News

Retail ATMs are again fraudsters' favorite target, FICO data finds

March 30, 2017

FICO reported Wednesday that the number of compromised card readers at U.S. ATMs, restaurants and merchants monitored by the Silicon Valley firm rose 30 percent between 2015 and 2016.

The number of compromised payment cards ballooned as well, growing 70 percent over the period.

These numbers set a new high for the FICO Card Alert Service, which monitors hundreds of thousands of ATMs and other card readers in the United States.

The new data follows last year's report that the number of ATMs compromised increased 546 percent from 2014 to 2015, and that the bulk of these incidents occurred at nonbank devices.

Last year's data raised the ire of the National ATM Council, whose subsequent poll of 166 members (representing 5,000 U.S.-based ATMs) found few instances of card-reader compromise.

The new report could draw repeat fire from the NAC, as FICO has once again determined  that the majority of compromises between 2015 and 2016 — about 60 percent — occurred at nonbank ATMs.

The remainder occurred at bank ATMs and point-of-sale devices, the company said.

The average duration of an exploit continued to fall — on average, an ATM or POS device would be compromised for 11 days, compared with 14 days in 2015 and 36 days in 2014. The average number of cards affected by a single compromise fell by half.

"[S]kimming technology and know-how have improved and are more accessible to the general population, so we will continue to see increases in compromises and the speed at which they occur," said T.J. Horan, vice president of fraud solutions at FICO. "With some of the confusion we still have at various POS checkout locations, it's still important for consumers to be on alert."