NEW YORK (CNN/Money) -
Online identity thieves are costing banks as much as a million dollars a month by exploiting lax security at automated teller machines, according to a published report.
The Wall Street Journal said that a report out Tuesday from research firm Gartner Inc. shows banks not doing as much as they could to control use of counterfeit ATM cards to empty customers' bank accounts.
The report says fraudsters are increasingly gathering consumer automated teller machine information with hacker programs for capturing keystrokes as well as "phishing" scams, in which deceptive e-mail and Web sites are used to trick people into divulging sensitive financial information.
"They're phishing for the account number and PIN. That's all they need to create a counterfeit card," Gartner analyst Avivah Litan told the newspaper.
The report says that difficult-to-steal security codes are hidden on ATM cards' magnetic strips, but that as many as half of all banks don't check the code before dispensing cash. Attackers even trade information online about which banks don't check the codes, according to the report.
The Gartner report estimates that ATM fraud resulted in $2.75 billion in losses in the year ended May 2005. That's now approaching the $2.9 billion for credit-card fraud and $3.5 billion for fraudulent checking-account transfers.
For a look at a special report on the problem of identity theft, click here.