Bank of the West Customers Hit by ATM Skimmer Attack

Debit Card Numbers and Associated PINs Compromised, Says Bank
Bank of the West Customers Hit by ATM Skimmer Attack

A spate of suspicious cash withdrawal attempts from a bank with branches spread across the United States uncovered a number of ATM devices used to skim customer account information.

See Also: Changing the Rules: The Evolution of Transaction Monitoring

An investigation by Bank of the West concluded that debit card numbers and associated PINs, and possibly names and addresses, of an undisclosed number of customers have been compromised. Thieves may have used the stolen information to create fake debit cards and attempt cash withdrawals from legitimate customer accounts.

Unknown fraudsters installed skimmers in a "small number of ATMs," bank Chief Operating Officer Karl Werwath tells Information Security Media Group.

ATM skimming surged as a threat over the past two decades as thieves learned to install hard-to-detect electronic devices onto ATMs - including phony card readers and keyboards that record payment card data. Some data suggests that skimming attacks, while still dangerous, are decreasing in frequency. ATMs themselves remain a popular target for thieves, whose tactics range from transaction reversal fraud to physically prying the cash box open.

Bank of the West is notifying affected customers without specifying how many were affected or whether customers of other banks who used its ATMs are also at risk.

Werwath did not respond to ISMG's query on whether ATMs in specific regions were affected. A customer notice tells residents in California, Massachusetts, Maryland, North Carolina, New York, Rhode Island and West Virginia about their rights and resources available.

The San Francisco-based financial institute is a subsidiary of the French BNP Paribas banking group. It has 1.7 million customers, more than 500 retail banking locations and 1,000 ATMs, as of Dec. 31, 2021.

Bank of the West security personnel spotted the skimming in November 2021 as a result of unauthorized account withdrawal attempts made at several ATMs. An internal investigation concluded in April this year. It is not immediately clear why the company is now notifying customers.

"We deeply regret any exposure of customer's personal information. We have engaged local law enforcement and continue to assist them with their investigation," Werwath tells ISMG.

Mitigation Measures

The bank took offline any ATMs discovered to be harboring skimmers, monitored accounts likely to have been compromised and also stopped the fraudulent use of stolen card information, the bank says.

It blocked accounts that displayed suspicious or fraudulent activities and issued a new debit card with instructions for generating a fresh PIN to account owners. The bank is asking customers to report suspicious or fraudulent money transactions.

Affected customers can obtain a year's worth of free credit monitoring and identity theft protection services.

A Persistent Target

Global finance continues to be among the most-attacked global industries.

The financial sector accounted for 22.4% of cyberattacks in 2021, with 70% focusing on banks, 16% on insurance organizations and 14% on other financial organizations, shows data from the most recent IBM X-Force Threat Intelligence Index Report.

The numbers nonetheless represent an improvement, given that finance dropped from first to second place in the IBM report's roster of most-attacked sectors. Manufacturing now occupies the top spot.

"The financial industry's drop from first place suggests that the high security standards in place at most financial organizations are yielding concrete results and that the financial services industry is doing security right," the report says.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.