Criminals are stealing card data from U.S. automated teller machines at the highest rate in two decades, preying on ATM users at independently owned cash kiosks and even at bank ATMs.
From January to April 9, 2015, the number of attacks on debit cards used at ATMs reached the highest level for that period in at least 20 years, according to FICO, a credit-scoring and analytics firm. The company tracks such incidents through its card- monitoring service for financial institutions that represent more than 65% of all U.S. debit cards.
Debit-card compromises at ATMs located on bank property jumped 174% from Jan. 1 to April 9, compared with the same period last year, while successful attacks at nonbank machines soared by 317%, according to FICO.
“These tremendous spikes in fraud are unprecedented,” said John Buzzard, who manages FICO’s card-alert service.
FICO did not report the total number of such incidents, claiming contractual relationships with customers prohibited it.
While EMV Chip tech has theoretically made it more difficult for thieves to create counterfeit pay cards, ATMs are still not on board with the new technology (though J.P. Morgan Chase & Co. and Bank of America Corp. have recently begun to install the more advanced machines). Moreover, ATM operators will not have their equivalent of the liability shift for at least a year (likely more).
“[Criminals] know there is still vulnerability [at the ATM] and they are trying to capitalize on it,” said Owen Wild, director of security marketing at one of the largest ATM manufacturers, NCR Corp.
The ATM hackers are taking advantage of the machines that are still stuck in the technology of past decade. They are using the same methods that have been around for some time, installing devices that capture information from the card’s magnetic stripe. That data is then used to build fake cards that are usable at ATMs or for in-store (and online) purchasing). Thieves can use this stolen data to drain customer bank accounts. They can also install cameras to capture your PIN, or fake
You can take a few common sense steps to minimize the chances of your data being stolen. If a ATM card reader seems to have been tempered with, just go to another ATM. Look around for objects that look out of place, which might be small cameras. Cover the keypad with one hand, and input your PIN with the other.
Cardholders aren’t typically liable for unauthorized activity on their debit cards, but you are responsible for promptly reporting the breach. That’s why it’s very important to regularly check all of your accounts and credit cards for possible fraud. Mint makes this easier, with your transactions streamlined in one page. So if a large withdrawal is made, then you’ll notice it right away. I personally open up Mint every morning and take a look at the transactions, usually chekcing if transfers and payments were completed, a bonus was received, or if there is any fraudulent activities.
You should also sign up for websites such as Credit Sesame or Credit Karma and regularly check your credit history. Sooner or later there will be some kind of fraud and you want to be able to catch it promptly to limit the damage.
As Fortune reported earlier this year, a majority of American corporations believe they will be hacked in 2015. The questions they are all dealing with is how to prepare for them and how to deal with them when they happen, because preventing these compromises has become increasingly difficult.