A Security Alert relating to Transaction Reversal Fraud (TRF) has just been published by the EAST Expert Group on All Terminal Fraud (EGAF).
TRF is the unauthorised physical manipulation of an ATM cash withdrawal which makes it appear to the ATM system that cash has not been dispensed despite the criminal gaining access to, and taking the cash. This causes a reversal message to be generated and sent to the card issuing organisation, ultimately resulting in a free cash withdrawal. Criminals will typically use prepaid cards, or stolen or skimmed cards making it difficult to detect the identity of the perpetrator .
TRF exploits weaknesses in the hardware, application software, or transaction handling at the host. TRF does not involve a legitimate customer. A definition of TRF can be found on this website.
Information provided by EAST members, and shared through Alerts and Reports, shows that criminals are increasingly using TRF throughout Europe and in other parts of the world.
This Security Alert, which provides a description of TRF (Key MOs and Typical Execution) along with Guidelines to mitigate the risk, is available to EAST Members (National, Global and Associate).