News

Report: Phishing effect at ATM, POS is minimal

August 23, 2005

NEEDHAM, Mass. - A debate is ongoing in the financial services industry regarding how much of an impact phishing - soliciting customer information through the Internet for the purpose of fraud - is having on ATM and point-of-sale debit card locations.

According to a news release, TowerGroup believes there is a misconception in the marketplace that ATM/debit fraud from phishing is a runaway phenomenon.
 
TowerGroup asserts that the effect is minimal, with less than 1 percent of fraud losses in the ATM and POS channels actually coming from phishing-based fraud.

TowerGroup estimates that of the 17 billion ATM and PIN-based POS transactions in the United States last year, 1.1 million were fraudulant. Almost all of which, TowerGroup concludes, originate from stolen cards and card skimming.

TowerGroup officials assert that withdrawal and debit purchase limits on retail accounts helped to restrict total ATM and POS fraud losses to not more than $990 million in the U.S. in 2004.

"Although fraud from phishing across all channels is a serious crime, and one that has the potential to cause great damage to its victims, the dollar loss to the industry is a relatively small problem," said Jerry Silva, service director of the retail banking and delivery channels research services at TowerGroup. "We estimate the dollar loss from fraud that originates in phishing at $81 million annually in the U.S., across all areas."

In order to successfully create plastic cards that can be used to retrieve cash at the ATM, criminals need to recreate the code verification value or card validation code, authentication codes created by Visa and MasterCard. TowerGroup estimates that more than 90 percent of the top 100 banks in the U.S. check for CVV and CVC today.

TowerGroup's study is based on recent discussions with the largest card-issuing U.S. banks.