Project CheckCard – live demo at EAST FCS Seminar

Project CheckCard

Join us for the Terminal Fraud Seminar that will be held by the EAST Expert Group on All Terminal Fraud (EGAF) on 9th October 2019.


Project CheckCardTobias Heckmann from the University of Applied Sciences in Bingen, Germany will give an overview of Project CheckCard.

The CheckCard software has been developed as an investigation tool to validate whether or not a smart card is genuine. The check is done off-line, either using software on a desktop or on an android phone.

The presentation will start with a short overview of the project goals and the software that has been developed, and will conclude with a live demonstration of EMV payment card validation and the analysis of smart cards.

This interactive event follows the basic structure of EAST EGAF Member meetings. Attendance at EAST EGAF meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

ATM Physical Attacks

The EAST FCS Seminars will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.

2019 EAST FCS ATM Physical Attack Seminar Sponsor

Additional sponsorship opportunities are still available

Disruptive technologies – their impact on crime and its prevention

Disruptive TechnologiesEuropol has just published a new report aimed at triggering discussion about ‘disruptive technologies’, and the need for innovation and strategic foresight in EU policing.

Disruptive technologies are fundamentally altering the way we live, work and relate to one another.  They provide criminals with new ways to pursue their illegal goals, but also equip law enforcement with powerful tools in the fight against crime.

To remain relevant and effective, it is necessary for law enforcement authorities to invest in understanding and actively pursuing new, innovative solutions. The new Europol Report, entitled ‘Do criminals dream of electric sheep: how technology shapes the future of crime and law enforcement’ will serve as a basis for future discussions between Europol, EU law enforcement and their stakeholders.

Europol’s Executive Director, Catherine De Bolle, said: “Europol’s strategy sets out our ambition to firmly establish Europol as an innovator in law enforcement at the European level. It is no longer good enough to be reactive. Our ability to predict which emerging technologies criminals will turn to next is instrumental to our mission of keeping EU citizens safe. We hope to start a discussion with law enforcement in the Member States and other stakeholders.”

Some of the emerging technologies include Artificial Intelligence (AI), quantum computing, 5G, alternative decentralised networks and cryptocurrencies, 3D printing and biotech. These are set to have a profound impact on the criminal landscape and the ability of law enforcement authorities to respond to emerging threats. The disruption comes from the convergence between these new technologies, the previously unseen use cases and applications, and the challenges posed by existing legal and regulatory frameworks.

The report aims to identify the security threats associated with this and points to ways for law enforcement to use the opportunities brought by these technologies to combat crime and terrorism. It also highlights the pivotal role of the private sector and the importance of law enforcement to engage more with these actors. Furthermore, it is of paramount importance that the voice of law enforcement is heard when legislative and regulatory frameworks are being discussed and developed, in order to have an opportunity to address their concerns and needs, particularly with regard to the accessibility of date and lawful interception.

in an age of rapid digital technological development Europol can deliver additional value by increasingly engaging in expertise coordination and collective resource management, which avoids unnecessary duplication of resources and expertise at national level. The Europol Strategy 2020+ set out for the organisation to support the Member States by becoming a central point for law enforcement innovation and research.

Download the report here

As a private sector partner of Europol, EAST provides trusted platforms where experts from law enforcement and the private sector can routinely come together to focus on current and evolving criminal threats, and what can be done to counter them.  The platforms are:  EAST National Member meetings; the EAST Payments Task Force (EPTF); the EAST Expert Group on All Terminal Fraud (EGAF); and the EAST Expert Group on ATM & ATS Physical Attacks (EGAP).

EAST participates at Europol Training on Payment Card Fraud Forensics

card fraud forensics EAST Development Director Rui Carvalho presented at the fifth edition of the Europol Training Course on Payment Card Fraud Forensics and Investigations at the Spanish National Police Academy in Ávila, Spain. His talk gave an overview of EAST, shared the latest statistics and trends on terminal fraud in Europe from the perspective of the private sector, and covered trends in payments, including an overview of regional and global e-wallets.

The Europol training, which ran from 8 to 12 July 2019, covered a wide range of topics  in the area of payment fraud, including online skimming, logical attacks on ATMs, card data analysis, cryptocurrencies, social engineering attacks and loyalty card fraud.

The training course was attended by 53 Investigators, forensic experts, and accredited trainers from 25 countries in the European Union, as well as from Colombia, Moldova and the United States.  Presentations were given by Europol staff and by key private sector organisations (including EAST). Since the first training in 2015 over 250 international students have benefited from the training programme, which has been supported by EAST from the outset.

This kind of event highlights the importance of close cooperation between the public and private sectors in the fight against cybercrime and all emerging threats in the field of payment card fraud. Such cooperation is enhanced by regular training, and by shared updates on investigative techniques and the improvement of forensic capabilities.

Terminal Fraud Update – EAST FCS Seminars 2019

Terminal Fraud

Act now to save your place for the Terminal Fraud Seminar that will be held by the EAST Expert Group on All Terminal Fraud (EGAF) on 9th October 2019.


  • EAST Executive Director Lachlan Gunn will share the latest Terminal Fraud Statistics published by EAST, covering the period January to June 2019;
  • Veronica Borgogna of BANCOMAT S.p.A will provide a national threat assessment for Italy
  • and Ben Birtwistle of RBS will provide a national threat assessment for the UK

The national threat assessments will cover card compromise and logical/malware attacks

This interactive event follows the basic structure of EAST EGAF Member meetings.  Attendance at EAST EGAF meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

ATM Physical Attacks

The EAST FCS Seminars will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.

2019 EAST FCS ATM Physical Attack Seminar Sponsor

Additional sponsorship opportunities are still available

Cybercrime – Trends and Challenges

cybercrimeAs technology continues to take over our lives, and digitalisation gathers pace, cybercrime is also growing. Europol and Eurojust have published a third joint report identifying and categorising the current developments and common challenges in combating cybercrime, which fall into five different areas.

  • Loss of data: electronic data is the key to successful investigations in all the cybercrime areas, but the possibilities to obtain such data have been significantly limited.
  • Loss of location: recent trends have led to a situation in which law enforcement may no longer establish the physical location of the perpetrator, the criminal infrastructure or electronic evidence.
  • Challenges associated with national legal frameworks: the differences in domestic legal frameworks in EU Member States often prove to be serious impediments to international cybercrime investigations.
  • Obstacles to international cooperation: in an international context, no common legal framework exists for the expedited sharing of evidence (as does exist for the preservation of evidence). There is also a clear need for a better mechanism for cross-border communication and the swift exchange of information.
  • Challenges of public-private partnerships: cooperation with the private sector is vital for combating cybercrime, yet no standardised rules of engagement are in place, and investigations can thus be hampered.

Both the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF) cover cybercrime and its impact on payments and terminals. Both are public-private sector platforms where experts come together to focus on such issues.  EAST National Members also share cybercrime related information with each other, and through the EAST platform, with law enforcement agencies across the world.

Europol publishes Spanish language version of ATM Logical Attack Guidelines

Logical AttackEuropol has just published a Spanish language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF), and the French version was published in March 2019.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Descripción De Los Ataques Lógicos)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Mitigación De Los Riesgos Y Establecimiento De Líneas De Defensa)
  3. Identifying and responding  to Logical and Malware Attacks (Identificación Y Respuesta Frente A Ataques Lógicos A Cajeros Automáticos)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

EAST Publishes European Fraud Update 2-2019

FraudEAST has published its second European Fraud Update for 2019. This is based on country crime updates given by representatives of 16 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 48th EAST meeting held at Europol in The Hague on 5th June 2019.

Payment fraud issues were reported by 18 countries. To date in 2019 the EAST Payments Task Force (EPTF) has issued 4 related Payment Alerts.

Two countries reported mobile wallet fraud in relation to Apple Pay. One reported that mobile wallets are fast becoming the new money mules – fraudsters are enrolling cards that are not yet associated to a specific wallet. Another country reported that fraudsters are obtaining security codes through phishing, with which they can then install a mobile banking app on their own smartphone, using the victim’s data. One country reported that fraudsters are increasingly using mobile call centres to call customers from numbers that appear to be genuine, and then are pretending to be bank security staff. This enables them to obtain key personal information and data.

Five countries reported fake websites, mainly in China and other Asian countries – customers place orders for goods, which are never fulfilled, or for services which are never provided. One country reported that the quality of fake websites and fake emails is constantly improving, with fewer language errors and better design and formatting.

ATM malware and logical attacks were reported by 6 countries. They all reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. In most cases the attacks were unsuccessful. To date in 2019 the EAST Expert Group on All Terminal Fraud (EGAF) has published 5 related Fraud Alerts.

Card skimming at ATMs was reported by eighteen countries. Five countries reported the continued usage of M3 – Card Reader Internal Skimming devices. The most recent variants are made of transparent plastic. Skimming attacks on other terminal types were reported by six countries, three of which reported such attacks on railway ticket machines. To date in 2019 EAST EGAF has published 8 related Fraud Alerts.

Year to date International skimming related losses were reported in 37 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.

Eight countries reported cash trapping attacks, two of them reporting decreases in such attacks. Five countries reported card trapping attacks, two of them reporting that such attacks are increasing.

Ram raids and ATM burglary were reported by 10 countries and 9 countries reported explosive gas attacks, 4 of which reported that such attacks are increasing. Seven countries reported solid explosive attacks, two of which are seeing increases in such attacks, and one reported an attack carried out by criminals armed with assault rifles. The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings. To date in 2019 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published 7 related Physical Attack Alerts.

The full Fraud Update is available to EAST Members (National and Associate).

Cryptocurrency criminals arrested in joint Police operation

The UK’s South West Regional Cyber Crime Unit (SW RCCU) in a joint operation with the Dutch police (Politie), Europol, Eurojust and the UK’s National Crime Agency (NCA) has arrested 6 individuals after a 14-month long investigation into a €24 million cryptocurrency theft.  The five men and one woman were arrested in simultaneous warrants on 25th June 2019, at their homes in the UK and the Netherlands.

The theft, which targeted users’ Bitcoin tokens, is believed to have affected at least 4,000 victims in 12 countries, with the numbers continuing to grow.

The investigation relates to typosquatting, where a well-known online cryptocurrency exchange was ‘spoofed’ – or recreated to imitate the genuine site – to gain access to victims’ Bitcoin wallets, stealing their funds and login details.

This case was referred to the European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol, after the British authorities identified possible suspects living in the Netherlands.  Operational support delivered by EC3 since February 2018 allowed the J-CAT to coordinate the international cooperation between the different EU Member States involved.

In addition, operational meetings were organised at Europol’s headquarters between the British and Dutch authorities, allowing for the smooth exchange of intelligence and evidence which led to these successful arrests.  A coordination meeting was also held at Eurojust to prepare for the action day.

Cryptocurrency crime is one of the issues focused on by the EAST Payments Task Force (EPTF).

EAST FCS Seminars – Sponsorship Announcement

EAST is delighted to announce that sponsorship opportunities are available for the upcoming EAST Financial Crime and Security (FCS) Seminars, which will take place at the Park Plaza, Victoria, London on Wednesday 9 October 2019.  A limited number of sponsorship opportunities are still available for each Seminar. For further details, visit our events website or click on the button below.

FCS Seminars

The EAST FCS Seminars are user-driven events aimed at professionals involved with identifying, preventing and detecting security risks and crime relating to ATMs and other self-service terminals, from a wide range of organisations including banks and police forces. Details of past FCS events can be seen on the Events page of this website.

FCS Seminars

The Financial Crime and Security Seminars will comprise two dedicated tracks:

Terminal Fraud Seminar (organised by the EAST Expert Group on All Terminal Fraud – EGAF)

ATM Physical Attacks Seminar (organised by the EAST Expert Group on ATM & ATS Physical Attacks – EGAP)

FCS Seminars


2019 EAST FCS ATM Physical Attack Seminar Sponsor


Co-location with RBR’s ATM & Cyber Security 2019

ATM & Cyber Security 2019 runs from 08:00 on 8th October to 14:00 on 9th October 2019, while the EAST Terminal Fraud and ATM Physical Attacks seminars run from 14:00 to 17:30 on 9th October 2019.

Please note: The RBR conference is a separate event and requires separate registration – see the RBR website for details and online booking.

EAST participates in Europol’s AG-Financial Services

EAST Development Director Rui Carvalho participated in and presented at a meeting of Europol’s Advisory Group on Financial Services (AG-Financial Services) on 20th June 2019.  The meeting was held at Europol’s HQ in The Hague.  The AG-Financial Services advises the Programme Board of the European Cybercrime Centre (EC3) at Europol. Its purpose is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services

Rui Carvalho is also Chair of the EAST Payments Task Force (EPTF) which has great synergy with AG- Financial Services in that its remit, as a public-private sector expert working group, covers the impact of cybercrime on financial services.  Going forwards he will share updates from the EPTF at future meetings of the AG-Financial Services.