47th EAST Meeting hosted by SIBS in Lisbon

The 47th Meeting of EAST National Members was hosted by SIBS at the SANA Metropolitan Hotel in Lisbon on 6th February 2019. National country crime updates were provided by 21 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).  An update was given by the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 1-2019 will be produced in early March, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

ATM Black Box Attacks continue to rise

ATM black box attacksEAST has just published a European Payment Terminal Crime Report covering the first six months of 2017 which reports that ATM black box attacks took place in eleven countries.

A total of 114 such attacks were reported, up from 28 during the same period in 2016, a 307% increase.  ‘Black Box’ is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser in order to ‘cash-out’ the ATM.  Related losses were up 268%, from €0.41 million to €1.51 million.  EAST Executive Director Lachlan Gunn said, “This sees the continuation of a trend that we first reported in April of this year when we published full year statistics for 2016.  Our Expert Group on All Terminal Fraud (EGAF) is actively monitoring all logical threats against payment terminals and against the wider banking infrastructure.”

Overall payment terminal related fraud attacks rose 10% when compared with H1 2016 (up from 10,820 to 11,934 incidents).  This rise was mainly driven by an 88% increase in transaction reversal fraud (up from 4,840 to 9,081 incidents).  The downward trend for card skimming continues with 1,221 card skimming incidents reported, down 22% from 1,573 in H1 2016.  This is the lowest number of skimming incidents reported since EAST first began gathering data in 2004.

Losses due to payment terminal related fraud attacks were down 29% when compared with the same period in 2016 (down from €174 million to €124 million).  Within these totals international skimming losses fell 32% (down from €142 million to €96 million) and Domestic skimming losses fell 15% (down from €26 million to €22 million).

ATM related physical attacks rose 6% when compared with H1 2016 (up from 1,604 to 1,696 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were down 2% (down from 492 to 481 incidents).  Losses due to ATM related physical attacks were €12.2 million, a 55% drop from the €27 million reported during the same period in 2016.  Part of this decrease is due to the fact that one major ATM deploying country that used to report this data is currently unable to do so.

The average cash loss per explosive or gas attack is estimated at €14,575, the average cash loss for a robbery is €10,357 per incident and the average cash loss for a ram raid or burglary attack is €9,761.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below.

ATM Black Box Attacks

The full Crime Report is available to EAST Members (National and Associate)

The Evolution of ATM Explosive Attacks (Gas and Solid Explosive)

ATM Explosive attacksExplosive attacks on ATMs are a rising problem in Europe and in many other parts of the world.  In a report covering the first six months of 2016 EAST reported a total of 492 explosive attacks in Europe, a rise of 80 percent compared to the same period in 2015.  Such attacks do not just present a financial risk due to stolen cash, but also are the cause of significant collateral damage to equipment and buildings.  Of most concern is the fact that lives can also be put in danger, particularly by the usage of solid explosives.  Over the past few years the Netherlands has been particularly hard hit by such attacks.

At the upcoming EAST Financial Crime & Security Forum (EAST FCS 2017) Job Galesloot, Security Officer ING Domestic Banking, will share the Dutch experience and also how neighbouring countries have been impacted.

About Job Galesloot

Job is a specialist in physical crimes against ING Bank branches. His main concerns are explosive gas attacks on ATMs, physical attacks on the bank’s branches and physical or verbal aggression against branch staff.  Since 2015 he is the Physical Security Officer for ING Domestic Banking. Responsible for threat analysis, trend monitoring and development of countermeasures. In 2016 Job chaired the Dutch Banking Association Expert Pool IBNS which tested several IBNS systems. IBNS stands for Intelligent Banknote Neutralisation Systems.

Who Is Attending?

Over 150 delegates will attend from ATM networks, banks, law enforcement, vendors, and EAST national and associate members.

Book soon to ensure you don’t miss this great opportunity to attend what has been described as an “excellent event for helping to make a difference in the area of financial crime prevention”.

There are some sponsor and exhibitor slots still available so, if you are in the business of ATM crime prevention and wish to take a space alongside a key audience, see our Sponsorship Brochure for details.

ATM Explosive Attacks surge in Europe

european-atm-crime-report-h1-2016In a European ATM Crime Report covering the first six months of 2016 EAST has reported that ATM explosive attacks were up 80% when compared to the same period in 2015.

A total of 492 explosive attacks were reported, up from 273 during the same period in 2015.  While the majority were explosive gas attacks, 110 were solid explosive attacks.  EAST Executive Director Lachlan Gunn said, “This rise in explosive attacks is of great concern to the industry in Europe as such attacks create a significant amount of collateral damage to equipment and buildings as well as a risk to life.  The EAST Expert Group on Physical Attacks (EGAP) is working to analyse the attacks and to share intelligence best practice information across the industry and law enforcement that can help to mitigate the threat.”

Overall ATM related physical attacks rose 30% when compared with H1 2015 (up from 1,232 to 1,604 incidents).  Losses due to ATM related physical attacks rose 3% to €27 million (up from €26.3 million in 2015).  The average cash loss for a ram raid or burglary attack is estimated at €17,327, the average cash loss per explosive attack is €16,631 and the average cash loss for a robbery is €20,017.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

EAST also reported a 28% increase in ATM related fraud attacks, up from 8,421 in H1 2015 to 10,820 in H1 2016.  This rise was mainly driven by a 281% increase in Transaction Reversal Fraud (up from 1,270 to 4,840 incidents).  The downward trend for card skimming continues with 1,573 card skimming incidents reported, down 21% from 1,986 in H1 2015.

Losses due to ATM related fraud attacks were up 12% when compared with H1 2015 (up from €156 million to €174 million).  This rise was largely driven by an 8% rise in international skimming losses (up from €131 million to €142 million).  The Asia-Pacific region (particularly Indonesia) and the USA are where the majority of such losses were reported.  Domestic skimming losses rose 24% over the same period.

The number of ATM logical attacks reported continues to rise.  28 incidents were reported (all ‘cash out’ or ‘jackpotting’ attacks), up from just 5 during the same period in 2015.  Related losses were €0.4 million.

A summary of the report statistics under the main headings is in the table below:

h1-2016-crime-report-summary-stats

The full Crime Report is available to EAST Members (National and Associate).

EAST Publishes European Fraud Update 3-2015

EAST - EUROPEAN FRAUD UPDATE 3 - 2015EAST has just published its third European Fraud Update for 2015. This is based on country crime updates given by representatives of 17 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 37th EAST meeting held in London on 7th October 2015.

Card skimming at ATMs was reported by seventeen countries. One country reported the successful usage of a stereo-skimming device, the first time that this has been reported. Another country reported an unsuccessful attack using an ATM shimming device.

The trend of losses due to skimming occurring outside of EMV* Chip liability shift areas continues. International losses were reported in 53 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. The top three locations where such losses were reported were the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by nine countries and one country reported such attacks at payment terminals linked to docking stations for the hire of bicycles.

Eleven countries reported cash trapping attacks and six countries card trapping incidents.

ATM malware and logical security attacks were reported by two countries – one of them reporting malware used for ‘cash-out’ attacks and the other black-box attacks used for the same purpose.

Ram raids and ATM burglary were reported by seven countries and seven countries also reported explosive gas attacks. In one country the average duration of an ATM explosive gas attack is 3-5 minutes.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.

EAST Publishes European Fraud Update 2-2015

EAST - EUROPEAN FRAUD UPDATE 2 - 2015EAST has just published its second European Fraud Update for 2015. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 2 non-SEPA countries, at the 36th EAST meeting held at Europol in the Hague on 10th June 2015.

Card skimming at ATMs was reported by 17 countries, with decreases reported by 7 countries and increases by two. Six countries reported card data compromise through wire-tapping or ‘Eavesdropping’ – the criminals cut a hole in the fascia near to the card reader, insert a device which is connected internally to the card reader and then cover the hole with a fake decal.

Skimming attacks on other terminal types were reported by 8 countries and overall the number of attacks appears to be decreasing.

Fourteen countries reported cash trapping attacks and 7 countries incidents of transaction reversal fraud (TRF).

ATM malware incidents were reported by four countries. These were ATM ‘cash out’ or ‘jackpotting’ attacks. Two of the countries reported such attacks for the first time. To help counter this threat Europol has recently published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.

Ram raids and ATM burglary were reported by 9 countries, with one of them reporting increases in this type of attack and another a new method for accessing the ATM from below. Eleven countries reported explosive gas attacks, and two of them also reported attacks on ATMs using solid explosives.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.

European ATM Related Fraud Incidents fall 26%, although Skimming Losses rise

EAST ATM Crime Report 2014In a European ATM Crime Report covering the full year 2014 EAST has reported that ATM related fraud incidents fell 26% when compared to 2013, although related losses were up 13%.

EAST reported a 26% decrease in ATM related fraud attacks, down from 21,346 in 2013 to 15,702 in 2014. This fall was mainly driven by a 95% reduction in Transaction Reversal Fraud (TRF) attacks and a 31% reduction in cash trapping attacks. 5,631 card skimming incidents were reported, down 3% from 5,822 in 2013. Card trapping incidents fell 2% over the same period (down from 5,394 to 5,298). Trapped cards can be used in the EMV environment (if the PIN has also been compromised).

Losses due to ATM related fraud attacks were up 13% when compared with 2013 (up from €248 million to €280 million). This rise was largely driven by an 18% rise in international skimming losses (up from €201 million to €238 million). The USA and the Asia-Pacific region are where the majority of such losses were reported. Domestic skimming losses fell 9% over the same period.

EAST Executive Director Lachlan Gunn said, “The rise in international skimming losses is not being seen in European countries where regional card blocking, often known as geo-blocking, has been widely implemented. Keeping an active magnetic stripe on a European EMV card continues to make that card vulnerable to card skimming and geo-blocking significantly reduces the risk of successful compromise.”

ATM related physical attacks fell 6% when compared with 2013 (down from 2,102 to 1,980 incidents). This is partly explained by an 11% decrease in reported solid explosive and explosive gas attacks. 619 such attacks were reported, down from 696 in 2013. Nine countries reported such attacks, five of them countries with more than 40,000 ATMs installed.

Losses due to ATM related physical attacks rose 17% to €27 million (up from €23 million in 2013). The average cash loss for ram raids/ATM burglary was €25,640 per incident, up from €11,393 in 2013. While around 40% of such attacks do not result in cash loss, collateral damage to equipment and buildings can be significant.

In 2014 EAST began to collect statistics for ATM Malware after the first incidents were reported in Western Europe. These were ‘cash out’ or ‘jackpotting’ attacks. In 2014 51 such incidents were reported, with related losses of €1.23 million.

A summary of the report statistics under the main headings is in the table below.

2014 Summary Results Table

The full Crime Report is available to EAST Members (National and Associate) and Subscribers.