Losses to Phishing Less Than 1% of All Fraud on PIN Debit, Report Says

Concerns about fraud losses owing to the rapidly growing phishing trend may be overblown, at least when it comes to PIN debit at ATMs and the point of sale, according to new research from TowerGroup, a Needham, Mass.-based research firm owned by MasterCard International. While the number of reported phishing incidents increases monthly, exceeding 15,000 in June, according to the Antiphishing Working Group, TowerGroup estimates phishing fraudsters account for less than 1% of fraud losses on PIN debit cards. Rather, the firm says, most fraud still results from card theft and card skimming, a form of fraud in which criminals use devices attached to ATMs to pick up users' account numbers. TowerGroup figures that out of 17 billion PIN debit and ATM transactions in 2004, just over 1.1 million were fraudulent, resulting in $990 million in losses. Helping to control fraud are limits banks set on withdrawals and purchases, the report says. It adds that more than 90 of the 100 largest banks in the U.S. check transactions for code-verification values or card-validation codes, the card codes created by Visa U.S.A. and MasterCard to complicate counterfeiting and illicit use on the Internet. This estimate tends to run counter to a recent report from Gartner Group, which estimated banks' failure to check for these values was in part responsible for $2.75 billion in debit card fraud losses (Digital Transactions News, Aug. 4). Overall, TowerGroup says phishing accounts for $81 million annually in fraud losses in all transaction channels.