EAST presents at the ATEFI Security Committee 2021

EAST Development Director Rui Carvalho presented at the ATEFI Security Committee on 30th April 2021, a virtual event.  The impact of the Covid-19 pandemic has made it more important than ever for the sharing of threat intelligence to strengthen security strategies in Electronic Payments.  The event focussed on both physical and cyber security.  Rui shared key information and statistics from the latest EAST Payment Terminal Crime Report, as well as insights from the 9th Meeting of the EAST Payments Task Force (EPTF) held on 14th April 2021.  He covered:

  • ATM Malware & Logical Attacks
  • Terminal Related Fraud
  • ATM Physical Attacks
  • Payment Fraud (social engineering, ransomware, e-skimming)

The event was attended by public officials, law enforcement agencies, regulatory entities, representatives of international organisations, Managers and Network Security Officials, ATEFI Members from the entire LATAM region and Spain, as well as bank officials, representatives of the Latin American Bank Associations, Credit and Debit Card executives, and specialised media.

ATEFI is the Latin American Association of Operators Electronic Funds Transfer and Information Services and represents 20 ATM networks in 14 countries throughout Latin America.

In May 2016 EAST and ATEFI joined forces in order to further strengthen cross border cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks.

Viewpoint: How Covid-19 is affecting cash usage

The Covid-19 pandemic continues to impact on how people live their lives and, as a result of the many lock downs, habits are changing.  One area where change is being seen is in cash usage.  From January to April 2021 EAST ran an online research poll which asked the question In which, if any, of the following ways do you think the outbreak of Covid-19 will affect your use of cash in the next six months?:

  • I will use less cash
  • I will use contactless/mobile payments more (e.g. Apple Pay, Google Pay etc)
  • I will do more shopping online
  • I will use card payments more
  • I will use ATMs / cash machines less frequently
  • I don’t think coronavirus will affect my use of cash in the next six months
  • I will take more hygiene precautions when using cash (storing it for longer periods, washing it, using gloves to handle it etc)
  • Don’t know

The final results were as follows (nobody ticked that they will take more hygiene precautions when using cash, or that they don’t know).  Over the next 6 months:

  • 84% of all the respondents will use less cash,
  • 69% will use contactless / mobile payments more,
  • 67% will do more shopping online
  • 52% will use cards more
  • 35% will use ATMs / cash machines less frequently
  • and only 16% of the respondents don’t think that the covid-19 pandemic will affect their use of cash as a result of the covid-19 pandemic.

These results are consistent with our previous poll, that looked at Covid-19, Cash and the future of payments

 

 

EAST Payments Task Force (EPTF) holds Ninth Meeting

The Ninth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 14th April 2021.  Due to the Covid-19 situation it was conducted as a virtual meeting and 24 EPTF members participated.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers took part.

INTERPOLEuropol, the US Secret Service and the DCPCU provided the law enforcement perspective, and Group-IB gave a presentation on e-skimming/JavaScript (JS) sniffers.

Short presentations were also made by Cartes Bancaires, Diebold NixdorfFiducia & GAD, HSBC, JP Morgan Chase, ING BankMasterCard Members’ AssociationPAN-Nordic Card AssociationPSAPLUSCARD, SIBs, STMPtietoEVRY and Trend Micro.  Investment scams and non-banking fraud were reported as rising issues.

The Group, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 207 EAST Associate Member Organisations from 52 countries and territories.

Martine Hemmerijckx retires from EAST

Martine HemmerijckxMartine Hemmerijckx will retire from EAST on 30th April 2021. Martine is a co-founder of EAST and has represented Belgium since the first EAST meeting in February 2004. When EAST created its own legal identity in 2007, Martine joined the EAST Board as a non-Executive Director and has been chairing EAST, in rotation with two other Directors, since then. She will be replaced in this role by Thomas Von der Gathen of Payment Services Austria (PSA).

Belgium is represented at EAST by the Global Member Worldline and Martine’s role as EAST national representative will be taken over by Rudy Vereecken.

The last in-person EAST meeting, the 50th EAST Meeting, was held in Vienna on 12th February 2020, where Martine was presented with an Award by Lachlan Gunn in recognition of her significant contribution to EAST over the years.  Since then all EAST meetings have been virtual due to the Covid-19 pandemic.  The final EAST meeting chaired by Martine was the 3rd Interim EAST Meeting of National Global Members, held online on 10th February 2021.

EAST Executive Director Lachlan Gunn said: “It was during a conversation that Martine and I had in her office in late 2003, that the idea of forming a public-private sector group to focus on ATM fraud issues was born.  Once we agreed to push forward with it, Martine was instrumental in providing the contacts, resources and support needed to get EAST up and running, until the legal entity was formed in 2007.  Since then the EAST remit has greatly expanded and now covers both Terminal Security and Payment Security. 

I will greatly miss her guidance, energy, professional expertise, and enthusiasm.  Her contribution to EAST, to law enforcement and to the industry, during a career in financial crime prevention that has spanned over 30 years, has been significant.  On behalf on the EAST Executive Team, the EAST Board, and of all our members, I wish her a happy, fulfilling and well-earned retirement!”

Terminal fraud attacks in Europe drop during the Covid-19 pandemic

Terminal fraud attacks in Europe drop during the Covid-19 pandemicEAST has published a European Payment Terminal Crime Report covering 2020 which shows that terminal related fraud attacks have dropped significantly during the Covid-19 pandemic.

Terminal related fraud attacks were down 64% (from 18,217 to 6,523 incidents). Card skimming fell to another all-time low (down from 1,496 to 656 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 97% (down from 9,054 to just 250 incidents). Total losses of €218 million were reported, down 14% from the €249 million reported during 2019. Most losses remain international issuer losses due to card skimming, which were €183 million.

EAST Executive Director Lachlan Gunn said, “2020 was a highly unusual year due to the Covid-19 pandemic, and crime and fraud patterns changed accordingly.  While it is good news to see such a significant fall in terminal fraud attacks, there is concern that explosive attacks at ATMs have only fallen by 6%, and that related losses are up by 39%.  The average cash loss for a solid explosive attack is estimated at €28,218, and collateral damage to equipment and buildings can be significant.  There are also major safety issues.  Despite national lockdowns and border closures, mobile organised crime groups continued to operate across Europe.

ATM related physical attacks were down 19% (from 4,571 to 3,722 incidents).  Attacks due to ram raids and ATM burglary were down 33% (from 1,122 to 749 incidents).  ATM explosive attacks (including explosive gas and solid explosive attacks) were down 6% (from 977 to 923 incidents).  Losses due to ATM related physical attacks were €22.4 million, a 1% increase from the €22.1 million reported during 2019.  47% of these losses were due to explosive attacks, which were up 39% from €10.49 to €14.59 million.

ATM malware and logical attacks against ATMs were up 44% (from 35 to 129) and all the reported attacks were Black Box attacks.  A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, in order to ‘cash-out’ or ‘jackpot’ the ATM.  Related losses were up 14% from €1.09 to €1.24 million.  Most such attacks remain unsuccessful.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

Europol publishes the EU SOCTA 2021 – Serious Organised Crime is of growing concern

EU SOCTA 2021Europol has published the European Union (EU) Serious and Organised Crime Threat Assessment (EU SOCTA 2021). The SOCTA, published by Europol every four years, presents a detailed analysis of the threat of serious and organised crime facing the EU. The SOCTA is a forward-looking assessment that identifies shifts in the serious and organised crime landscape.  It details the operations of criminal networks in the EU and how their criminal activities and business practices threaten to undermine societies, economy and institutions, and slowly erode the rule of law. The report provides unprecedented insights into Europe’s criminal underworld based on the analysis of thousands of cases and pieces of intelligence provided to Europol.

The SOCTA 2021 warns of the potential long-term implications of the COVID-19 pandemic and how these may create ideal conditions for crime to thrive in the future, highlighting serious and organised crime as the key internal security challenge currently facing the EU and its Member States.  The report highlights key characteristics of serious and organised crime such as the widespread use of corruption, the infiltration and exploitation of legal business structures for all types of criminal activity, and the existence of a parallel underground financial system that allows criminals to move and invest their multi-billion euro profits.

KEY FINDINGS OF THE SOCTA 2021

  • Serious and organised crime has never posed as high a threat to the EU and its citizens as it does today.
  • The COVID-19 pandemic and the potential economic and social fallout expected to follow threaten to create ideal conditions for organised crime to spread and take hold in the EU and beyond. Once more confirmed by the pandemic, a key characteristic of criminal networks is their agility in adapting to and capitalising on changes in the environment in which they operate. Obstacles become criminal opportunities.
  • Like a business environment, the core of a criminal network is composed of managerial layers and field operators. This core is surrounded by a range of actors linked to the crime infrastructure providing support services.
  • With nearly 40 percent of the criminal networks active in drugs trafficking, the production and trafficking of drugs remains the largest criminal business in the EU.
  • The trafficking and exploitation of human beings, migrant smuggling, online and offline frauds and property crime pose significant threats to EU citizens.
  • Criminals employ corruption. Almost 60% of the criminal networks reported engage in corruption.
  • Criminals make and launder billions of euros annually. The scale and complexity of money laundering activities in the EU have previously been underestimated. Professional money launderers have established a parallel underground financial system and use any means to infiltrate and undermine Europe’s economies and societies.
  • Legal business structures are used to facilitate virtually all types of criminal activity with an impact on the EU. More than 80% of the criminal networks active in the EU use legal business structures for their criminal activities.
  • The use of violence by criminals involved in serious and organised crime in the EU appears to have increased in terms of the frequency of use and its severity. The threat from violent incidents has been augmented by the frequent use of firearms or explosives in public spaces.
  • Criminals are digital natives. Virtually all criminal activities now feature some online component and many crimes have fully migrated online. Criminals exploit encrypted communications to network among each other, use social media and instant messaging services to reach a larger audience to advertise illegal goods, or spread disinformation.

Europol supports hit on Investment Fraud Network

Insignia of the Lithuanian PoliceOn 4 March 2021, Europol supported a hit on a large investment fraud network operating in several EU Member States. The investigation, led by the Lithuanian Police (Lietuvos Policija), and involving law enforcement authorities from Germany, Sweden and the United Kingdom, was also assisted by Eurojust.  By offering fake Retirement Plans, the network defrauded its German victims of a total of €1.5 million.

HOW THE SCAM WORKED 

The criminal network specifically targeted academics in Germany, offering  fake accounts that in reality belonged to Lithuanian companies that were behind the investment fraud scam. The victims wanted to invest their funds in saving accounts hosted on foreign online deposit platforms. The victims found the offers themselves, and then applied for the services. They also sent deposits to individual accounts opened under their names. The criminals offered them fake savings accounts, where the funds had to be deposited for a significant time period, usually between six months and three years.  This gave them time to escape with the funds and hide their traces.  On receipt the criminals transferred the funds to accounts in other EU Member States, and part of them were cashed out at ATMs in Sweden.  A total of €1.5 million was stolen in this way.

LAW ENFORCEMENT ACTION

EFECCThe action day in Lithuania led to:

  • 26 house searches (18 in Lithuania and 8 in Sweden)
  • 5 arrests (4 in Lithuania and 1 in Sweden)
  • 38 victims identified
  • Accounts worth more than €1.2 million frozen (€500,000 in Lithuania and €700,000 in other countries)
  • Seizures include electronic equipment and various documents

Europol supported the operation by facilitating information exchange and providing analytical support. During the action days, Europol cross-checked operational information in real-time against Europol’s databases to provide leads to investigators in the field.

FRAUD DEFINITIONS

The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment fraud.  It has provided fraud definitions to be adopted globally when describing or reporting payment or terminal fraud.  Investment Fraud is classified as a form of Technological Fraud (Attacks against Technology).

EAST Publishes Fraud Update 1-2021

EAST has just published its first Fraud Update for 2021. This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 3rd (virtual) EAST Interim Meeting held on 10th February 2021.

The following countries supplied full or partial information for this Update:

Austria; Belgium; Cyprus; Denmark; Finland; France; Germany; Hungary; Ireland; Italy; Liechtenstein; Luxembourg; Netherlands; Norway; Poland; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update

To date in 2021 the EAST Expert Group on All Terminal Fraud (EGAF) has published one related Fraud Alert.

EAST Fraud Update

FRAUD ORIGIN

EAST Fraud Update

EAST Fraud Update

To date in 2021 the EAST Payments Task Force (EPTF) has published one related Payment Alert and EAST EGAF has published one related Fraud Alert.

DUE DILIGENCE

EAST Fraud Update

PHYSICAL ATTACKS

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

EAST EGAP holds 15th Meeting

The 15th Meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Wednesday 3rd March 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Graham Mott of  the LINK Scheme.

The meeting was attended by 54 key representatives from Law Enforcement, Terminal Deployers, ATM Networks and Security Equipment Vendors.

  • Europol gave a central assessment of the ATM physical attack situation in Europe.
  • The ECB gave an update on the latest bank notes in circulation, cash usage statistics, and Intelligent Banknote Neutralisation Systems (IBNS) used in the Euro area.
  • National Threat Assessments were shared by representatives from 17 countries:
CountryUpdate(s) Given By
AustriaCriminal Intelligence Service
BrazilTecBan
FinlandAutomatia / National Bureau of Investigation
FranceGendarmerie - OCLDI
GermanyBKA
GreeceHellenic Police
HungaryNational Bureau of Investigation
IrelandAn Garda Siochana
ItalyMIB
LuxembourgService de Police Judiciare
NetherlandsNational Police
PolandNational Police HQ
PortugalPolicia Judiciare / Policia de Seguranca Publica
RomaniaRomanian Police - CID
SpainGuardia Civil / Autonomous Police of Catalonia
SwitzerlandFederal Office of Police (FEDPOL)
United KingdomSaferCash / West Midlands Police (ROCU)

Experts from the following organisations also particpated in the meeting:  ATM Safe, Barclays, Cennox, Diebold Nixdorf, Feerica S.A., Gunnebo, HSBC, Malta Police Force, NCR, Oberthur Cash Protection, Payment Services Austria (PSA), Petersen-Bach A/S, Professional Witnesses Group,  Spinnaker, Swedish Police, TMD Security.

EAST EGAP is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The Group meets twice each year to enable in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

SIM swapping gang taken down by Police

Ten hackers who stole over $100 million in cryptocurrencies from celebrities and influencers in SIM swapping attacks have been apprehended in an international operation co-ordinated by Europol.

Eight criminals were arrested on 9 February as a result of an international investigation into the series of attacks targeting high-profile victims in the United States. These arrests followed earlier ones in Malta and Belgium of other members belonging to the same criminal network.

The attacks orchestrated by the gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families.  The criminals are believed to have perpetrated the thefts after illegally gaining access to their phones.  The criminals worked together to access the victims’ phone numbers and take control of their apps or accounts by changing the passwords.  This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim.

SIM SWAPPING

SIM swapping fraud was identified as a rising trend in the latest Europol Internet Organised Crime Threat Assessment. Cybercriminals take over the use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.  This is typically achieved by the criminals exploiting phone service providers to do the swap on their behalf, either via a corrupt insider or using social engineering techniques.

SIM swapping

DON’T BE THE NEXT VICTIM

It’s not just celebrities who are under attack.  Anyone with a mobile phone can fall victim to SIM swapping. The above image gives some tips as to how to protect yourself against the threat, and information can also be found on Europol’s dedicated page.

For more advice on how to protect your financial information from such a scam, watch the clip below.

The EAST Payments Task Force (EPTF) focusses on the security of payments and transactions, and SIM swapping falls within its remit.