Published May 28th, 2013 by Leveraging Logic
Written & illustrated by Micah Kearns
One of the largest cyber-crimes in history happened recently in February, when an
international ring of hackers stole $40 million by conducting 36,000 ATM transactions in 24 countries. After
the hackers breached the servers of the Bank of Muscat in Oman, manipulated account balances and disarmed
withdrawal limits, local gang cells would use standard pre-paid debit cards with spoofed magnetic stripes to
withdraw the cash through thousands of ATM’s across each city. The attacks were so well choreographed that
the
operation lasted less than 10 hours.
Now, when $40 million disappears from ATM’s across the world, people notice, and it raises some
serious questions about the quality of the safeguards in our financial system. Cyber crime is quickly becoming
a top global threat and has
affected 46% of online adults, or 556 million people in the past year (that’s 18 people per second!) and cost
the world US$110 billion, an average of $198 per victim. How much larger does the problem have to become before
serious advances in security are implemented? Is it still cheaper for banks to write off these losses rather
than invest in the security of their customers?
Magnetic stripe technology for credit and debit cards is woefully incapable of securely storing and accessing data.
Magnetic stripes were adopted in the
1970’s, and are widely used due to the low cost and ease of use. But in the 40 years since, lost and stolen
cards, card spoofing,
card skimming,
and
affordable card printing equipment
have given thieves easy opportunities to steal your money by using this technology against you.
Innovative solutions like
biometric ATM’s are
already being used all over the world, why haven’t they caught on in the US? Though the initial cost of
implementation would be steep, the financial industry needs to take a good hard look at the potential cost of
not embracing a better solution. Biometric technology has improved greatly in recent years, and utilizes the
unique features of a user that cannot be lost, shared, or stolen. Many tech companies are releasing products
that incorporate the infrastructure for such security applications, such as the possibility of a fingerproof
reader being
included with the iPhone 6. Other smartphone providers are already experimenting with facial and voice
recognition. Once consumers own products with the appropriate hardware, secure software solutions can be
implemented to regulate access to sensitive information. Consumers can relax knowing that their money is
better protected, and banks can relax knowing that they are reducing their risk of incurring hefty AML
& KYC fines.
So the $40,000,000 lesson to banks is this: You will never be able to stay two steps ahead of thieves (and fines)
if your technology is forty years behind. Invest in creating a new paradigm of banking security, both for the sake
of your customers, and the sake of your entire industry.