard with the new technology (though J.P. Morgan Chase & Co. and Bank of America Corp. have recently begun to install the more advanced machines). Moreover, ATM operators will not have their equivalent of the liability shift for at least a year (likely more).

“[Criminals] know there is still vulnerability [at the ATM] and they are trying to capitalize on it,” Owen Wild, director of security marketing at NCR Corp., one of the largest ATM manufacturers, told WSJ.

The ATM hacks that are cropping up seem to be making use of the time-tested skimming method –  in which criminals install devices that capture information from the card’s magnetic stripe. That data is then used to build fake cards that are usable at ATMs or for in-store (and online) purchasing). Thieves can use this stolen data to drain customer bank accounts, though cardholders aren’t typically liable for unauthorized activity on their debit cards – but customers are responsible for promptly reporting the breach.

U.S. consumers made 5.8 billion ATM withdrawals in 2012, totaling $687 billion, according to a study released last year by the Federal Reserve.  The recent round of hacks seems to be focused on traditional hot spots such as southern Florida as well as in new places such as Albuquerque, New Mexico, and Memphis, Tennessee. There was also a surge of hacking activity in the Northeast last week that traveled from Philadelphia to New York, he said.



The PYMNTS Cross-Border Merchant Friction Index analyzes the key friction points experienced by consumers browsing, shopping and paying for purchases on international eCommerce sites. PYMNTS examined the checkout processes of 266 B2B and B2C eCommerce sites across 12 industries and operating from locations across Europe and the United States to provide a comprehensive overview of their checkout offerings.

Click to comment