EAST EGAF holds 27th Meeting in Amsterdam

 

The 27th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 14th September 2022 at ING Bank in Amsterdam.  The hybrid meeting was chaired by Otto de Jong from ING Bank.

It was attended by 23 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts. 9 people were in the room and there were 14 virtual participants.

Experts from the following organisations contributed to the meeting: Atruvia AG, Bits A/S, BKA, BVK, Cennox, Damage Control, Diebold Nixdorf, Europol, Group-IB, ING Bank, KAL, Mastercard, NatWest Group, NCR, PSA, TietoEVRY, and TMD Security.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Discussion at the meeting focussed on follow up to two EAST Fraud Alerts relating to Active Shimmer (Wedge) / Relay attacks and presentations were also made in relation to ATM black box attacks, to PCIDSS 4.0 (new requirements relating to e-commerce) and to Transaction Reversal Fraud.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 272 Fraud Alerts have been issued as can be seen in the table below.

EAST EGAP holds 18th Meeting

The 18th Meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Wednesday 31st August 2022.  It was hosted by Europol as a virtual meeting and was chaired by Graham Mott of the LINK Scheme.

The meeting was attended by 52 key representatives from Law Enforcement, Terminal Deployers, ATM Networks and Security Equipment Vendors.

  • Europol gave a central assessment of the ATM physical attack situation in Europe
  • The ECB gave an update on the policy and approach regarding the detection of neutralised banknotes by third parties.
  • National Threat Assessments were shared by representatives from 19 countries:
CountryUpdate(s) Given By
AustriaCriminal Intelligence Service
BelgiumBatopin NV
BrazilTecBan
Czech RepublicPolice of the Czech Republic
DenmarkPetersen-Bach
FinlandNational Bureau of Investigation
FranceGendarmerie - OCLDI
GermanyBKA
GreeceHellenic Police
HungaryNational Bureau of Investigation
ItalyMIB
LuxembourgService de Police Judiciare
MaltaMalta Police
NetherlandsNational Police
PortugalPolicia Judiciare, Policia de Seguranca Publica
South AfricaSABRIC
SpainSpanish National Police, Guardia Civil, Autonomous Police of Catalonia
SwitzerlandFederal Office of Police (FEDPOL)
United KingdomSaferCash/West Midlands Police (ROCU)

Experts from the following organisations also participated in the meeting:  ATM Safe, Cyprus Police, Diebold Nixdorf, Feerica S.A., Gunnebo, Guarda Nacional Republicana, Mactwin Security, NCR, Oberthur Cash Protection, Professional Witnesses Group (PWG), Secure Banking Technology,  Spinnaker.

EAST EGAP is a European specialist expert forum for discussion of ATM, ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The Group meets twice each year to enable in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

Hit by Ransomware? 136 free tools are now available to rescue your files

The No More Ransom initiative is offering 136 free tools to rescue files held to ransom.  The scheme has just celebrated its 6th Anniversary and over 10 million people have now downloaded its decryption tools.  It is a great example of a successful public-private partnership initiative – to date it has helped over 1.5 million people successfully decrypt their devices without needing to pay the criminals. The portal is available in 37 languages in order to better assist victims of ransomware across the globe.

Launched by Europol, the Dutch National Police (Politie) and IT security companies, the No More Ransom portal initially offered four tools for unlocking different types of ransomware and was available only in English.  Last year a new website was launched. Six years later the scheme offers 136 free tools for 165 ransomware variants, including Gandcrab, REvil/Sodinokibi, Maze/Egregor/Sekhmet and more.  Over 188 partners from the public and private sector have joined the scheme, regularly providing new decryption tools for the latest strains of malicious software.

The best cure against ransomware remains diligent prevention. You are strongly advised to:

  • Regularly back up data stored on your electronic devices.
  • Watch your clicks – do you know where a link will take you?
  • Do not open attachments in e-mails from unknown senders, even if they look important and credible.
  • Ensure that your security software and operating system are up to date.
  • Use two-factor authentication (2FA) to protect your user accounts.
  • Limit the possibility to export large amounts of corporate data to external file exchange portals.
  • If you become a victim, do not pay! Report the crime and check No More Ransom for decryption tools.

Crypto Sheriff helps define the type of ransomware affecting your device. This enables a check to see if there is a solution available. If there is, you will be provided with a link to download the decryption solution

13 more arrests of ATM explosive gang members

German authorities, together with Dutch and Belgian counterparts, have arrested thirteen members of a Dutch gang linked to 21 ATM explosive attacks against cash machines in Germany.  The gang stole over €1.6 million as a result of the attacks, and collateral damage to equipment and buildings was in excess of €4 million.

The arrests took place on 28 June with over 100 Police officers involved in Germany (North Rhine Westphalia) and the Netherlands.

  • 8 arrests were made in the Netherlands
  • 3 arrests were made in Germany
  • 2 arrests were made in Belgium

These arrests follow another successful police operation in May 2022.

Europol’s European Serious Organised Crime Centre supported the investigation from the onset by bringing together the national investigators from Germany and the Netherlands to establish a joint strategy and to organise the intensive exchange of evidence needed to prepare for final phase of the investigation.

Threat To Life

Law enforcement is increasingly concerned about the heavier explosives that criminals are using to gain access to the ATM safes. The explosions are putting the lives of local residents and bystanders at risk: the surrounding buildings can collapse, or fragments of the explosion can hit passers-by.

In some cases, the perpetrators escape the crime scene in powerful motorised vehicles at speeds of up to 250 km/h, causing a serious risk to public safety.

Cross Border Cooperation

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) is a cross-border European specialist expert forum for discussion of ATM, ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.  The Group meets twice each year to enable in-depth and technical discussion to take place. The 17th EAST EGAP Meeting took place on 2nd March 2022.  Information exchange linked to the prevention of ATM explosive attacks is a key focus of the Group.

EAST Publishes Fraud Update 2-2022

EAST has published its second Fraud Update for 2022.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 1st EAST Global Congress held on 16th June 2022.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Canada; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Poland; Romania; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update 1

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published two related Fraud Alerts.

EAST Fraud Update 2

To date in 2022 the EAST EGAF has published three related Fraud Alerts.

FRAUD ORIGIN

To date in 2022 EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2022 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full EAST European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

 

EAST EPTF holds 13th Meeting

The 13th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 29th June 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 13 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol and the DCPCU provided the law enforcement perspective, and presentations were also made by Cartes Bancaires, Diebold NixdorfHSBCPAN-Nordic Card Association, Payment Services Austra (PSA), SIBsSTMP, TietoEVRY and Trend Micro.  Social engineering linked to authorised push payment (APP) or impersonation fraud is a key area of concern, as is ransomware.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

Delia Vaquerizo retires from EAST

Delia Vaquerizo has retired from EAST after representing Spain for 17 years.  She attended her first EAST Meeting in 2006 and joined the EAST Board as a non-Executive Director in October 2016.  She is also a founder member of the EAST Expert Group on Payment and Transaction Fraud (EPTF), which was formally launched in 2016.

In recognition of her significant contribution to EAST and the industry, she was presented with an Award by Graham Mott (LINK Scheme and the current EAST Chair) at the 1st EAST Global Congress, her final meeting.

Spain is represented at EAST by the National Member Sistema de Tarjetas y Medios de Pago, S.A. (STMP) and Delia’s role as EAST national representative has been taken over by Susana González Prada from STMP’s Fraud Management department.

EAST Executive Director Lachlan Gunn said: “Delia has done a fantastic job in gathering and collating information and data from the Spanish market, that has been of great benefit to Law Enforcement and the industry.  It has been a real pleasure to work with her over the years. On behalf of the EAST Executive Team, the EAST Board, and of all our members, I wish her all the best for her new role at STMP, where she has responsibility for the management of BNPL (Buy Now Pay Later) solutions for card payments.  While she will no longer be a regular attendee at EAST meetings, we hope to still see her at future EAST Forums and other industry events.”

The 1st EAST Global Congress was held at Europol in The Hague on 16th June 2022.

Phishing gang busted by cross-border Police operation

A cross-border operation, supported by Europol and involving the Belgian Police (Federale Politie) and the Dutch Police (Politie), resulted in the dismantling today of an organised crime group (OCG) involved in phishing, fraud, scams, and money laundering.

  • The OCG used email, text messages and mobile messaging applications to contact their victims.
  • These messages contained a phishing link leading to a bogus banking website.
  • Thinking they were viewing their own bank accounts through this website, the victims were duped into providing their banking credentials to the suspects. The investigative leads suggest that the criminal network managed to steal several million euros from their victims with this fraudulent activity.
  • The OCG used money mules to transfer these funds from the victim’s accounts and to cash out the fraudulently obtained money.
  • Members of the OCG have also been connected with cases of drugs trafficking and possible firearms trafficking.

Police Action

On 21 June 2022 the coordinated Police action led to:

  • 9 arrests in the Netherlands
  • 24 house searches in the Netherlands
  • Seizures including firearms, ammunition, jewellery, electronic devices, cash and cryptocurrency

Europol facilitated the information exchange, the operational coordination and provided analytical support for investigation. During the operation, Europol deployed three experts to the Netherlands to provide real-time analytical support to investigators on the ground, forensics and technical expertise.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including phishing. The 12th EAST EPTF meeting took place on 13 April 2022.

Europol launches updated ATM Logical Attack Guidelines at 1st EAST Global Congress

Europol has published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The new document was officially launched at the 1st EAST Global Congress, which took place on Thursday 16th June 2022 at Europol’s HQ in The Hague.  Production of the document was coordinated by the EAST Expert Group on All Terminal Fraud (EGAF).

It has three sections:

  1. Description of Modi Operandi
  2. Mitigating the risk of ATM Logical Attacks, Setting up Lines of Defence
  3. Identifying and responding to Logical Attacks

This latest version has many updates including improved advice on lines of defence and countermeasures, and a direct link (QR code) to the countermeasures published by EAST.

The original Guidelines were published in 2015, with a first update in 2018.  They have been acknowledged as being of great value by both the industry and law enforcement, and the low success rate of ATM logical attack levels in Europe can no doubt be attributed to the fact that this guidance has been widely followed.

Lachlan Gunn, EAST Executive Director, said “This latest version draws upon feedback and expertise from both law enforcement and the private sector, cemented by a working partnership between Europol and EAST EGAF.  We are very grateful to Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), and his team at for making this possible.  I would like to thank Otto de Jong (ING Bank and EAST EGAF Chair) and Christian Beine (Diebold Nixdorf) for their key role in leading this exercise, and to also extend my thanks to GMV, INTERPOL, NCR, TMD Security and Trend Micro for their invaluable work and contributions”. 

ATM Logical Attacks

Pictured above at the launch are (Left to right) Lachlan Gunn, Edvardas Šileris, and Otto de Jong.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National, Global, and Associate).

National & Global Fraud Intelligence sharing – 1st EAST Global Congress

The 1st EAST Global Congress took place on Thursday 16th June 2022 at Europol’s HQ in the Hague as a hybrid meeting, with some delegates participating online. This was the first in-person meeting of EAST Global and National Members since February 2020.  Six virtual interim meetings were held between that meeting and the Global Congress.

The meeting was chaired by Graham Mott from the LINK Scheme and the key focus was on the sharing of payment and terminal fraud intelligence (global, regional, national).  A special welcome was given to Olesya Danylchenko from the Ukrainian Interbank Payment Systems Member Association (EMA).

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), and the United States Secret Service (USSS).  An update was provided from Europol’s European Cybercrime Centre (EC3) on various fraud types and an updated version of the document Guidance and Recommendations Regarding Logical Attacks Against ATMs‘  was officially launched.  A presentation from Europol’s Organised Property Crime Unit covered recent Physical ATM attacks across Europe. The USSS update covered recent reports from the FBI’s Internet Crime Complaint Centre (IC3), as well the latest fraud trends seen.

Private sector fraud intelligence updates were received from 25 countries, either directly or via regional/global updates by HSBC and Worldline.  Regional Updates were also provided for ASP, and MENA.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

Updates were also given by the Chairs of the three EAST Expert Groups:

EAST Fraud Update 2-2022 will be produced early next month, based on the country updates provided at the EAST Global Congress.  EAST Fraud, Payment, and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The 2nd EAST Global Congress, scheduled for 5th October 2022, will also be held as a Hybrid Meeting.