Susanne Kreuzer retires from EAST

Susanne Kreuzer will retire from EAST on 18th June 2019.  Susanne is one of the founder members of EAST and attended her first EAST meeting in 2004, representing Germany, a role she has held since.  When EAST created its own legal identity in 2007, Susanne joined the Board as a non-Executive Director.  She is also a founder member of the EAST Payments Task Force (EPTF), which was formally launched in 2016, and has been instrumental in helping to forge its direction and remit.

EAST Executive Director Lachlan Gunn said:  “When Susanne joined EAST in 2004 she came as a well-respected professional with a strong background in the prevention of financial crime.  Over the years she has done a fantastic job in gathering and collating information and data from the German market, that has been of great benefit to Law Enforcement and the industry.  She is one of a dwindling group of EAST founder members still active in the group, and without her energy, enthusiasm, commitment and support, EAST would not have grown to be what it is today.  On behalf on the EAST Executive Team, the EAST Board, and of all our members, I wish her a happy, fulfilling and well-earned retirement.”

Germany is represented at EAST by EURO Kartensysteme GmbH and Susanne’s role as EAST National Member representative will be taken over by Margit Schneider, who has also been connected with EAST for many years.

The 48th EAST Meeting was held at Europol in The Hague on 5th June 2019.  At this meeting Susanne Kreuzer was presented with a memento of EAST by Lachlan Gunn.  Otto de Jong, also a founder member of EAST and Chair of the EAST Expert on All Terminal Fraud (EGAF), then thanked her on behalf of all present, for her significant contribution to EAST, to law enforcement and to the industry, during a career in financial crime prevention that has spanned over 30 years.

Physical ATM Attack Prevention

On 22/23 January 2019 EAST presented at and participated in the EUCPN / Europol Conference on Prevention of ATM Physical Attacks.  A direct output from the event is a recommendation paper on how to prevent such attacks, based on discussions held at the conference. This paper can be downloaded here.  The paper covers:

  • Preventing Physical ATM AttacksFACTORS DETERMINING THE SUCCESS OF
    A PHYSICAL ATM ATTACK
  1. Vulnerability of ATMs
  2. Set- up of an ATM attack
  3. The experience and know- how of the perpetrators
  • NEED FOR A PREVENTIVE APPROACH
  • PREVENTION
  1. Assess the situation
  2. Develop a preventive approach
  3. Implement preventive measures
  4. Reduce the rewards
  5. Increase the risk
  6. Increase the effort
  7. Parallel measures
  • CONCLUSIONS

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) focuses on preventing such attacks and provides a secure platform where experts from Law Enforcement and the Industry come together to discuss the above.  On 9th October 2019 EAST EGAP will be holding an open FCS Seminar on ATM Physical Attacks for which registration is now open.  This will include an interactive discussion session on ‘Physical Attack Types and Counter-Measures

48th EAST Meeting hosted by Europol in The Hague

The 48th EAST Meeting (National Members) was hosted by Europol at their Headquarters in The Hague on 5th June 2019. Presentations were made by the European Cybercrime Centre (EC3) and the European Serious Organised Crime Centre (ESOCC).

National country crime updates were provided by 18 countries, and a global update by HSBC. Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF), the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 2-2019 will be produced later this month, based on the national country crime updates provided at the meeting. EAST Fraud Updates are available on the EAST Website to EAST Members.

48th EAST Meeting

2019 EAST FCS Seminars – ATM Physical Attacks

Act now to save your place for the ATM Physical Attacks Seminar that will be held by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) on 9th October 2019.

HIGHLIGHTS FROM THE ATM PHYSICAL ATTACKS SEMINAR

ATM Physical AttacksGraham Mott of the LINK Scheme, and Chair of EAST EGAP, will host the ATM Physical Attacks Seminar and run the Town Hall Q & A Session on Physical Attack Types and Counter-Measures;

EAST Development Director Rui Carvalho will present the latest Physical Attack Statistics, and will share the current Physical Attack Definitions published by EGAP;

and Daniel Zorzo López of the Guardia Civil will provide an assessment of the current attack situation in Spain.

This interactive event follows the basic structure of EAST EGAP Member meetings.  Attendance at EAST EGAP meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

ATM Physical Attacks

The EAST FCS Seminars will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.


2019 EAST FCS ATM Physical Attack Seminar Sponsor

Additional sponsorship opportunities are still available

EAST Presents at first P3 CyberFraud Training

EAST Development Director Rui Carvalho participated at the first P3 CyberFraud training on 8th May 2019. The event, which was organised by the European Cyber Crime and Fraud Investigators (ECCFI), ran from 7-9 May 2019 and took place in Fleming’s Conference Hotel in Vienna. It was the first training session of the P3 Cyberfraud Project, which is funded by the ‘European Union Internal Security Fund – Police’.

The majority of the participants were from Law Enforcement Agencies and there was representation from some key private organisations. There were 71 registered participants from 24 countries. Rui Carvalho was actively involved in the discussion and gave a presentation from the EAST perspective entitled “Stats and Trends on Terminal and Payment Fraud”.

ECCFI is a registered, non-profit association. In addition to supporting the P3 Cyberfraud Project, the purpose of ECCFI is to promote cyber security in Europe, especially secure payment methods. In addition to cyber security, the purpose is to assure online security by bringing together different authorities as well as the private sector security professionals.

EAST is an Associate Partner of ECCFI and the EAST Payments Task Force (EPTF), chaired by Rui Carvalho, has a specific focus in this area.

2019 EAST FCS Seminars – Programme Announcement

EAST FCS

The programme for the 2019 EAST FCS Seminars is now available.

Two concurrent seminars will be held on 9th October 2019:

EAST FCS Terminal Fraud Seminar (organised by the EAST Expert Group on All Terminal Fraud (EGAF)

This interactive event follows the basic structure of EAST EGAF Member meetings.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2019) and a high-level overview of the European situation by Europol.  Then a session will then focus on the terminal fraud situation in four countries/regions, followed by a short discussion.  This will be followed by a practical demonstration of Project Checkcard, aimed at checking the validity of EMV cards, followed by a session topic still tbc.  Attendance at EAST EGAF meetings is limited due to the size of the Group and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

EAST FCS ATM Physical Attacks Seminar (organised by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP)

This interactive event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2019) and recent attack definitions, and a high-level overview of the European situation.  Then a session will focus on the ATM physical attack situation in five countries, which will be followed by a session on banknote infrared recognition.  The event will conclude with a Q&A session on all attack types and counter-measures.  Attendance at EAST EGAP meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

HIGHLIGHTS FROM THE TERMINAL FRAUD SEMINAR

Otto de Jong, of ING Bank and Chair of EAST EGAF, will host the Terminal Fraud Seminar and chair the discussion on Threat Assessments – Europe;

Tobias Wieloch, of Europol’s European Cybercrime Centre (EC3), will provide an overview of terminal fraud in Europe from Europol’s perspective;

Arnt Olav Rottereng, of EVRY ATM Services, will update on the terminal fraud situation in the Nordics;

and Tobias Heckmann, Software Developer at the University of Applied Sciences Bingen, will present and demonstrate Project CheckCard, an investigation tool designed to assist law enforcement to validate whether or not a smart card is genuine.

 

New EAST Fraud Definitions now available in Russian

EAST Terminal Fraud Definitions are now available in the Russian language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by two EAST National Member organisations – the Ukrainian Interbank Payment Systems Member Association “EMA”  and the MasterCard Members Association (MCMA).

These fraud definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these Terminal Fraud Definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Russian is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Russian language.

The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST EGAF holds 18th Meeting in Amsterdam

EGAFThe Eighteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 8th May 2019 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 210 EAST Fraud Alerts have been issued, 9 to date in 2019.

EAST EGAF meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 9th October 2019.  Registration for this is now open and more information can be found on the EAST Events website.

EPTF holds Fifth Meeting

EPTF

The Fifth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 17th April 2019 at the Banking & Payments Federation Ireland (BPFI) in Dublin.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and was attended by key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Providers and Solution Providers.

EPTFPresentations or updates were given by BANCOMAT S.p.A, Diebold Nixdorf,  EURO Kartensysteme GmbHEuropol, EVRY Norge AS, Fiducia & GAD, Group-IB, ING, INTERPOL, JP Morgan Chase, Payment Services Austria, PLUSCARD Gmbh, and Trend Micro.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 210 EAST Associate Member Organisations from 53 countries and territories.

ATM Physical Attacks in Europe on the increase

ATM physical attacksEAST has just published a European Payment Terminal Crime Report covering 2018 which reports that ATM physical attacks have risen for the fourth consecutive year.

ATM related physical attacks rose 27% when compared with 2017 (up from 3,584 to 4,549 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were down 3% (down from 1,081 to 1,052 incidents).  Explosive attacks remain a cause for concern as the number of countries reporting them has risen from ten in 2017 to eleven in 2018.  Such attacks result in extensive collateral damage and can pose a risk to life.

Losses due to ATM related physical attacks were €36 million, a 16% increase from the €31 million reported during 2017.  The average cash loss per explosive or gas attack is estimated at €17,103, the average cash loss for a robbery is estimated at €13,682 per incident and the average cash loss for a ram raid or burglary attack is estimated at €13,198.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

EAST Executive Director Lachlan Gunn said, “The success rate for solid explosive attacks is of particular concern – we estimate that the average cash loss per solid explosive attack is €27,065.  Such attacks continue to spread geographically with two countries reporting them for the first time in early 2019.  Our Expert Group on ATM and ATS Physical Attacks (EGAP) is actively monitoring the situation and provides a cross-border platform for the industry and law enforcement to share related intelligence and measures that can be taken to mitigate the risks.”

Payment terminal related fraud attacks fell 36% when compared with 2017 (down from 20,971 to 13,511 incidents).  This fall was mainly driven by a 26% decrease in card skimming incidents (down from 2,556 to 1,883 incidents) and by a 66% fall in transaction reversal fraud incidents (down from 14,098 to 4,843 incidents).

Losses due to payment terminal related fraud attacks fell 30% when compared with 2017 (down from €353 million to €247 million).  Within these totals international skimming losses fell by 27% (down from €280 million to €205 million) and domestic skimming losses were down 44% (from €64 million to €36 million).

A total of 157 ATM malware and logical attacks were reported, down from 192 in 2017, an 18% decrease.  156 of the attacks were logical attacks where equipment typically referred to as a ‘black box’ is used to send dispense commands directly to the ATM cash dispenser in order to cash-out the ATM.  Related losses were down 70%, from €1.52 million to €0.45 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National and Associate)