Another Report Casts Doubt on Phishing ATM/Debit Impact

ARLINGTON, Va. – Should more credit unions be careful about making sure they check security codes in the magnetic stripes of debit cards as part of the authentication process or shouldn’t they? A report from the TowerGroup (see related story on page 23) has indirectly challenged the assertion from the Gartner Group that financial institutions are at risk for greater fraud on debit transactions because they are not processing with the security codes in the magnetic stripes on the backs of the cards. Based on recent discussions with the largest card-issuing U.S. banks, TowerGroup estimates that, on average, one out of 15,600 ATM and POS debit transactions today are fraudulent, almost all of which originates from stolen cards and card skimming. TowerGroup officials assert that withdrawal and debit purchase limits on retail accounts helped to restrict total ATM and POS fraud losses to not more than $990 million in the U.S. in 2004. In order to successfully create plastic cards, which could be used to retrieve cash at the ATM, criminals need to recreate the authentication codes created by Visa and MasterCard. TowerGroup estimates that more than 90 percent of the top 100 banks in the U.S. check the codes as part of their card processing. “Although fraud from phishing, across all channels, is a serious crime, and one that has the potential to cause great damage to its victims, the dollar loss to the industry is a relatively small problem,” said Jerry Silva, service director at TowerGroup. “We estimate the dollar loss from fraud that originates in phishing at $81 million annually in the U.S., across all areas.”