Viewpoint: Are mobile phone payments safe?

The EAST Payments Task Force (EPTF) is currently focusing on payment research. In a website research poll on mobile phone payments that ran from May to August 2016 the question ‘Are you satisfied your payment details are safe when buying goods or services using your mobile phone?’ was asked.  58% of respondents were not satisfied, 28% were satisfied and 14% were completely satisfied.  The poll results can be seen in the chart below.

There are currently more than 7.8 billion mobile phones in use around the world. With the number of phones in operation now exceeding the number of people on the planet, banks and stores are using this facility to reach their customers and see the saturation of mobile phones as an opportunity to make the consumer payment experience a convenient and seamless one.

Consumers can now use NFC technology on their smart phone to make contactless payments in stores and to pay for goods and services using in-app payment tools or directly using the internet browser on the phone.

In making payments easier to manage and more accessible for consumers, there is an underlying risk that access to that information is also made easier for the criminal element, aiming to capture the payment data used by unsuspecting consumers.

While the industry continues to build solutions and barriers to this criminal activity the EPTF is examining consumer behaviour and this poll result is an indication of how consumers view the safety of their payment details when using mobile phones to pay for goods and services.

The current website research poll, which closes at the end of April, is also on payment security and asks those who have had a payment card compromised for information on where the compromise took place.  To take it, and to see all past results, visit the ATM Research Page on this website.

Message from the Executive Director

Another year is almost over.  On behalf of the Board I would like to thank all those who have worked so hard to provide information, time and resources to help us to meet our targets and objectives.  Some of the highlights are as follows:

EAST National Members - badgeWe held National Member meetings in Stockholm in February (our 38th Meeting co-hosted by Bankomat AB and the Pan-Nordic Card Association), in The Hague in June (our 39th Meeting hosted by Europol) and in Bucharest in October (our 40th Meeting hosted by the Romanian Banking Association – ARB).  In January The Polish Bank Association (ZBP) joined EAST as the new National Member for Poland, taking over from Bank Zachodni WBK.
The EAST Expert Group on ATM Fraud - Logo

The EAST Expert Group on ATM Fraud (EGAF), chaired by Otto de Jong, held three meetings in January, May and September, all hosted by ING in Amsterdam.  EGAF members assisted Europol to translate the co-produced document ‘Guidance & recommendations regarding logical attacks on ATMs’ into German, Italian and Spanish.

The EAST Expert Group on ATM Physical Attacks - LogoThe EAST Expert Group on ATM Physical Attacks (EGAP), chaired by Graham Mott, held two meetings in March and September, both hosted by the LINK Scheme in London.  In February EGAP published a document entitled ‘ATM Physical Security Guidelines’ and in October a document with lists of the Manufacturers of ATM Protective devices.

The EAST Payments Task Force (EPTF), chaired by Rui Carvalho, continues to come together.  EAST has expanded its remit beyond ATMs to include all terminal types and the EAST focus is increasingly moving to Card Not Present (CNP) fraud issues which continue to rise.  A series of teleconferences have been held and the first face-to-face meeting is planned for 2017.

In March EAST supported Europol and represented the private sector at the Second Strategic Meeting on Payment Card Fraud (PCF) in Kuala Lumpur, Malaysia.  I participated in this two day meeting which was co-organised with ASEANAPOL, with the cooperation of INTERPOL and the support of the Romanian National Police and the Royal Malaysian Police.

In May EAST joined forces with the Latin American Association of Operators Electronic Funds Transfer and Information Services (ATEFI) in order to further strengthen cross border cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks.

In June Úna Dillon presented at the 2nd Europol Training Course on Payment Card Fraud Forensics and Investigations, which was held at the National Spanish Police Academy, Ávila, Spain, and at the 37th member meeting of the European Association of Payment Service Providers for Merchants (EPSM), which was held in Dublin, Ireland.

In August Rui Carvalho presented at the SAS Fraud & Security Intelligence Customer Connect event held in the USA at the SAS World Headquarters in Cary, North Carolina.    .

In December I presented on behalf of the private sector at the Third Strategic Meeting on Payment Card Fraud (PCF) organised by Europol in Bangkok, Thailand.  The event was co-organised with ASEANAPOL and INTERPOL with the support of the Romanian National Police and the Royal Thai Police, and was hosted by the Electronic Transactions Development Agency (ETDA), and the Ministry of Digital Economy and Society.

EAST continues to keep abreast of the latest fraud trends and crime information, publishing our European ATM Crime Reports and European Fraud Updates.  Our thanks go out to all the people and organisations that have shared information for the above, and for EAST ATM Fraud Alerts (49 sent out this year to date), and EAST ATM Physical Attack Alerts (3 sent out this year to date).

EAST Associate Members - badgeEAST Associate Membership continues to grow  both numerically and geographically.  We currently have 168 Associate Member organisations from 51 countries and territories. This membership category is open for worldwide application to all Banks, Law Enforcement (free membership available), and other approved ATM Stakeholder organisations

Lastly, registration is now open for our third Financial Crime and Security (FCS) Forum, EAST FCS 2017, which will be held on 8th/9th June 2017 in The Hague.  This event has an exciting new format which will include breakout sessions hosted by both EGAF and EGAP.  As I write early-bird registration discounts are still available.  It would be wonderful to meet you there.

On behalf of EAST, I would like to wish all readers a wonderful festive break and a very happy and fulfilling New Year.

Kind regards

Lachlan

Viewpoint: Do you know what to do with a stained banknote?

In an EAST website research poll that ran from January to April 2016 67% of respondents stated that they do know what to do with a stained banknote, 6% don’t and 27% are not sure.

On this website EAST provides guidance as to what action you should take if a stained banknote is offered to you or comes into your possession. The action required varies from country to country, as does the legal status of a stained banknote.  The poll results can be seen in the chart below.

EAST Poll Jan-Apr 16
To deter crime, money dispensed by ATMs is increasingly protected by Intelligent Banknote Neutralisation Systems (IBNS).  These systems activate in the event of a robbery or theft, and stain the banknotes (typically red, a purple variant or green).  Stained banknotes are removed from circulation by National Central Banks, but retailers and members of the general public should be aware that if they receive a stained banknote, it is almost certainly a stolen banknote, and should not be accepted.

Image shows banknotes stained with dye

The current website research poll, which closes at the end of August, is on payment security when using mobile phones to pay for goods and services and asks the question – ‘Are you satisfied your payment details are safe when buying goods or services using your mobile phone?’  To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.

Viewpoint: Is NFC technology the best payment alternative to cards?

NFCIn an EAST website research poll that ran from September to December 2015 just 10% of respondents felt that Near Field Communications (NFC) based technology is the best payment alternative to cards, despite the fact that NFC mobile payment technology is becoming more prevalent in many markets and many retailers already have NFC-based contactless payment terminals in place. 53% of respondents felt that Hybrid technology (a combination of NFC technology and application based solutions) is the way forward.

In addition to NFC technology the ATM channel is considering new application-based solutions to handle cash withdrawals (and other) transactions that do not require specific hardware devices to read customer data (i.e. matching a one time password to a user ID, or using a QR code).  Cardless transactions at ATMs are convenient, fast and safe. Deploying application-based solutions for completely cardless transactions (and with no hardware requirements) could see the double benefits of an improved transaction experience for customers, as well as a more efficient, secure and cost effective means of achieving this.

The poll results can be seen in the chart below.

EAST Poll Sep to Dec 15

The current website research poll, which closes at the end of April, is on Intelligent Banknote Neutralisation Systems (IBNS) and asks the question – ‘If a stained note is offered to you, or comes into your possession, do you understand what you should do?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.

Message from the Executive Director

lgunnAnother year draws to a close and it has been a very busy one for EAST.  On behalf of the Board I would like to thank all those who have worked so hard to provide information, time and resources to help us to meet our targets and objectives.  Some of the highlights are as follows:

EAST National Members - badgeWe held National Member meetings in Rome in February (hosted by Consorzio BANCOMAT), in The Hague in June (hosted by Europol) and in London in October (hosted by the LINK Scheme).  During 2015 we welcomed five new National Members representing South Africa (South Africa Banking Risk Information Centre – SABRIC), Serbia (Chamber of Commerce and Industry of Serbia – CCIS), Turkey (Bankalararasi Kart Merkezi A.S. – BKM), the United States (Citi Security & Investigative Services -CSIS) and Brazil (Tecnologia Bancaria S/A).

The EAST Expert Group on ATM Fraud - LogoThe EAST Expert Group on ATM Fraud (EGAF), chaired by Otto de Jong, held three meetings in January, May and September, all hosted by ING in Amsterdam.  In June EGAF produced guidelines for the Standardisation of Terminology for Locations of Card Data Compromise devices at ATMs and assisted Europol to produce Guidance & recommendations regarding logical attacks on ATMs.

The EAST Expert Group on ATM Physical Attacks - LogoThe EAST Expert Group on ATM Physical Attacks (EGAP), chaired by Graham Mott, held two meetings in March and September, both hosted by the LINK Scheme in London.  In September we sent out our first EAST ATM Physical Attack Alert in a format agreed by EGAP.

EAST Europol MoUIn June Europol’s European Cybercrime Centre (EC3) signed a Memorandum of Understanding with EAST in order to further strengthen a working partnership that has been in place since the first EAST meeting took place in February 2004 .

EAST FCS 2015 - 3 (1)In June we also held our second EAST FCS Forum in The Hague.  The event proved to be a successful platform in bringing together the perfect mix of banking representatives, security experts, police, payments associations, government agencies and many other stakeholders in the ATM crime prevention sector. It was planned and organised by EAST Development Director Úna Dillon, working with Liquid Nexxus, and will be followed by our third FCS Forum in June 2017.

Bogota PCF MeetingIn October EAST supported Europol at an International Payment Card Fraud Meeting in Colombia – Rui Carvalho, EAST Director and national representative for Portuguese National Member SIBs, participated in a two-day meeting in Bogota to discuss payment card fraud overseas and money withdrawals in Latin America.

Europol-Interpol- Event 1In November this support for Europol continued at an International Payment Card Fraud Meeting in Singapore. I participated in a two-day meeting that was held in the INTERPOL Global Complex for Innovation (IGCI) and was co-hosted by Europol and INTERPOL to discuss payment card fraud overseas and money withdrawals in the extended South East Asia region.

Una ATEFI 2Later in the month Úna Dillon presented the latest European Fraud Report to the first Annual Latin American Forum on Security in Payment Systems, held on 18th / 19th November 2015 in Asuncion, Paraguay.  The event was co-founded by ATEFI (Latin American Association of Operators Electronic Funds Transfer and Information Services) and Liquid Nexxus in order to raise awareness of payment-related crime in Latin America.

EAST - EUROPEAN FRAUD UPDATE 3 - 2015EAST continues to keep abreast of the latest fraud trends and crime information, publishing our European ATM Crime Reports and European Fraud Updates.  Our thanks go out to all the people and organisations that have shared information for the above, and for EAST ATM Fraud Alerts (27 sent out this year to date), and EAST ATM Physical Attack Alerts (2 sent out this year to date).

Seasons greetingsFinally, on behalf of EAST, I would like to wish all readers a wonderful festive break and a very happy and fulfilling New Year.

Kind regards

Lachlan

Viewpoint: Contactless Transactions

Contactless_Card_SymbolIn an EAST website research poll that ran from May to August 2015 respondents were asked the question ‘What impact do you think that contactless transactions will have on cash withdrawals and payments?’  52% answered ‘Big Impact’, 38% ‘Limited Impact’, 7% ‘Could lead to the demise of cash’, and 3% ‘No impact’!

 

EAST Poll May to Aug 15Contactless payment systems are credit cards and debit cards, key fobs, smartcards or other devices that use radio-frequency identification for making secure payments. The embedded chip and antenna enable consumers to wave their card or fob over a reader at the point of sale.

The current website research poll, which closes at the end of December, is on cardless transactions at ATMs and asks the question – ‘Cardless transactions at ATMs are convenient, fast and safe. Do you feel that NFC technology is the best payment alternative to cards, or should the industry move towards application-based solutions?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.

Viewpoint: Cardholder Awareness

ATM Security2In an EAST website research poll that ran from January to April 2015 respondents were asked the question ‘How often do you see fraud warnings and fraud prevention messages displayed on ATMs in your country?’

39% answered ‘Frequently’, 30% ‘Occasionally, 17% ‘Rarely’, and 14% ‘Never’!

EAST Research Poll - Jan to Apr 15

While the vast majority of ATM transactions are carried out securely and without risk, there are times when your card and PIN can be at risk, if criminals have targeted the ATM (or other terminal) you are using. EAST has published Cardholder Security Tips to help make cardholders aware of what they can do to mitigate the risks.

When using an ATM it can be helpful to have to have fraud warnings and fraud prevention messages displayed as reminders of what actions you can take to protect your card and PIN. One of the most important is to cover your PIN when making a transaction.

The current website research poll, which closes at the end of this month, is on contactless transactions and asks the question – ‘What impact do you think that contactless transactions will have on cash withdrawals and payments?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.

EAST on Social Media

 

Image courtesy of vator.tvHave you connected with EAST on social media yet? EAST has a social media presence on Facebook and LinkedIn and a connected Twitter Account. There is also a LinkedIn Group focussed on ATM Security (over 3,000 members) which was set up by an EAST Member and is supported by EAST.

Managing social media is a challenge and, as a non-profit with a small executive team, EAST has time limitations – but we have committed to making sure that all our news posts are shown on our social media channels.

If you want to engage with us you have several choices:

1. Subscribe to our monthly news updates (you can do this directly from most pages on our website)
2. Follow us on Facebook and ‘Like’ our page (https://www.facebook.com/EASTatm)
3. Follow us on LinkedIn (https://www.linkedin.com/company/european-atm-security-team-ltd)
4. Follow us on Twitter (https://twitter.com/SecurityATM)

ATM Security2You can find the ATM Security Group on LinkedIn at https://www.linkedin.com/groups?gid=692237

Keep in touch!

VIEWPOINT: ATM Fraud

ATM Security2In an EAST website research poll that ran from September to December 2014 respondents were asked the question ‘What do you feel is the biggest fraud risk to the ATM channel over the next few years?’

52% chose malware, 37% voted for card skimming, 4% for cash trapping, 3% for card trapping and 3% for social engineering.

EAST Poll Sep to Dec 14

Malware is an emerging fraud trend for the ATM channel. EAST has been reporting European ATM fraud statistics since 2004. Over the past decade we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced. Most recently we have seen a shift from hi-tech skimming to lo-tech card and cash trapping. Our next European ATM Crime report, covering the full year 2014, is scheduled for publication in April 2015.

You can see some of our ATM Fraud definitions on this website. We define ATM Malware as either ‘cash out/jackpotting’ or ‘card and Pin compromise’ and a definition for social engineering is ‘the clever manipulation of the human tendency to trust’.

The current website research poll is on cardholder awareness and asks the question – ‘How often do you see fraud warnings and fraud prevention messages displayed on ATMs in your country?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.

Message from the Executive Director

lgunn2014 has been another very busy year for EAST.  On behalf of the Board I would like to thank all those who have worked so hard to provide information, time and resources to help us to meet our targets and objectives.  Some of the key highlights from the year are:

10th Anniversary LogoIn February we celebrated our 10th Anniversary at the 32nd Meeting of National Members which was chaired by Martine Hemmerijckx and hosted by Worldline in Brussels.  The meeting was held in the same room where EAST was launched on 11th February 2004.

The EAST Expert Group on ATM Fraud - LogoThe EAST Expert Group on ATM Fraud (EGAF), chaired by Otto de Jong from ING, held three meetings in January, May and September.  In November EGAF produced Guidelines for recovering Fraud Devices at an ATM Crime Scene. The 6th EGAF meeting will be held next month in Amsterdam.

The EAST Expert Group on ATM Physical Attacks - LogoIn May the EAST Expert Group on ATM Physical Attacks (EGAP), chaired by Graham Mott from LINK, held its inaugural meeting, and then a second meeting in September.  The third EGAP meeting will be held in March 2015 in London

EAST Events - EAST National Member meetingsIn June EAST held its 33rd Meeting of National Members which was chaired by Graham Mott and hosted by Europol at the European Cybercrime Centre (EC3) in the Hague.

UnaIn August EAST Finance Director Douglas Brotherston and I were delighted to welcome Úna Dillon to the EAST Executive Team as Development Director.

 

EAST National Members - badgeIn October EAST held its 34th meeting of National Members which was chaired by Rui Carvalho and hosted by Delia Vaquerizo and Sistema 4B in Madrid (the first EAST meeting to be held in Spain).

EAST WebsiteIn November we launched the upgraded version our website, with great support from NSDesign and Media Room.  This website is now multi-platform compatible and is designed to support our needs for the next few years.  During 2014 traffic to our website increased again and we would like to express our thanks to those organisations which have sponsored the website, thereby making the upgrade possible.

EAST - EUROPEAN FRAUD UPDATE 3 - 2014And we continue to keep abreast of the latest fraud trends and crime information, publishing our European ATM Crime Reports and European Fraud Updates.  Our thanks go out to all the people and organisations that have shared information for the above, and for EAST ATM Fraud Alerts – with 32 sent out this year to date.

east thumb2015 is set to be another busy and productive year, with one of the highlights set to be our second EAST Financial Crime and Security Forum, which will be held on 11th and 12th June.  EAST will also hold it first event in Italy – the 35th meeting of National Members will be held in Rome in February, hosted by Consorzio BANCOMAT.
Seasons Greetings

Finally, on behalf of EAST, I would like to wish all readers a wonderful festive break and a very happy and fulfilling New Year.

Kind regards

Lachlan