Cryptocurrency criminals arrested in joint Police operation

The UK’s South West Regional Cyber Crime Unit (SW RCCU) in a joint operation with the Dutch police (Politie), Europol, Eurojust and the UK’s National Crime Agency (NCA) has arrested 6 individuals after a 14-month long investigation into a €24 million cryptocurrency theft.  The five men and one woman were arrested in simultaneous warrants on 25th June 2019, at their homes in the UK and the Netherlands.

The theft, which targeted users’ Bitcoin tokens, is believed to have affected at least 4,000 victims in 12 countries, with the numbers continuing to grow.

The investigation relates to typosquatting, where a well-known online cryptocurrency exchange was ‘spoofed’ – or recreated to imitate the genuine site – to gain access to victims’ Bitcoin wallets, stealing their funds and login details.

This case was referred to the European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol, after the British authorities identified possible suspects living in the Netherlands.  Operational support delivered by EC3 since February 2018 allowed the J-CAT to coordinate the international cooperation between the different EU Member States involved.

In addition, operational meetings were organised at Europol’s headquarters between the British and Dutch authorities, allowing for the smooth exchange of intelligence and evidence which led to these successful arrests.  A coordination meeting was also held at Eurojust to prepare for the action day.

Cryptocurrency crime is one of the issues focused on by the EAST Payments Task Force (EPTF).

EAST FCS Seminars – Sponsorship Announcement

EAST is delighted to announce that sponsorship opportunities are available for the upcoming EAST Financial Crime and Security (FCS) Seminars, which will take place at the Park Plaza, Victoria, London on Wednesday 9 October 2019.  A limited number of sponsorship opportunities are still available for each Seminar. For further details, visit our events website or click on the button below.

FCS Seminars

The EAST FCS Seminars are user-driven events aimed at professionals involved with identifying, preventing and detecting security risks and crime relating to ATMs and other self-service terminals, from a wide range of organisations including banks and police forces. Details of past FCS events can be seen on the Events page of this website.

FCS Seminars

The Financial Crime and Security Seminars will comprise two dedicated tracks:

Terminal Fraud Seminar (organised by the EAST Expert Group on All Terminal Fraud – EGAF)

ATM Physical Attacks Seminar (organised by the EAST Expert Group on ATM & ATS Physical Attacks – EGAP)

FCS Seminars


 

2019 EAST FCS ATM Physical Attack Seminar Sponsor

 


Co-location with RBR’s ATM & Cyber Security 2019

ATM & Cyber Security 2019 runs from 08:00 on 8th October to 14:00 on 9th October 2019, while the EAST Terminal Fraud and ATM Physical Attacks seminars run from 14:00 to 17:30 on 9th October 2019.

Please note: The RBR conference is a separate event and requires separate registration – see the RBR website for details and online booking.

EAST participates in Europol’s AG-Financial Services

EAST Development Director Rui Carvalho participated in and presented at a meeting of Europol’s Advisory Group on Financial Services (AG-Financial Services) on 20th June 2019.  The meeting was held at Europol’s HQ in The Hague.  The AG-Financial Services advises the Programme Board of the European Cybercrime Centre (EC3) at Europol. Its purpose is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services

Rui Carvalho is also Chair of the EAST Payments Task Force (EPTF) which has great synergy with AG- Financial Services in that its remit, as a public-private sector expert working group, covers the impact of cybercrime on financial services.  Going forwards he will share updates from the EPTF at future meetings of the AG-Financial Services.

 

Susanne Kreuzer retires from EAST

Susanne Kreuzer retired from EAST on 18th June 2019.  Susanne is one of the founder members of EAST and attended her first EAST meeting in 2004, representing Germany, a role she has held since.  When EAST created its own legal identity in 2007, Susanne joined the Board as a non-Executive Director.  She is also a founder member of the EAST Payments Task Force (EPTF), which was formally launched in 2016, and has been instrumental in helping to forge its direction and remit.

EAST Executive Director Lachlan Gunn said:  “When Susanne joined EAST in 2004 she came as a well-respected professional with a strong background in the prevention of financial crime.  Over the years she has done a fantastic job in gathering and collating information and data from the German market, that has been of great benefit to Law Enforcement and the industry.  She is one of a dwindling group of EAST founder members still active in the group, and without her energy, enthusiasm, commitment and support, EAST would not have grown to be what it is today.  On behalf on the EAST Executive Team, the EAST Board, and of all our members, I wish her a happy, fulfilling and well-earned retirement.”

Germany is represented at EAST by EURO Kartensysteme GmbH and Susanne’s role as EAST National Member representative will be taken over by Margit Schneider, who has also been connected with EAST for many years.

The 48th EAST Meeting was held at Europol in The Hague on 5th June 2019.  At this meeting Susanne Kreuzer was presented with a memento of EAST by Lachlan Gunn.  Otto de Jong, also a founder member of EAST and Chair of the EAST Expert on All Terminal Fraud (EGAF), then thanked her on behalf of all present, for her significant contribution to EAST, to law enforcement and to the industry, during a career in financial crime prevention that has spanned over 30 years.

Physical ATM Attack Prevention

On 22/23 January 2019 EAST presented at and participated in the EUCPN / Europol Conference on Prevention of ATM Physical Attacks.  A direct output from the event is a recommendation paper on how to prevent such attacks, based on discussions held at the conference. This paper can be downloaded here.  The paper covers:

  • Preventing Physical ATM AttacksFACTORS DETERMINING THE SUCCESS OF
    A PHYSICAL ATM ATTACK
  1. Vulnerability of ATMs
  2. Set- up of an ATM attack
  3. The experience and know- how of the perpetrators
  • NEED FOR A PREVENTIVE APPROACH
  • PREVENTION
  1. Assess the situation
  2. Develop a preventive approach
  3. Implement preventive measures
  4. Reduce the rewards
  5. Increase the risk
  6. Increase the effort
  7. Parallel measures
  • CONCLUSIONS

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) focuses on preventing such attacks and provides a secure platform where experts from Law Enforcement and the Industry come together to discuss the above.  On 9th October 2019 EAST EGAP will be holding an open FCS Seminar on ATM Physical Attacks for which registration is now open.  This will include an interactive discussion session on ‘Physical Attack Types and Counter-Measures

48th EAST Meeting hosted by Europol in The Hague

The 48th EAST Meeting (National Members) was hosted by Europol at their Headquarters in The Hague on 5th June 2019. Presentations were made by the European Cybercrime Centre (EC3) and the European Serious Organised Crime Centre (ESOCC).

National country crime updates were provided by 18 countries, and a global update by HSBC. Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF), the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 2-2019 will be produced later this month, based on the national country crime updates provided at the meeting. EAST Fraud Updates are available on the EAST Website to EAST Members.

48th EAST Meeting

2019 EAST FCS Seminars – ATM Physical Attacks

Act now to save your place for the ATM Physical Attacks Seminar that will be held by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) on 9th October 2019.

HIGHLIGHTS FROM THE ATM PHYSICAL ATTACKS SEMINAR

  • ATM Physical AttacksGraham Mott of the LINK Scheme, and Chair of EAST EGAP, will host the ATM Physical Attacks Seminar and run the Town Hall Q & A Session on Physical Attack Types and Counter-Measures;
  • EAST Development Director Rui Carvalho will present the latest Physical Attack Statistics, and will share the current Physical Attack Definitions published by EGAP;
  • and Daniel Zorzo López of the Guardia Civil will provide an assessment of the current attack situation in Spain.

This interactive event follows the basic structure of EAST EGAP Member meetings.  Attendance at EAST EGAP meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

ATM Physical Attacks

The EAST FCS Seminars will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.


2019 EAST FCS ATM Physical Attack Seminar Sponsor

Additional sponsorship opportunities are still available

EAST Presents at first P3 CyberFraud Training

EAST Development Director Rui Carvalho participated at the first P3 CyberFraud training on 8th May 2019. The event, which was organised by the European Cyber Crime and Fraud Investigators (ECCFI), ran from 7-9 May 2019 and took place in Fleming’s Conference Hotel in Vienna. It was the first training session of the P3 Cyberfraud Project, which is funded by the ‘European Union Internal Security Fund – Police’.

The majority of the participants were from Law Enforcement Agencies and there was representation from some key private organisations. There were 71 registered participants from 24 countries. Rui Carvalho was actively involved in the discussion and gave a presentation from the EAST perspective entitled “Stats and Trends on Terminal and Payment Fraud”.

ECCFI is a registered, non-profit association. In addition to supporting the P3 Cyberfraud Project, the purpose of ECCFI is to promote cyber security in Europe, especially secure payment methods. In addition to cyber security, the purpose is to assure online security by bringing together different authorities as well as the private sector security professionals.

EAST is an Associate Partner of ECCFI and the EAST Payments Task Force (EPTF), chaired by Rui Carvalho, has a specific focus in this area.

2019 EAST FCS Seminars – Programme Announcement

EAST FCS

The programme for the 2019 EAST FCS Seminars is now available.

Two concurrent seminars will be held on 9th October 2019:

EAST FCS Terminal Fraud Seminar (organised by the EAST Expert Group on All Terminal Fraud (EGAF)

This interactive event follows the basic structure of EAST EGAF Member meetings.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2019) and a high-level overview of the European situation by Europol.  Then a session will then focus on the terminal fraud situation in four countries/regions, followed by a short discussion.  This will be followed by a practical demonstration of Project Checkcard, aimed at checking the validity of EMV cards, followed by a session topic still tbc.  Attendance at EAST EGAF meetings is limited due to the size of the Group and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

EAST FCS ATM Physical Attacks Seminar (organised by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP)

This interactive event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2019) and recent attack definitions, and a high-level overview of the European situation.  Then a session will focus on the ATM physical attack situation in five countries, which will be followed by a session on banknote infrared recognition.  The event will conclude with a Q&A session on all attack types and counter-measures.  Attendance at EAST EGAP meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

HIGHLIGHTS FROM THE TERMINAL FRAUD SEMINAR

Otto de Jong, of ING Bank and Chair of EAST EGAF, will host the Terminal Fraud Seminar and chair the discussion on Threat Assessments – Europe;

Tobias Wieloch, of Europol’s European Cybercrime Centre (EC3), will provide an overview of terminal fraud in Europe from Europol’s perspective;

Arnt Olav Rottereng, of EVRY ATM Services, will update on the terminal fraud situation in the Nordics;

and Tobias Heckmann, Software Developer at the University of Applied Sciences Bingen, will present and demonstrate Project CheckCard, an investigation tool designed to assist law enforcement to validate whether or not a smart card is genuine.

 

New EAST Fraud Definitions now available in Russian

EAST Terminal Fraud Definitions are now available in the Russian language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by two EAST National Member organisations – the Ukrainian Interbank Payment Systems Member Association “EMA”  and the MasterCard Members Association (MCMA).

These fraud definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these Terminal Fraud Definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Russian is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Russian language.

The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.