By now, you’ve heard about a global ATM heist for the ages; this complicated operation did $45 million worth of withdrawals.
The high-tech part involved hacking into financial accounts. The low-tech part: making homemade debit cards that get away with it in one important country: ours.
To simplify, this was a two-part crime. The bad guys stole debit card information online, and then pasted that info onto magnetic stripe debit cards. The kind you and I use.
Easy peasy, says fraud analyst Julie Conroy at the Aite Group. You can buy the equipment to do it for $25.
“So you can take any ordinary plastic card,” Conroy says. “It can be an old gift card you’ve gotten. Create your own magnetic stripe. And then use it like any other ATM card.”
This magnetic stripe technology is older than the Ford Pinto. Its vulnerabilities let the presumed crooks in this case make duplicate debit cards to use all at once.
“It was really choreographed,” says financial researcher Brian Riley with CEB Tower Group. “Within the course of ten hours, thousands of transactions passed through. And if you saw the map that was released, it showed a map going straight down Broadway.”
The U.S. is the world’s only advanced economy using magnetic stripes. Every other member of the G20 group of industrialized countries uses a newer technology.
“That puts a chip on the cards,” says fraud consultant Jerry Silva. “And now you had kind of a double layer of security.”
Cards with chips embedded are harder to copy. And they generate a unique code for each transaction, for additional security.
Ideally, American consumers and banks want that.
“But the cost of replacing all of the plastic in this country, the cost of upgrading every ATM to date has exceeded the cost of the fraud itself,” says Silva.
By one estimate, the hardware upgrade would cost around $4 billion. That puts this $45 million case in some perspective.
One reason Americans are in this situation is, we invented credit cards. So we have old infrastructure, a bit like the New York City subway system.
“A lot of times the early adopters are stuck with a generation 1.0 system,” says cybersecurity analyst Chris Wysopal of Veracode. “And I think that’s what we have here.”
Still, higher-tech cards are coming to the U.S. in the next few years, analysts say. They’ve started to hit the market for global travelers, though financial firms still have to work out details of the chip format.
When the new cards do come, no one in the industry believes our fraud problems will be resolved. The hackers will just need to get a little more creative.
If you’re a member of your local public radio station, we thank you — because your support helps those stations keep programs like Marketplace on the air. But for Marketplace to continue to grow, we need additional investment from those who care most about what we do: superfans like you.
Your donation — as little as $5 — helps us create more content that matters to you and your community, and to reach more people where they are – whether that’s radio, podcasts or online.
When you contribute directly to Marketplace, you become a partner in that mission: someone who understands that when we all get smarter, everybody wins.
make public service
Thank you for doing your part!