FICO Study Suggests ATM Fraud Is On Rise And Independent Deployers Are Main Targets

SAN JOSE, CA -- The number of payment cards compromised at U.S. ATMs and merchants monitored by FICO rose 70% in 2016 from the previous year. According to FICO, 2016 set a new high for its Card Alert Service, which monitors hundreds of thousands of ATMs and other readers in the U.S. These new data follow a 546% increase in compromised ATMs between 2014 and 2015.

As in 2015, the majority of compromises, about 60%, occurred at nonbank ATMs, deployed by independent operators, FICO claims; the remainder occurred at bank ATMs or on point-of-sale devices at retailers. These figures cover only card fraud occurring at physical devices, not online card fraud.

There was good news last year. The average duration of a compromise continued to fall. On average, an ATM or POS device was compromised for 11 days in 2016, compared with 14 days in 2015. As the FICO analysis noted, the 2016 average duration was less than a third of the average duration in 2014, which totaled some 36 days. Additionally, the average number of cards impacted by a single compromise was cut in half.

"As the last few years have proven, skimming technology and knowhow have improved and are more accessible to the general population, so we will continue to see increases in compromises and the speed at which they occur," said TJ Horan, FICO's vice-president of fraud solutions. "With some of the confusion we still have at various POS checkout locations, it's still important for consumers to be on alert."

Another reason for the jump in fraud, some experts note, is the steady adoption of EMV technology, which is much more difficult for criminals to penetrate. As thieves see their felonious window of opportunity closing, they are making the most of what time remains for the more vulnerable magstripe system.