TowerGroup has announced new research examining the impact that phishing attacks may be having on fraud perpetrated at ATMs and debit POS locations that concludes that losses from fraud due to phishing runs about $81 million annually in the US.
Based on recent discussions with the largest card-issuing US banks, TowerGroup estimates that, on average, one out of 15,600 ATM and POS debit transactions today are fraudulent, almost all of which originates from stolen cards and card skimming.
Given an annual ATM and PIN-based POS transaction volume of just over 17 billion in the US last year, this means there were just over 1.1 million fraudulent debit transactions in 2004. TowerGroup believes that withdrawal and debit purchase limits on retail accounts helped to restrict total ATM and POS fraud losses to not more than $990 million in the US in 2004.
In order to successfully create plastic cards, which could be used to retrieve cash at the ATM, criminals need to recreate the Code Verification Value (CVV) or Card Validation Code (CVC), authentication codes created by Visa and MasterCard. TowerGroup estimates that over 90% of the top 100 banks in the US check for CVV and CVC today.
"Although fraud from phishing, across all channels, is a serious crime, and one that has the potential to cause great damage to its victims, the dollar loss to the industry it is a relatively small problem," said Jerry Silva, service director of the Retail Banking and Delivery Channels research services at TowerGroup. "We estimate the dollar loss from fraud that originates in phishing at $81 million annually in the US, across all areas."