| Hot Topics
This list of Hot Topics will expand as time goes on. It is a definite work in progress.
We will look at issues that resonate with a wide number of users - money seems to be one of them, so there will be some emphasis on financial services.
To get the ball rolling, we have included small snippets that encapsulate or
summarize the issues, from Mary’s Globe & Mail columns.
However, never fear, we have wads of material, and will post it as soon as we can, so
check back often. |
 |
 |
Security and Your Money
How safe is that hole in the wall?
How secure are ATMs and is debit crime a reality today?
What kinds of attacks occur in the
real world?
One of the most common attacks on ATMs involves 'card skimming', where criminals use a combination of
stealth and gadgetry to harvest card numbers and acquire personal identification numbers (PINs).
2003
was a bad year for Canada, with card skimming rackets rife across the country. In December 2002, five
Russians were arrested for orchestrating a $1.2-million skimming scam in the Vancouver area. RBC ATMs in
Ontario have been skimmed in the past year, as have Bank of Nova Scotia drive through ATMs in the Ottawa
area.
More dramatic attacks involve 'ram driving,' where an ATM is physically dragged from the premises, usually
by a backhoe or other construction site machinery.
Ram driving is so common in Japan, in an effort to fight
back, institutions are installing sirens and blinding lights on ATMs to inhibit getaway, or to at least
make it more conspicuous.
In Sweden, dynamite attacks on ATMs are common. In 2000, 60 ATM vaults were blown up by explosives, causing
considerable collateral damage to the bank branches they were located in.
read more and what you can do to protect yourself
Phantom Withdrawals
A phantom withdrawal is the name given (by security types) to a situation where money leaves your account without your knowledge, while you still have your bank card(s) in your possession- and where you did not share your PIN, and there is no evidence of skimming or other illegal activity. These cases are happily rare, but when they do happen, they can pose a challenge for bank and customer alike.
In the UK, the problem has arisen that banks have refused to reimburse customers in such cases, insisting they themselves (through fraud, or by giving or selling their PIN numbers or sharing them with family members/friends) are responsible. There have been sad cases under this category of loss - and the legal situation can be ambiguous.
Invariably, when it is you versus Mega Bank, you may not always come off the better of the encounter, unless you have money to burn on lawyers and/or PR people. The banks lose such a lot of money to fraud (and much banking fraud is attributable to family members - i.e. your family rip you off) that they are cynical about claims of innocence, and can dig their heels in.
However for the sake of good customer relations, it is imprudent of them to appear too intransigent, unless there is clear evidence of questionable or suspicious circumstances.
Read about cases of phantom withdrawels from the website of a security researcher at Cambridge University (UK) - Mike Bond- and more about the subject generally.
Get help
If you are a victim of debit card card fraud- for instance - your card is stolen (same if lost), or you suspect someone has stolen or read (i.e. over your shoulder etc) your PIN, alert the bank immediately, as failure to do so within tight time frames (that vary around the world) can expose you to (worst case scenario) losing all your money.
Here is an article about what to do in the US- note the tight time frames to report and the fact the OCC has warned banks not to pin all the obligation to prove the loss onto the victims.
Knowledge of security breaches at ATMs - insider attacks, poor cryptography/ poor implementation or management of otherwise secure systems, etc, are frequently strictly within the knowledge of the bank, and impossible for the hapless customer to prove or disprove.
Especially (as occured in a case involving CitiBank in the UK) when the banks will often take the position that evidence about frailties in their ATM security processes and procedures can not be heard in open court, and impose gag orders to prevent an open debate on the issues.
You are warned.
What is phishing?
Old school bank robbers used to say they robbed banks because “that is where the money is”. Little has changed. The financial services sector is clearly the primarily target for a motley crew of rogues “following the money”.
Phishing is merely another weapon in their arsenal.
You see, despite the Hollywood image that it is a walk in the park for any ol' idjit to break through IT bank security, in reality it is no walk in the park. As a result, pragmatic organized crime gangs are increasingly following the path of least resistance by conning individuals into revealing online banking account details.
In a peculiar but devious twist, they are using legitimate account holders to unwittingly launder the spoils.
read more about how to spot fake web sites that seek to deprive you of that which you hold most dear- your hard earned loot!
|
