News Feature | April 5, 2017

Compromised Debit Cards Spike By 70 Percent In 2016

Christine Kern

By Christine Kern, contributing writer

EMV Migration Forum Releases Guidance On EMV Debit Technical Framework, Liability Shift

FICO showed compromises of ATMs and merchant devices also rose 30 percent.

According to the FICO Card Alert Service, 70% more debit cards had their security compromised at U.S. merchant card readers and ATMs in 2016 than in 2015. The data also revealed that compromises of ATMs and merchant devices in the U.S. rose 30 percent, while the average duration of a compromise fell from 14 days in 2015 to 11.

Compromises were most frequent at non-bank ATMs, such as those in convenience stores. About 60% of compromises were at non-bank ATMs, according to FICO data, with the balance occurring at bank ATMs or point-of-sale devices, such as card payment machines at retailers.

FICO’s monitoring highlights the fact that while non-bank ATMs may represent the majority of cases of compromised debit cards, card fraud still is happening frequently at retail point-of-sale.

"As the last few years have proven, skimming technology and know-how have improved and are more accessible to the general population, so we will continue to see increases in compromises and the speed at which they occur," TJ Horan, vice president of fraud solutions at FICO, said in the statement. "With some of the confusion we still have at various POS checkout locations, it's still important for consumers to be on alert."

And while the average duration of a compromise has continued to shrink from 14 days in 2015 to 11 days in 2016, and the average number of cards affected by a single compromised was halved, merchants and consumers should not be letting their guard down. Even as detection methods are improving, and that more retailers and banks are investing in state-of-the-art detection and prevention technologies,  cybercriminals are becoming increasingly sophisticated and speedy in their attacks.

The FICO data addresses only card fraud occurring at physical devices, not online card fraud.