Tuesday, April 11, 2017
"ATM terminals in brightly lit, well-populated retail stores are far less likely than bank ATMs to be targets of card data theft and skimming," said NAC Board Chairman George Sarantopoulos. "Outdoor, on-premises bank ATMs are typically left unattended and out of sight of bank personnel, making them the perennial targets of choice for card and PIN data theft."
Bruce Wayne Renard, NAC Executive Director, added, "Last year, when FICO issued a similar press release about non-bank ATM fraud volumes, NAC surveyed over 160 ATM companies. Nine out of ten respondents never found a skimming device on their ATMs, and more than 50 percent had been in the retail ATM business for more than 10 years."
FICO, founded in 1956 by engineer Bill Fair and mathematician Earl Isaac, has evolved into an international authority on predictive analytics, credit scoring, and business rules management and optimization. Publicly traded in the New York Stock Exchange under the symbol FICO, the company is 20 percent owned by leading banks, including Bank of America Corp., JPMorgan Chase & Co. and Wells Fargo & Co.
NAC, established in 2012, is dedicated to the needs of independent ATM owners, operators and suppliers. The not-for-profit association represents members' best interests in an array of issues and initiatives, which include the approaching October 2017 EMV (Europay, Mastercard and Visa) liability shift, Operation Chokepoint and an ongoing legal battle against Visa Inc. and Mastercard over ancillary ATM fees imposed on retail ATMs.
"Given the competitive nature of the nation's largest banks, FICO's card fraud data makes sense," Renard said. "The data is skewed in much the same way as big banks impose egregious penalties on their own cardholders each time they use a competitor's ATM."
"The number of payment cards compromised at U.S. ATMs and merchants monitored by FICO rose 70 percent in 2016," FICO stated. "The number of hacked card readers at U.S. ATMs, restaurants and merchants rose 30 percent in 2016."
Renard called FICO's statement on compromised payment cards misleading and biased against retail ATM terminals. Chief among his concerns are the following:
Renard and Sarantopoulos acknowledged the ongoing EMV migration has elevated short-term threat levels across the entire ATM and retail payments ecosystem, as criminals make one last grab at mag-stripe counterfeit fraud. Despite these imminent risks, they said, ever-vigilant independent ATM owners, vendors and deployers have not seen a spike in on-site skimming.
"When EMV was rolled out in other countries, statistics show a measurable jump in card fraud during the transition period, as the mag-stripe land grab was ending," Sarantopoulos said. "NAC has worked diligently over the past several years to raise awareness of this short-term, escalating threat window throughout the U.S. retail ATM sector, even though skimming at retail ATMs has not been an issue in the past."
"While we have no doubt that, during the current EMV transition, criminals are using more and more counterfeit, cloned cards to try and steal money from all ATMs and point of sale devices, which has occurred in other countries during initial EMV implementation, it is inaccurate to suggest that skimming theft of cardholder data is a significant issue at retail ATMs in America," Renard added.
NAC representatives have asked FICO for supporting data points and a long-form copy of the unpublished 2016 debit card fraud report. The Green Sheet reached out to FICO for comment and will update this story should FICO respond.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.