EAST EGAF holds 20th Meeting in Amsterdam

The 20th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 15th January 2020 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong from ING Bank and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

This was a milestone meeting and, in recognition of his work in founding and supporting EGAF, as well as his 16 years of active support for EAST, Otto was presented with an award by Ms Veronica Borgogna of BANCOMAT S.p.A, the current Chair of EAST.

Presentations were made by Europol (AP Cyborg), Geldmaat, Damage Control and Fiducia & GAD IT AG.

The EGAF Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 227 EAST Fraud Alerts have been issued, 2 to date in 2020.

EAST Fraud Definitions now available in Portuguese

EAST Terminal Fraud Definitions are now available in the Portuguese language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by SIBS, the EAST National Member for Portugal.

These definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Portuguese is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Portuguese language.

fraud

The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

Dutch ATMs to be shut down overnight to counter ATM explosive attacks

ATM explosive attacksTo counter the high level of ATM explosive attacks (known as ‘Plofkraken’ ) Dutch ATMs will temporarily be shut down at night between 2300 and 0700 hours.  This situation will be reviewed at the end of January. Also any ATMs that are deemed to have a high risk for local residents will be relocated to safer locations.  This will be done in close consultation with local government, police, shopkeepers, building managers and residents,

Geldmaat, the operator of the Dutch banking sector’s joint ATM network, is working with De Nederlandsche Bank and the police to take swift action to implement new measures which will render banknotes worthless in the event of an ATM explosive attack.

“ATM explosive attacks undermine our society,” says Chris Buijink, chairman of The Dutch Banking Association. “We cannot be resigned to an explosion going off every few days in our country, often in the vicinity of homes. I am therefore pleased that, together with Ministers Grapperhaus and Hoekstra and all the public and private institutions involved, we are forming a front against this disruptive form of crime.

The night closure is expected to have limited consequences for the availability of cash. Less than 2 percent of all cash withdrawals at ATMs are made at night. Although this will create difficulties for some people, safety is paramount. Anyone can still withdraw or deposit money at ATMs from 0700 to 2300 hours daily.  More information (in Dutch) can be found here.

This year more than 70 arrests were made related to ATM explosive attacks in the Netherlands. The detection of this crime is centrally coordinated nationally and there is also strong international cooperation with law enforcement agencies and the private sector.  The EAST Expert Group on ATM & ATS Physical Attacks (EGAP) provides a public/private sector platform for such liaison.

 

Message from the Executive Director

On behalf of the EAST Board I would like to thank all those who have worked so hard to provide information, time and resources to help us to meet our targets and objectives during 2019. Some of the highlights are as follows:

We held National Member meetings in Lisbon in February (our 47th Meeting hosted by SIBS), in The Hague in June (our 48th Meeting hosted by EC3 at Europol) and in London in October (our 49th Meeting hosted by the LINK Scheme).

49th EAST Meeting

The 49th Meeting was immediately followed by a Terminal Fraud Seminar and an ATM Physical Attacks Seminar.  These successful events were organised by our Financial Crime & Security (FCS) Events team and were co-located with RBR’s ATM & Cyber Security Conference 2019 (#ACS19).

The EAST Expert Group on All Terminal Fraud (EGAF), chaired by Otto de Jong of ING Bank, held three meetings in January, May and September, all hosted by ING in Amsterdam.

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP), chaired by Graham Mott of the LINK Scheme, held two meetings in March and September, both in The Hague, one hosted by Europol and the other by the LINK Scheme.

The EAST Payments Task Force (EPTF), chaired by EAST Development Director Rui Carvalho, held two meetings in April and November, both hosted by the BPFI in Dublin.

Rui Carvalho now represents EAST at Europol’s Advisory Group on Financial Services and attended three meetings of the Group in March, June and November.

AG-Financial Services

In addition to the above we supported Law Enforcement during the year as follows:

  • In January I participated in and presented at a Conference on the Prevention of ATM Physical Attacks, jointly organised by the EUCPN and Europol.
  • In May and November Rui participated in and presented at P3 CyberFraud trainings in Austria and Finland. These events, which were organised by the European Cyber Crime and Fraud Investigators (ECCFI), were funded by the ‘European Union Internal Security Fund – Police’.
  • In July Rui participated in and presented at the fifth edition of the Europol Training Course on Payment Card Fraud Forensics and Investigations at the Spanish National Police Academy in Ávila, Spain.  Rui Carvalho represented EAST.
  • In November I presented remotely to a Skimming Working Group Meeting organised by the US Secret Service and the NCFTA in Scottsdale, Arizona.

EAST continues to keep abreast of the latest fraud trends and crime information, publishing our European Payment Terminal Crime Reports and European Fraud Updates.  Our thanks again go out to all the people and organisations that have shared information for the above, and for EAST Fraud Alerts (25 sent out this year to date), EAST Physical Attack Alerts (9 sent out this year to date) and EAST Payment Alerts (6 sent out this year to date).

EAST Associate Membership continues to grow. We now have 213 Associate Member organisations from 53 countries and territories. This membership category is open for worldwide application to all Banks, Law Enforcement (free membership available), and other approved ATM Stakeholder organisations.  Next year we will announcing a new membership category!

Every best wish for a wonderful festive break and a very happy New Year!

Kind regards

Lachlan

European Money Mule Action (EMMA 5) leads to 228 Arrests

The 5th European Money Mule Action (EMMA 5) resulted in 228 arrests.  3833 money mules were identified alongside 386 money mule recruiters. 1025 criminal investigations were opened, many of them still ongoing.  Money mule schemes rope in victims who are often unaware that the money they are sending is part of an elaborate money laundering scheme.

EMMA 5, which ran from September to November 2019, was driven by Law enforcement authorities from 31 countries, supported by Europol and Eurojust.  Supported by the European Banking Federation (EBF), over 650 banks, 17 bank associations and other financial institutions helped to report 7520 fraudulent money mule transactions, preventing a total loss of €12.9 million.

Europol and Eurojust organised various operational and coordination meetings in The Hague to discuss the unique approach of each Member State to tackle money muling in their respective country. During the three-month action, Europol supported the operations by assisting the national authorities with cross-checks against Europol’s databases and intelligence gathering for further analysis, while Eurojust contributed to the swift forwarding and facilitation of the execution of European Investigation Orders.

WHAT ARE MONEY MULES?

Money mules, unlike their drug-trade counterparts, are not shuffling illicit goods over a physical border. Instead, they take part – often unknowingly – in money laundering activities by receiving and transferring illegally obtained money between bank accounts and/or countries. Recruiters of money mules are coming up with ingenious ways to lure in their candidates. This year, cases involving romance scams were reported on the rise, with criminals increasingly recruiting money mules on online dating sites, grooming their victims over time to convince them to open bank accounts under the guise of sending or receiving funds. Criminals are also more and more turning to social media to recruit new accomplices through get-rich-quick online advertisements. This technique is particularly popular when it comes to targeting students and young adults.

DON’T BE A MULE!

Even if money mules act unwittingly, they are committing a crime. Law enforcement will turn first to whoever’s name features on the bank account, and the legal consequences can be severe. Depending on the country’s legal framework, mules may face lengthy imprisonments and acquire a criminal record that could seriously affect the rest of their lives, such as never being able to secure a mortgage or open a bank account.

Raising awareness of the issue is vital and the Europol website provides key information on Money Muling and how to prevent it.  The Europe-wide money muling awareness campaign #DontbeaMule started yesterday. With awareness-raising material, available for download in 25 languages, the campaign informs the public about how these criminals operate, how they can protect themselves and what to do if they become a victim.

Following on from EMMA 5, and for the next week, international partners from law enforcement and judicial authorities, together with financial institutions, will be supporting the campaign at national level.

Do you think you might be used as a mule? Act now before it is too late: stop transferring money and notify your bank and your national police immediately.


The EAST Payments Task Force (EPTF) provides a public/private sector platform which focusses on raising awareness of payment crime issues and related factors such as money muling.

 

Europol publishes German language version of ATM Logical Attack Guidelines

EuropolATM has just published a German language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF).  The document is now available in EnglishFrench, German, Spanish and Russian.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Beschreibung Der Vorgehensweise)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Risiken Für Logische System-Angriffe Und Malware-Attacken Auf Geldautomaten Verringern, Abwehrmechanismen Etablieren)
  3. Identifying and responding  to Logical and Malware Attacks (Logische Systemangriffe Und Malware-Attacken Erkennen Und Darauf Reagieren)

The Guidelines were first published in 2015 and this latest version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, along with more detailed recommendations on how to mount a robust and effective response to them.  The recent fall in ATM malware and logical attacks, as reported by EAST in the latest European Payment Terminal Crime Report published in October 2019, reflects the work that has been put into preventing such attacks by the industry and law enforcement.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

GAAD cracks down on airline CNP fraud with 79 arrests

GAADThe 12th Global Airline Action Days (GAAD), which ran from 18 – 22 November 2019, resulted in the arrest or detention of 79 individuals suspected of travelling with airline tickets bought using stolen, compromised or fake credit card details. GAAD was coordinated from Command Posts at Europol in The Hague, INTERPOL Global Complex for Innovation in Singapore, Ameripol and Colombia in Bogota, Canada and NCFTA (with the US Secret Service) in the US.

Some of the reported cases were linked to illegal immigration, where the arrested passengers were in possession of counterfeited IDs or valid documents from other persons from different nationalities.  Card-not-present (CNP) fraud, the purchase of physical goods with compromised cards, has significantly increased throughout the EU and across many sectors such as, airline tickets, car rentals and accommodation. Tens of thousands of crimes are reported in many EU countries and volume is increasing every year.

Airline companies are among the most affected by CNP fraud.  It is estimated that losses for the airline industry globally have reached close to 1 billion USD per year, as a result of the fraudulent online purchases of flight tickets. These online transactions are highly lucrative for organised crime and are often linked to more serious criminal activities including irregular immigration, trafficking in human beings, drug smuggling and terrorism.

Eurojust assisted during the action days, together with the European Border and Coast Guard Agency (Frontex), which deployed officers to 28 airports. The Airport Communication Project (AIRCOP), implemented by the United Nations Office on Drugs and Crime (UNODC) in partnership with INTERPOL and the World Customs Organization (WCO) and counting the European Union as its main donor, also took part in law enforcement activities at airports in Africa, by deploying one officer at the main Command Post in Europol HQ.

Representatives from airlines, online travel agencies, payment card companies, the International Air Transport Association (IATA), European Airline Fraud Prevention Group and Perseuss, collaborated with Europol’s experts to identify suspicious transactions and provide confirmation to law enforcement officers deployed in the airports.  Europol’s European Migrant Smuggling Centre (EMSC) joined this year’s operation to provide better support to EU Member States and partners for fighting migrant smuggling networks. The GAAD operation was further supported by the Taskforce Travel Intelligence (TFTI).

Wil van Gemert, Europol’s Deputy Executive Director Operations, said “Airline ticket fraud is borderless by nature. This operation was the culmination of many months of meticulous planning between Europol, law enforcement, judiciary and border agencies, airlines and credit card companies, and is a perfect example of how our combined forces can make distinctive contribution in the fight against these criminal syndicates operating across borders”.

Paul Stanfield, INTERPOL’s Director, Organized & Emerging Crime, commented “The Global Airline Action Day operation is an excellent example of how collaboration between the agencies as well as the public and private sectors serves to tackle and prevent crime such as credit card fraud. The operation was underpinned by professional commitment and mutual support across borders between national, regional and international police organizations”.

Cooperation and information exchange between the public and the private sector is the most efficient way of fighting tickets fraud and all other forms of organised crime, such as irregular immigration, trafficking in human beings, drug trafficking.  The EAST Payments Task Force (EPTF) provides a public/private sector platform which focusses on driving down CNP fraud.

Europol publishes Russian language version of ATM Logical Attack Guidelines

ATM Logical Attack GuidelinesEuropol has just published a Russian language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF).  The document is now available in English, French, Spanish and Russian.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (ОПИСАНИЕ CПОСОБОВ РЕАЛИЗАЦИИ АТАК)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (МИНИМИЗАЦИЯ РИСКА ЛОГИЧЕСКИХ АТАК И АТАК С ПРИМЕНЕНИЕМ ВРЕДОНОСНОГО ПО, УСТАНОВКА ЛИНИЙ ЗАЩИТЫ)
  3. Identifying and responding  to Logical and Malware Attacks (ИДЕНТИФИКАЦИЯ И РЕАГИРОВАНИЕ НА ЛОГИЧЕСКИЕ АТАКИ)

The Guidelines were first published in 2015 and this latest version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, along with more detailed recommendations on how to mount a robust and effective response to them.  The recent fall in ATM malware and logical attacks, as reported by EAST in the latest European Payment Terminal Crime Report published in October 2019, reflects the work that has been put into preventing such attacks by the industry and law enforcement.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Europol’s AG-Financial Services meets in The Hague

EAST Development Director Rui Carvalho participated in and presented at a meeting of Europol’s Advisory Group on Financial Services (AG-Financial Services) on 20th November 2019 in The Hague.  The AG-Financial Services advises the Programme Board of the European Cybercrime Centre (EC3) at Europol. Its purpose is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services

Rui Carvalho is also Chair of the EAST Payments Task Force (EPTF) which has great synergy with AG- Financial Services in that its remit, as a public-private sector expert working group, covers the impact of cybercrime on financial services.

EAST Publishes European Fraud Update 3-2019

European FraudEAST has just published its third European Fraud Update for 2019. This is based on country crime updates given by representatives of 16 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 49th EAST Meeting held in London on 8th October 2019.

Payment fraud issues were reported by seventeen countries. Social engineering is a key concern. Seven countries reported phishing attacks. One of them stated that fraudsters are using phishing to get targets for fake web campaigns where consumers can win money, and another reported fake web surveys aimed at getting consumer data. In one country the quality of vishing calls is improving, where the people making the spoof calls are very believable and often have local accents from the customer’s home area. Impersonation fraud was reported by four countries – in one of them police officers are impersonated, and another reported spoof calls being received by customers from bank call centres.

Card Not Present (CNP) fraud was reported by six countries. One of them reported CNP fraud at digital media players. Contactless fraud was reported by two countries – in one of them it is related to lost and stolen cards, and in the other card present (CP) transactions are being made at small merchants up to the allowed limit. To date in 2019 the EAST Payments Task Force (EPTF)  has issued five related Payment Alerts.

ATM malware and logical attacks were reported by five countries – one reported a new way of getting malware onto an ATM, that did not succeed, and four reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2019 the EAST Expert Group on All Terminal Fraud (EGAF) has published seven related Fraud Alerts.

Card skimming at ATMs was reported by thirteen countries. Overall skimming incidents in Europe continue to decline. Three countries reported the usage of ‘M3 – Card Reader Internal Skimming devices’, and the most recent variants continue to be made of transparent plastic. To date in 2019 EAST EGAF has published thirteen related Fraud Alerts. Year to date International skimming related losses were reported in 41 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.

Four countries reported card trapping attacks, one of them reporting such attacks at fake terminals, designed to resemble lobby door opening devices at bank branches.

Ram raids and ATM burglary were reported by nine countries and twelve countries reported explosive gas attacks. After one such attack collateral damage of over €200,000 was reported. Six countries reported solid explosive attacks. The usage of Triacetone Triperoxide (TATP) for solid explosive attacks is increasing across Europe. This explosive is also known as the ‘Mother of Satan’. Mixing TAPT is a complicated procedure that requires good knowledge of the chemicals, as there is a danger of setting off an unexpected explosion.

The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings. To date in 2019 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published nine related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National and Associate).