Terminal Fraud

terminal fraudWhile most payment transactions take place seamlessly and without issue, financial criminals remain active and terminal fraud is a problem for payment terminal deployers, ATM deployers, card issuers, equipment manufacturers and vendors, software providers, law enforcement agencies and other payment industry stakeholders.  On 10th October 2018 the EAST Expert Group on All Terminal Fraud (EAST EGAF) will hold an open Financial Crime & Security (FCS) Seminar in London to focus on the issue.  EAST EGAF is chaired by Otto de Jong of ING Bank.

EAST Executive Director Lachlan Gunn said ‘EAST EGAF was formed as a working group in 2013 and will hold its 16th Meeting on Wednesday 19th September 2018 in Amsterdam. Attendance at EAST EGAF meetings is restricted in accordance with the group’s Terms of Reference, which makes the coming FCS Seminar in October a great opportunity for all those affected by, or concerned about, terminal fraud to engage with EAST’.

This interactive event focuses on two key outputs of EAST EGAF – Guidelines regarding logical attacks on ATMs and standardised fraud definitions.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2018).  A session by Juan Jesús León Cobos of GMV will then focus on the evolution of cash-out/jackpotting attacks in Latin America, followed by a session by Europol’s Tobias Wieloch highlighting Guidelines on how to counter them.  A perspective on card shimming in the UK will then be given by forensic experts Brian Underhill and Nick Weber, followed by a session on the importance of standardising fraud definitions by Ben Birtwistle of RBS and Claire Shufflebotham of TMD Security. The event is co-located with RBR’s ATM & Cyber Security 2018 Conference.  See the full programme here.

Attendance at EAST EGAF meetings is limited, as it is a working group, and this EAST FCS Seminar enables wider participation and the opportunity for all attendees to engage with the Group and its organisers.

The Seminar is sponsored by:





EAST joins Europol’s Advisory Group on Financial Services

EAST Development Director Rui Carvalho will represent EAST at Europol’s Advisory Group on Financial Services, an advisory group to the Programme Board of the European Cybercrime Centre (EC3).  In the context of the cross-border fight against cybercrime the purpose of the advisory group is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services.

EAST has worked closely with Europol since 2004 and in 2015 Europol and EAST signed a Memorandum of Understanding to further strengthen the partnership.

EAST Executive Director Lachlan Gunn said: “I am delighted that EAST can support Europol in the Advisory Group on Financial Services, a further development of our strategic partnership.  Since 2015, and in addition to the normal operation of our National Member and Expert Group meetings, EAST has supported Europol at five strategic payment card fraud meetings in Asia, most recently in May in Vietnam, and also at similar meetings in The Hague and in Colombia.  We have also presented at three Europol Trainings on Payment Card Fraud Forensics, most recently in June at the Spanish National Police Academy.” 

EAST EGAP holds 10th Meeting in The Hague

The tenth meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Tuesday 4th September 2018 in The Hague.

EAST EGAP is a European specialist expert forum for discussion of ATM and ATS related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The meeting was chaired by Mr Graham Mott of the LINK Scheme and was attended by key representatives from Terminal Deployers, ATM Networks, Security Equipment Vendors and Law Enforcement.  Europol gave a central assessment of the ATM physical attack situation in Europe and National Threat Assessments were shared by representatives from twelve countries.

EAST EGAP, which meets twice each year, enables in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

EAST EGAP meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 10th October 2018.  Registration for this is now open and more information can be found on the EAST Events website.

ATM Physical Attacks

ATM Physical attacks remain a significant issue for ATM owners and other stakeholders (both public and private sector) in Europe and elsewhere, with explosive attacks (gas and solid explosive) of particular concern.  On 10th October 2018 the EAST Expert Group on ATM & ATS Physical Attacks (EAST EGAP) will hold an open Financial Crime & Security (FCS) Seminar in London to focus on the issue.  EAST EGAP is chaired by Graham Mott of the LINK Scheme.

EAST Executive Director Lachlan Gunn said ‘EAST EGAP was formed as a working group in 2014 and will hold its 10th Meeting on Tuesday 4th September 2018 in The Hague.  Attendance at EAST EGAP meetings is restricted in accordance with the group’s Terms of Reference, which makes the coming FCS Seminar in October a great opportunity for all those affected by, or concerned about, ATM physical attacks to engage with EAST’.

This interactive event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2018).  Then Gertjan Kaijen of Europol will give an update on the ATM physical attack situation in Europe, which will be followed by Law Enforcement updates from several of the key European markets.  After a networking break there will a session on the steps taken in Italy to counter ATM explosive attacks (gas and solid), and the event will conclude with a Q&A session on all attack types and counter-measures.  The event is co-located with RBR’s ATM & Cyber Security 2018 Conference.  See the full programme here.

Attendance at EAST EGAP meetings is limited, as it is a working group, and this EAST FCS Seminar enables wider participation and the opportunity for all attendees to engage with the Group and its organisers.

The Seminar is sponsored by:



India’s Cosmos bank suffers global ATM cash-out attack

India’s Cosmos cooperative bank has suffered a major global ATM cash-out attack losing Rs 94.42 crore (Euro 12 million approx) in 14,849 transactions between 11 August and 13 August 2018.  The illicit ATM withdrawals took place in at least 28 countries.

On 11 August hackers are believed to have stolen information of the bank’s Visa and Rupay card customers through a malware attack on its ATM (switch) server which led to an initial loss of Rs 80 crore.  According to local police 12,000 transactions were made using Visa cards, which saw Rs 78 crore illegally withdrawn from ATMs in 28 countries, while a further Rs 2 crore were transferred through 2,489 Rupay card transactions in India.

In a second attack on 13 August the hackers initiated SWIFT transactions and transferred Rs 13.92 crore to an account in a Hong Kong-based bank, from where the money was quickly withdrawn.

Cosmos Bank Chairman Milind A. Kale said  “We suspect the malware attack to be done from Canada. The money was withdrawn from ATM machines from 28 countries through around 12,000 international transactions and around 2,849 domestic transactions. The transactions were carried out using fake debit cards. The deposit of account holders is safe and intact. However, as a precautionary measure, we have stopped the online system for two days.”

This attacks comes just days after the US Federal Bureau of Investigation (FBI) issued a confidential alert, warning that cyber criminals were planning an unlimited global ATM cash-out operation.  More details of this can be found on the website Krebs On Security

EAST has worked with Europol to produce guidance and recommendations to counter logical attacks on ATMs, which are now available in four languages. These guidelines are under review and an updated version is expected to be released later this year.

Bancomat and SIA strike mobile money service deal

mobile moneyItaly’s debit network Bancomat S.p.A and SIA have agreed a deal that will bring mobile money services to PagoBancomat cardholders.  Bancomat will integrate SIA’s Jiffy service to create Bancomat Pay, which will allow all PagoBancomat cardholders to use m-payments in stores, make online purchases, and send and receive money in real time (P2P) from their smartphones using their mobile number.

The launch of Bancomat Pay is scheduled for next autumn when it will be available to around 5 million registered Jiffy users at over 2,000 retail businesses, as well as on PagoPA for payments to the Italian public sector.

“With Bancomat Pay we intend to take the first step to enter the world of payment services of the future where it is not just cash that is dematerialised but the card itself”, commented Alessandro Zollo, Bancomat’s CEO.

Looking further ahead Bancomat is looking to bring mobile money services to all of its 37 million PagoBancomat cardholders across the 440 banks that use its services.  The cardholders will either be able to use the service through an app provided by their bank, or directly using the Bancomat Pay app.

“We have invested heavily in Jiffy, along with over 130 banks that already use it, and through this deal we are making its innovative features available to Bancomat to foster digitalization and make the country’s payment system more efficient,” said Nicola Cordone, SIA’s Deputy CEO.

Bancomat represents Italy as a National Member of EAST, and SIA is an Associate Member of EAST.



EAST FCS Seminars 2018 – Update

FCSFollowing on from the success of past FCS Forums EAST is running two concurrent half-day open events (FCS Seminars) on 10th October 2018. They will be held in London and will be co-located with RBR’s ATM & Cyber Security 2018 conference at the Park Plaza Victoria hotel.

The FCS Seminars are open to all interested parties.  EAST has a dedicated Events website where details of the latest programme for each event can be seen, along with information on confirmed speakers.  These include Tobias Wieloch and Gertjan Kaijen from Europol, Daniel Zorzo López from Spain’s Guardia Civil, Ben Birtwistle from the Royal Bank of Scotland and forensic experts Brian Underhill and Nick Weber.

Attendance at EAST EGAF and EGAP meetings is limited due to the size of the Groups and this event enables a wider participation and the opportunity for all attendees to engage with the Groups and their organisers.  Act now to reserve your placeEarly registration discounts are available until 13th August 2018.

EAST Events would not be possible without sponsorship support.  To date the October 2018 EAST FCS Seminar sponsors are:

Interested in FCS Event Sponsorship?  Visit the sponsorship page of our Events website

ATEFI signs Strategic Agreement with AMERIPOL

The Latin American Association of Operators Electronic Funds Transfer and Information Services (ATEFI) has signed an Agreement of Understanding and Mutual Cooperation with The Police Community of the Americas (AMERIPOL). This public-private sector Agreement, signed in in Buenos Aires (Argentina), enables ATEFI and AMERIPOL, through collaboration and mutual professional training, to carry out preventive and investigative actions through forensic analysis of fraud and cybercrime cases.

In May 2016 EAST and ATEFI joined forces to to further strengthen inter-regional cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks and in October 2015 EAST participated in a two-day meeting  in Bogota (Colombia) to discuss payment card fraud overseas and money withdrawals in Latin America.  This meeting, attended by AMERIPOL, was organised by Europol in cooperation with the Colombian authorities (Policia Nacional and its Liaison Bureau at Europol) with the financial support of the Romanian authorities.

This new public-private sector initiative in Latin America is welcomed by the industry in Europe as another step forward in global efforts to tackle transnational payment fraud and financial crime.  EAST has worked with Europol since 2004, a partnership that was strengthened in June 2015 by the signing of a Memorandum of Understanding (MoU), and in June 2017 EAST and ASEANAPOL formalised collaboration.  ASEANAPOL is the National Police organisation for the Association of Southeast Asian Nations (ASEAN).

EAST Publishes European Fraud Update 2-2018

FraudEAST has published its second European Fraud Update for 2018.  This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 45th EAST meeting held in The Hague on 6th June 2018.

Payment fraud issues were reported by fifteen countries.  Seven countries reported card-not-present (CNP) as a key fraud driver.  Two countries reported attempted ‘Forced Post’ fraud, possible when some point of sale (POS) terminals allow the ‘force sale’ functionality.  One country reported a new form of malware on android mobile phones, distributed with a fake application uploaded from third-party android stores.  Another country reported cases of SIM swap fraud, where fraudsters authorise a bank transfer by switching the customer’s mobile phone number over to a new SIM and intercept the authorisation message.  To date in 2018 the EAST Payments Task Force (EPTF) has published five Payment Alerts covering phishing, malware on mobile phones, fraudulent mobile Apps and CNP fraud.

ATM malware and logical security attacks were reported by nine countries.  Five of the countries reported ATM related malware.  In addition to Cutlet Maker (used for ATM cash-out) a new variant called WinPot has been reported – this is used to check how many banknotes are in an ATM.  Six countries reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  To date in 2018 the EAST Expert Group on All Terminal Fraud (EGAF) has published seven related Fraud Alerts. To help counter these threats Europol, supported by EAST EGAF, has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks.  This is available in four languages: English, German, Italian and Spanish.

Card skimming at ATMs was reported by fourteen countries.  For the first time one country reported the arrest of a Chinese national in connection with such attacks.  The usage of M3 – Card Reader Internal Skimming devices remains most prevalent.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Six countries reported such attacks.  One country reported the use of M2 – Throat Inlay Skimming Devices.  Skimming attacks on other terminal types were reported by five countries, four of which reported such attacks on unattended payment terminals (UPTs) at petrol stations.  To date in 2018 EAST EGAF has published ten related Fraud Alerts.

Year to date International skimming related losses were reported in 31 countries and territories outside SEPA and in 3 within SEPA.  The top three locations where such losses were reported remain Indonesia, the USA and India.

Three countries reported incidents of Transaction Reversal Fraud (TRF), two of which reported new attack variants.  To date in 2018 EAST EGAF has published four related Fraud Alerts.

Ram raids and ATM burglary were reported by eight countries.  Six countries reported explosive gas attacks, one of which reported such attacks against ATS machines for the first time.  Another reported that explosive gas attacks against ATMs have started for the first time.  Five countries reported solid explosive attacks.  The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.  To date in 2018 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts.

The full Fraud Update is available to EAST Members (National and Associate).

EAST presents at Europol Training on Payment Card Fraud Forensics

card fraud forensics trainingOn 26 June 2018 EAST Development Director Rui Carvalho presented at the fourth edition of the Europol Training Course on Payment Card Fraud Forensics and Investigations at the Spanish National Police Academy in Ávila, Spain. His talk gave an overview of EAST and covered terminal and payment fraud in Europe from the perspective of the private sector.

The Europol training, which ran from 25 to 29 June 2018, covered a wide range of topics including cryptocurrencies, ATM malware, forensic tools for the examination of skimming equipment, Near Field Communication (NFC) technology, EU regulation in non-cash payment, and data breaches or cyber attacks.

The training course was attended by 74 Investigators, forensic experts, and future police officers from 27 countries in the European Union, as well as from Iceland, Gibraltar, Montenegro, Moldova, Canada, Ukraine and South Korea.  Presentations were given by 33 speakers from different law enforcement agencies, the European Commission, Europol and bodies from the private sector (including EAST) and academia.  Since the first training in 2015 over 200 international students have benefited from the training programme, which has been supported by EAST.