Terminal fraud attacks increase in Europe

terminal fraudEAST has just published a European Payment Terminal Crime Report covering 2019 which reports that terminal fraud attacks were up 35%.

Terminal related fraud attacks rose from 13,511 to 18,217 incidents, mainly driven by an 87% increase in ATM transaction reversal fraud attacks (up from 4,843 to 9,054 incidents), while card skimming incidents fell 21% to an all-time low (down from 1,883 to 1,496 incidents).

EAST Executive Director Lachlan Gunn said, “Despite the overall rise in terminal fraud incidents, total reported losses were almost unchanged. Transaction reversal fraud losses did rise from €2.6 million to €5.2 million, but the continued drop in skimming incidents has helped to keep the overall loss position stable.”

Total losses of €249 million were reported, up 1% from the €247 million reported in 2018. Overall losses due to card skimming were unchanged and losses due to card trapping were down by 14% (from €2.9 million to €2.5 million).

ATM related physical attacks were up 0.5% (from 4,579 to 4,571 incidents). Attacks due to ram raids and ATM burglary were down 11% (from 1,256 to 1,122 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were down 7% (from 1,052 to 977 incidents). Losses due to ATM related physical attacks were €22 million, a 39% decrease from the €36 million reported in 2018.

The average cash loss for a robbery is estimated at €20,369 per incident, the average cash loss per explosive or gas attack is €10,735 and the average cash loss for a ram raid or burglary attack is €9,377. These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A total of 140 ATM malware and logical attacks were reported, down from 157 in 2018, an 11% decrease. All the reported attacks were ‘cash out’ or ‘jackpotting’ attacks. In 118 attacks equipment typically referred to as a ‘black box’ was used, and malware was used in the other 22 attacks. Related losses were up 142%, from €0.45 million to €1.09 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

Investment fraud gang taken down in Bulgaria and Serbia

Investment fraudA large criminal network involved in investment fraud, money laundering and social engineering was taken down in an international investigation, launched one year ago. The action day, which took place in Belgrade and Sofia, went ahead on 2 April despite the current lockdown.

Estimated total losses were €80 million and the fraud affected over 1,000 victims in Germany and Austria, as well as people in other countries.  In Austria  it is estimated that 850 victims lost around €2.2 million, while in Germany hundreds of victims suffered estimated losses of about €10 million.

The suspects, believed to be members of a large criminal network, offered bogus investments in trading products such as binary options and contract for differences (CFDs) on online trading platforms.  The investments started at around €250 and Agents from call centres in Bulgaria and Serbia then manipulated the victims to make much higher investments in non-existent trading products including CFDs and forex (foreign exchange currency market).

During the action day Law enforcement authorities from Bulgaria and Serbia carried out 11 house searches and arrested 9 individuals (5 in Serbia and 4 in Bulgaria). Two of the leaders of the criminal network were arrested in Sofia. The seizures include five properties in Serbia, €2.5 million from a bank account in Germany, electronic equipment and other evidential material. 30 other bank accounts were put under surveillance.  

Advisory Group on Financial ServicesEuropol and Eurojust supported the investment fraud investigation, which involved law enforcement and judicial authorities from Austria, Bulgaria, Germany and Serbia.  

Europol facilitated information exchange and provided analytical support, cross-checking operational information in real-time against its databases to provide leads to investigators in the field, and a Joint Investigation Team between Austria and Germany was set up by Eurojust to coordinate judicial matters.

EAST and Europol have worked together since 2004 and EAST provides secure platforms for public/private sector cooperation in the fight against organised criminal groups engaged in financial crime.  Click here for more information on EAST’s law enforcement relationships.

The EAST Payments Task Force (EPTF) has a specific focus on tackling social enginnering  This Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.

COVID-19 – Cybersecurity Awareness

CybersecurityThe coronavirus outbreak is still a rising issue for many countries and related lock-downs have forced many people into teleworking – working at home, while communicating with their office by phone or email, or using the Internet.  This raises cybersecurity concerns.

Malign actors are actively exploiting these new challenging circumstances to target remote workers, businesses and individuals alike.  It is vitally important for everyone to be fully aware of the threats and to ensure that anything transacted over the Internet is done safely and securely.

To help with this awareness Europol has provided ‘Safe Teleworking Tips and Advice’ for both employees and employers, as well as tips on  ‘How To Make Your Home a Cyber Safe Stronghold’ (available for download in 13 languages).

EAST and Europol have worked together since 2004 and EAST provides secure platforms for public/private sector cooperation in the fight against organised criminal groups engaged in financial crime.  Click here for more information on EAST’s law enforcement relationships.

The EAST Payments Task Force (EPTF) has a specific focus on cybersecurity.  This Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.

EAST Publishes European Fraud Update 1-2020

EAST has just published its first European Fraud Update for 2020. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 2 non-SEPA countries, at the 50th EAST meeting held in Vienna on 12th February 2020.

Payment fraud issues were reported by eighteen countries. Seven countries reported CNP fraud occurring worldwide. One reported that the card data is either bought in bulk or obtained via card testing/BIN attacks. The attackers use scripts/bots (not real people) to conduct the fraud. Four countries reported BIN attacks. One reported that they are originating from the Middle East for the first time and another reported them in relation to both CP and CNP fraud, with losses reported in the USA, the UK and Brazil. Two countries reported Account Takeover Fraud, one of them in connection with SIM swapping.

Six countries reported phishing. One reported the use of fake emails by criminals to impersonate bank customers, claiming that their bank account details have changed. Another reported that online banking was targeted, and a third country reported phishing using social networks, with related fraud occurring in China. Three countries reported SMS phishing (Smishing). One of them reported this related to token validation transactions – the IP addresses are in Morocco and the fraud occurs in an EU country with losses via Western Union.

To date in 2020 the EAST Payments Task Force (EPTF) has published one related Payment Alert.

ATM malware and logical attacks were reported by twelve countries – one reported successful ATM malware attacks where ‘Cutlet Maker’ was used, and ten reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2020 the EAST Expert Group on All Terminal Fraud (EGAF) has published one related Fraud Alert.

Card skimming at ATMs was reported by ten countries, and the downward trend continues. Six countries reported the usage of ‘M3 – Card Reader Internal Skimming devices’, and the usage of ‘M1 – Overlay Skimming Devices’ and ‘M2 – Throat Inlay Skimming Devices’ was also reported. Skimming attacks on other terminal types were reported by eight countries. Four reported attacks on unattended payment terminals (UPTs) at petrol stations, and three reported attacks at railway ticket machines. To date in 2020 EAST EGAF has published four related Fraud Alerts.

Year to date International skimming related losses were reported in 14 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.

Five countries reported card trapping attacks, one of them reporting a new method that allows several cards to be captured in one attack. Three countries reported transaction reversal fraud (TRF) incidents. To date in 2020 EAST EGAF has published two related Fraud Alerts.

Ram raids and ATM burglary were reported by eleven countries and eleven countries reported explosive gas attacks, one of which resulted in a fatality. Eight countries reported solid explosive attacks. The usage of Triacetone Triperoxide (TATP) for solid explosive attacks continues to increase across Europe. Mixing TAPT is a complicated procedure that requires good knowledge of the chemicals, as there is a danger of setting off an unexpected explosion. The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.
To date in 2020 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

EAST EGAP holds 13th Meeting in The Hague

The 13th meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Tuesday 3rd March 2020 in The Hague.

EAST EGAP is a European specialist expert forum for discussion of ATM and ATS related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The meeting was chaired by Mr Graham Mott of the LINK Scheme and was attended by key representatives from Law Enforcement, Terminal Deployers, ATM Networks and Security Equipment Vendors.  Europol gave a central assessment of the ATM physical attack situation in Europe and National Threat Assessments were shared by representatives from fifteen countries.

A presentation was given by ESTA, the Cash Management Companies Association and an update from the European Central Bank (ECB) was shared.

EAST EGAP, which meets twice each year, enables in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

Viewpoint: Biometric ATMs

Would you use a biometric solution to authorise an ATM transaction?  According to the latest EAST research poll the majority would now use such technology, but for many this would only be after a full explanation as to how their personal data would be controlled.

Biometric ATMs are well established in Japan, where tens of thousands are in operation, and their usage is spreading in other countries – banks in Hong Kong, Qatar, Poland, South Africa and Taiwan are also deploying the technology. A common system is ‘finger vein’ identification technology. The transaction is authorised by a finger scan, rather than by entering a PIN. The finger vein technology maps the internal vein system within a finger, and will only accept a living finger, meaning that authentication requires the customer to be present in person each and every time.

From September to December 2019 EAST ran a poll on this topic for which he results can be seen in the chart below.


  • The majority of the respondents (53%) would only use such technology after full explanation as to how their personal data will be held and controlled
  • 26% would be happy to use such technology in place of their PIN
  • 21% would not use such technology due to concerns about personal data privacy

This is a significant change from a similar poll on Biometric ATMs that EAST ran in 2010, when 50% of the respondents said that they would not use such technology due to concerns about personal data privacy, 27% were happy to use such technology, and 23% would only use such technology after full explanation as to how their personal data will be held and controlled.


50th EAST Meeting hosted by PSA in Vienna

The 50th EAST Meeting (National Members) was hosted by Payment Services Austria (PSA) in Vienna on 12th February 2020. The meeting was chaired by Martine Hemmerijckx of Worldline NV/SA, who co-founded EAST with Lachlan Gunn, EAST Executive Director, in 2004.

This was a milestone meeting and the last in the current format as, in June 2020, EAST will hold its 1st Global Congress.  In recognition of her work in founding and supporting EAST, and on behalf of the EAST Board and members, Lachlan presented Martine with an award.

National country crime updates were provided by 20 countries, and a global update by HSBC.  Topics covered included payment fraud and the continuing evolution of payment technology and related threats, terminal related fraud attacks, malware and logical attacks, and ATM related physical attacks.

The Criminal Intelligence Service Austria presented on the prevention of e-commerce fraud.  The European Cybercrime Centre (EC3) at Europol gave a presentation on forthcoming Europol activities for 2020, with a specific focus on Carding Action Week (CAW) .  This was followed by a presentation from the Gulf Cooperation Council Police (GCCPOL) that gave an update on payment and fraud issues seen by their 6 member countries.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).  An update was given by the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 1-2020 will be produced later this month, based on the national country crime updates provided at the 50th EAST Meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

Europol publishes Turkish language version of ATM Logical Attack Guidelines

EuropolATM has just published a Turkish language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF).  The document is now available in EnglishFrench, GermanSpanish, Russian and Turkish.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Hareket Tarzi Açiklamas i)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (ATM’lere Yönelik Mantiksal ve Kötü Niyetli Yazilim Saldirilarinin Risklerini Hafifletmek Savunma Hatlari Kurmak)
  3. Identifying and responding  to Logical and Malware Attacks (Mantiksal ve KÖTÜ Niyetli Yazilim Saldirilarini Saptamak ve Yanitlamak)

The Guidelines were first published in 2015 and this latest version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, along with more detailed recommendations on how to mount a robust and effective response to them.  The recent fall in ATM malware and logical attacks, as reported by EAST in the latest European Payment Terminal Crime Report published in October 2019, reflects the work that has been put into preventing such attacks by the industry and law enforcement.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

EAST EGAF holds 20th Meeting in Amsterdam

The 20th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 15th January 2020 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong from ING Bank and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

This was a milestone meeting and, in recognition of his work in founding and supporting EGAF, as well as his 16 years of active support for EAST, Otto was presented with an award by Ms Veronica Borgogna of BANCOMAT S.p.A, the current Chair of EAST.

Presentations were made by Europol (AP Cyborg), Geldmaat, Damage Control and Fiducia & GAD IT AG.

The EGAF Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 227 EAST Fraud Alerts have been issued, 2 to date in 2020.

EAST Fraud Definitions now available in Portuguese

EAST Terminal Fraud Definitions are now available in the Portuguese language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by SIBS, the EAST National Member for Portugal.

These definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Portuguese is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Portuguese language.


The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.