In a new security alert, ATM developer NCR warns of a significant increase in US ATM skimming. Security expert Benjamin Wyrick, VP with VASCO Data Security, commented on the NCR alert on uptick in ATM skimming.
Benjamin Wyrick, VP at VASCO Data Security :
“The US Secret Service reports that there’s now more than $8B in ATM Skimming fraud annually. With more than 1.7M ATMs worldwide and more than $40B in annual cash withdrawals, the level of sophistication is growing quickly. Neither the card’s mag stripe nor the user’s PIN are usually ever changed. Two things will combat this fraud: expiration of data, and dynamic authentication.
“It is not possible to police 1.7M ATMs worldwide, some are bank owned, some are not. Our conversations with banks since 2014 have focused on eliminating cards and pins at ATMs all together. The card + pin process is flawed from the beginning: mailing out cards and then sending PIN mailers is not secure, and it doesn’t surprise any potential fraudster. This process only perpetuates the problem of static passwords that are easily stolen and reused by fraudsters. The future of the ATM is to dispense cash only – the mobile device will be the center of the fraud prevention universe. All authentication and transactions can be done in advance on the mobile banking application. This means that banks need to select the proper mobile application security solution to ensure that the application, device, communication channel and user are each properly secured. The technology is available today, and can dramatically improve multi-channel fraud prevention.”[su_box title=”About VASCO Data Security” style=”noise” box_color=”#336588″]VASCO Data Security is a world leader in authentication and digital signature solutions. It protects 10,000+ brands and many of the world’s top 100 banks and financial institutions. Leading hospitals and healthcare organizations trust its solutions to protect access to patient data, support e-RX and EHR, and satisfy regulatory compliance.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.