Message from the Executive Director
As 2025 draws to a close, on behalf of the EAST Board, I would like to thank everyone who has contributed to the success and continued development of EAST. It has been another very busy year.
Losses from data relay attacks continue to rise across Europe, and attack types are expanding (both ‘Terminal-to-Terminal’ and ‘Card-to-Terminal’). Data has become a key commodity serving as both a target and a key enabler for cybercriminals. AI is behind an increasing number of attacks. Account Takeover (ATO) fraud and Authorised Push Payment (APP) fraud continue to increase. The trend continues to be a move away from fraud (authorisation/authentication by third party) to coercive scams (authorisation/authentication by the victim). Social engineering continues to be the main issue for most of the countries/regions, linked to overall lack of consumer awareness of the dangers. Increasingly sophisticated social engineering tactics along with the increased usage of AI is making it harder to identify threats. Regarding ATM physical attacks, cases are getting bigger and more extreme attack and getaway methods are being seen. A significant proportion of reported attacks are explosive attacks and criminals are becoming increasingly dangerous and aggressive.
The highlights from the year are as follows:
- Three hybrid Global Congress meetings for Global and National Members were held – on 12th February (hosted by EAST in Edinburgh), 11th June (hosted by Worldline in Utrecht), and 8th October (hosted by Worldline in Milan).
- EAST EGAF, chaired by Christian Beine, held three meetings – on 15th January (virtual meeting), 7th May (hosted by the Dutch Banking Association in Amsterdam), and 17th September (hosted by KAL in Edinburgh).
- The EAST Expert Group on ATM and ATS Physical Attacks (EGAP), chaired by Graham Mott, held two meetings – on 12th March and on 3rd September (both hosted by LINK in The Hague).
- The EAST Expert Group on Payment and Transaction Fraud (EPTF), chaired by Rui Carvalho, held three meetings on 9th April (hosted by EAST in Edinburgh), 1st July (virtual meeting), and 5th November (hosted by SIBS in Lisbon).
- Two European Payment Terminal Crime Reports were released on 14th April (Full Year 2024) and 15th October (Half Year 2025).
- Three Fraud Updates were released on 18th March, 24th July, and 6th November.
- 7 Alerts were issued throughout the year (Fraud Alerts x 3, Payment Alerts x 3, Physical Attack Alerts x 1)
- EAST EGAF released a Security Update on data relay attacks on 12th June.
EAST supported Europol by attending two Joint Advisory Group Meetings on 14th April and 1st October. Rui Carvalho represented EAST and also at Europol’s Cybercrime Conference that followed on 2nd/3rd October. Rui also supported Europol’s Payment Card Fraud training from 22nd to 24th June at the Spanish Police Academy in Avila. He presented a training session on behalf of EAST.
On 29th April EAST supported CEPOL (The European Agency for Law Enforcement Training) by presenting at a training webinar focussed on ATM attacks. I represented EAST.
EAST participated in a meeting of the European Commission’s Payment Systems Market Expert Group (PSMEG) on 13th October. Thomas Von der Gathen represented EAST.
EAST EGAF continued to work with Europol on the issue of ‘Terminal-to-Terminal’ data relay attacks which continue to spread across Europe, while EAST EPTF is now focussing on ‘Card-to-Terminal’ data relay attacks which are also increasing. Both groups are cooperating to produced updated definitions for both types of attack.
And lastly, at the 23rd EAST EPTF Meeting Rui Carvalho (EAST EPTF Chair) said that he was delighted to welcome Bora Kokal as the new Vice-Chair of the group. Bora has been an active EPTF participant for several years and is an acknowledged fraud prevention expert.
Best wishes to you all for a wonderful festive break, for a merry Christmas, and for a happy and prosperous New Year!
Kind regards
Lachlan
