EAST publishes first Payment Alert

EAST has just published its first Payment Alert which covers an attack on a payment network through its member associations throughout Europe.  This Alert relates to a recent phishing email sent to employees of related banking and financial institutions.  Phishing is a social engineering attack that has become very popular and has caused severe damages and losses to companies and individuals.

This new Alert is an initiative of the EAST Payments Task Force (EPTF), a specialist task force for discussion of security issues affecting the payments industry and for the gathering, collation and dissemination of related information and statistics.

Rui Carvalho EAST Development Director and EPTF Chair said: “In June last year EAST changed its name to become the European Association for Secure Transactions to expand its remit beyond ATMs to include all terminal types and to also focus on payment transactions.  As card skimming incidents continue to decline in Europe our focus is increasingly moving to Payment related cyber-attacks and Card Not Present (CNP) fraud issues which continue to rise.  The EPTF Payment Alerts will help to bring focus on new and developing threats in these criminal areas.”

Through its Expert Group on All Terminal Fraud (EGAF) EAST has been issuing Fraud Alerts since 2013 (170 Alerts issued to date) and Physical Attack Alerts have been issued by its Expert Group on ATM & ATS Physical Attacks (EGAP) since 2015 (18 Alerts issued to date).

EAST Alerts contain sensitive information and are restricted to EAST Members (National and Associate).  They are classified as AMBER using the variant of the Traffic Light Protocol (TLP) adopted by EAST and an overview of the TLP classifications used by EAST is below: