EAST has just published its first European Fraud Update for 2015. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 35th EAST meeting held at Consorzio BANCOMAT in Rome on 11th February 2015.
Card skimming at ATMs was reported by 19 countries, with decreases reported by 9 countries and increases by one country. Three countries reported card data compromise through wire-tapping or ‘Eavesdropping’. Usage of card reader internal skimming devices appears to be increasing – these are inserted through the card reader throat and then sit inside the card reader capturing the data of cards that are subsequently inserted.
One country reported finding skimming devices that had been printed out from a 3D printer. A demonstration of 3D printing technology and how it can help validate anti-skimming technology will be given at the EAST Financial Crime and Security (FCS) Forum 2105 that will be held on 11th and 12th June 2015 in The Hague.
Skimming attacks on other terminal types were reported by 9 countries. Attacks on unattended payment terminals (UPTs) at petrol stations were seen in 5 countries, while 2 countries reported skimming attacks at railway or other transport ticket machines.
Europol’s European Cybercrime Centre (EC3) has supported an 18-month EU-funded project against payment card fraud, initiated by UK authorities, which has resulted in the arrest of 59 individuals, 32 prosecutions and 17 convictions as well as the disruption of five organised crime groups misusing electronic payments.
Cash trapping attacks appear to be on the decrease, reversing a previously reported trend. Fourteen countries reported such attacks. The overall decrease can be attributed to the success of customer awareness campaigns and to preventative measures put in place at the ATMs. Compared to previous years the number of transaction reversal fraud attacks also appears to be decreasing.
ATM malware incidents were reported by 3 countries. These were ATM ‘cash out’ or ‘jackpotting’ attacks. In one of the countries it is believed that ATMs were infected either through USB ‘drops’, or remotely through the ATM network.
Ram raids and ATM burglary were reported by 9 countries, with one of them reporting increases in this type of attack and another significant decreases. Nine countries reported explosive gas attacks, two of them reporting significant increases. A comprehensive press article on ATM gas attacks can be found at http://www.bloomberg.com/graphics/2015-atm-bombers/. Two countries also reported attacks on ATMs using solid explosives.
The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.