The FICO Card Alert Service reported that 70% more debit cards had their security compromised at U.S. merchant card readers and ATMs in 2016 than in 2015.
FICO data also showed that compromises of ATMs and merchant devices in the U.S. rose 30%, following a six-fold increase in 2015. The average duration of a compromise fell from 14 days in 2015 to 11.
FICO said compromises occurred most often at non-bank ATMs, such as those in convenience stores. About 60% of compromises were at non-bank ATMs, with the rest occurring at bank ATMs or point-of-sale devices, such as card payment machines at retailers. These figures cover only card fraud occurring at physical devices, not online card fraud.
The practical advice here is to steer clear of non-bank ATMs in environments where something seems a bit shady — like a portable ATM sitting outside a gas station that the station attendant doesn't remember being there the day before. Those non-bank ATMs may represent the majority of cases of compromised debit cards, but it is also clear from FICO's monitoring that card fraud still is happening frequently at retail point-of-sale.
If you thought the transition to EMV chip cards and terminals was supposed to eliminate these problems, this is a reminder that EMV acceptance is nowhere near ubiquitous, and also that some merchants that have EMV payment terminals don't necessarily have them in service. (We've all had the experience of trying to slide our chip card into a slot only to find it's been taped over, or be notified by the store clerk that it isn't working, right?)
While incidents of debit card fraud continue to increase, it is notable that, as FICO said, the average duration of a incident in which an ATM or POS device is compromise continues to fall, now averaging 11 days. The average number of cards compromised in a single incident also is declining. This could on one hand mean that fraudsters are using better technology that gets them in and out of systems more quickly, and that they are willing to settle for a smaller haul to avoid being detected. However, it also probably indicates that detection methods are improving, and that more retailers and banks are investing in state-of-the-art detection and prevention technologies.
Although FICO and several other companies are offering retailers and banks the technology to help them make a dent on the problem, all the usual practical advice to consumers still applies. "As the last few years have proven, skimming technology and know-how have improved and are more accessible to the general population, so we will continue to see increases in compromises and the speed at which they occur," TJ Horan, vice president of fraud solutions at FICO, said in a statement. "With some of the confusion we still have at various POS checkout locations, it's still important for consumers to be on alert."