The Chicago Tribune reports that a plaintiff named Bonhomme alleges she has been the victim of an elaborate hoax run by a woman in the suburbs of Chicago who pretended to be a man.

James, his young son and about 20 other friends and family members Bonhomme had been communicating with for months were characters allegedly created by a woman in Chicago’s west suburbs.

The depth of the alleged deception stunned Bonhomme. Janna St. James, who lives in Batavia, had allegedly used a voice-altering device to pose as Jesse James on the phone, coordinated numerous storylines with her characters that advanced in emails and instant messages, and sent and received mail — including children’s drawings — from all over the world.

The attacker courted the victim online for years. The victim has filed suit for damages and apparently also hopes to force the attacker to explain her motivations for social engineering.

At first the suit was dismissed but an appeal has been successful; this could lead to precedent on those who falsely present their identity within the context of social engineering. The court ruled that the persistence of the attack helped them allow a claim used for businesses — fraudulent misrepresentation.

Hoping to find some answers, Bonhomme filed a lawsuit that was eventually moved to Kane County, where in December 2009 a judge dismissed her complaint. But last month, a divided Illinois appeals court reinstated the case, rejecting St. James’ argument that she was creating fiction and therefore wasn’t liable.

“The concepts of falsity and material fact do not apply in the context of fiction,” her attorney had written, “because fiction does not purport to represent reality.”

The court allowed Bonhomme’s fraudulent misrepresentation claim, which typically applies only in a business situation, to move forward, in part due to St. James’ “almost-two-year masquerade of false statements.”

Internal attacks on ATMs are more prevalent than external ones, according to a new product announcement from Alarm It. They provide the following list of threats to cash, presumably in order.

• Employees
• Third Party Service Providers
• Competitors with Keys to your ATM
• Skimmers

Their product can be added to an ATM to monitor for unauthorized access and send audible or silent alarms to the owner.

The financial services industry is holding up contactless cards as effective against ATM skimming attacks. Some are even calling it the death of skimming.

“The continuing drop in fraud losses is very good news for both cardholders and the industry, and indicates that the significant investment made by the European banking sector into EMV technology, as well as into anti-skimming devices at ATMs, is now really starting to pay off,” said Lachlan Gunn, EAST’s director and coordinator.

The contactless cards remove the need to insert the card, preventing skimming devices from touching them and reading the magnetic stripe information. Even more important is that the contactless transactions use a one-time value from dynamic cryptograms.

Rather than static information found on the magnetic stripe each contactless card transaction is intended to be entirely unique. This prevents a simple replay, which is what skimming attacks typically use.

It is probably most accurate to say the new technology increases the cost of skimming attacks to the point where attackers have to evolve and focus on other vulnerabilities.

Attacking the chip and the reader is one obvious new trend, especially given the increased risk of mis-configuration. Another one is that the new cards still work with older systems (backward compatibility is often like saying backdoor). EAST mentions this is a significant problem already showing up in the data.

The risk of counterfeit EMV cards being used to withdraw cash fraudulently from ATMs in parts of the world that are not EMV compliant remains high and is leading some European card issuers to implement additional security measures.

I wonder what would happen if Banks marketed less compatibility as more secure. Imagine a billboard that said “Our new secure card: because fewer ATMs might just be a good thing.” Could banks spin new technology with reduced compatibility into a positive feature? Apple certainly made a clean break to OS X…

It raises the question whether operators are making so much money from fees (Chase is actually considering a $10 fee per ATM transaction) that the costs of skimming are still buried. In other words we might be right to expect that when skimming is costly enough then backward compatibility will end.

Even then, however, configuration, tampering and supply-chain vulnerabilities will remain a problem. Contactless can help reduce fraud risk in a couple key areas (pun not intended), but it’s far from the death of skimming.