Gartner: $2.75bn lost to card fraud

Banks failing to secure customers' data...

Banks failing to secure customers' data...

Thieves in the US have stolen a total of $2.75bn over the last year by exploiting flaws in banking systems, analyst Gartner has claimed.

Three million consumers in America were victims of fraud involving ATM and debit cards, according to the company's research.

Avivah Litan, vice president and research director at Gartner, said in a statement: "Criminals sometimes counterfeit ATM and debit cards with just account numbers and PINs in hand, and they can use this stolen information at ATMs to withdraw cash from a cardholder's account. They succeed when the card-issuing bank is not validating security codes on the magnetic stripe of the card while authorising transactions."

The analyst estimated that thefts, which average at more than $900 per customer, are largely due to phishing scams. Thieves are apparently obtaining consumer account and password data via phishing and keystroke logging, then using the information to hack into consumers' ATM accounts.

Litan criticised banks for having the ability to stop the attacks but failing to do so: "Banks can modify their ATM host systems to check for security data on a card's magnetic strip. This data is unknown to bank customers and, therefore, cannot be phished. Thieves generally cannot duplicate this security data unless they have insider knowledge of the bank's algorithms and security codes."

He added that "perhaps as many as half" of financial institutions in the US are not protecting customers by checking for this additional data during ATM and debit transactions.

The findings are based on a May survey of 5,000 US adults who are active online.