Card skimming losses continue to rise outside Europe

EAST 2015 Crime ReportIn a European ATM Crime Report covering the full year 2015 EAST has reported that skimming losses relating to the usage of stolen European card data outside Europe have risen to the highest level seen since 2008.

There was a 19% increase in ATM related fraud attacks, up from 15,702 to 18,738 in 2015.  This increase was mainly driven by a significant rise in Transaction Reversal Fraud (TRF) attacks (up from 160 to 5,104) and a smaller rise in card trapping attacks (up from 5,298 to 6,352).  4,131 card skimming incidents were reported, down 27% from 5,631 in 2014.

Losses due to ATM related fraud attacks were up 17% when compared with 2014 (up from €280 million to €327million).  This rise was largely driven by a 15% rise in international skimming losses (up from €238 million to €274 million).  The USA and the Asia-Pacific region are where the majority of such losses were reported.  Domestic skimming losses rose 19% over the same period (up from €37 million to €44 million).

EAST Executive Director Lachlan Gunn said, “While regional card blocking, often known as geo-blocking, is effective at minimising international skimming losses when implemented, the continued rise of such losses is of concern to Europe.  EAST is now working closely with Europol to increase awareness among experts in Asia-Pacific and the Americas about all types of non-cash means of payment, including card skimming, ATM malware, internet fraud and eCommerce fraud.  Most recently we supported the Second Strategic Meeting on Payment Card Fraud.  This event, which was organised by Europol’s European Cybercrime Centre (EC3) in Kuala Lumpur on 22-23 March 2016, provided the regional law enforcement community with a comprehensive overview of the ATM fraud and its migration to Asia, and the focus is now to establish a cross-regional network to assist international investigations.”

ATM related physical attacks rose by 34% when compared with 2014 (up from 1,980 to 2,657 incidents).  This is partly explained by a 9% increase in reported solid explosive and explosive gas attacks.  673 such attacks were reported, up from 619 in 2014.  Nine countries reported such attacks, four of them countries with more than 40,000 ATMs installed.  The number of reported robberies also increased, up from 60 in 2014 to 838 in 2015.  This rise is partly due to the fact that more countries are now apply to provide such data.

Losses due to ATM related physical attacks rose 81% to €49 million (up from €27 million in 2014).  The average cash loss for ram raids/ATM burglary was €17,830 per incident, and the average cash loss for an explosive or gas attack is €15,602 per incident.  While around 40% of such attacks do not result in cash loss, collateral damage to equipment and buildings can be significant.

In 2014 EAST began to collect statistics for ATM Malware after the first incidents were reported in Western Europe.  15 incidents were reported in 2015, down from 51 in 2014.  These were all ‘cash out’ or ‘jackpotting’ attacks.  Related losses of €743,000 were reported, down from €1.23 million in 2014.

To counter the malware threat, the EAST Expert Group on ATM Fraud (EGAF) worked with the European Cybercrime Centre (EC3) at Europol to create ‘Guidance & recommendations regarding logical attacks on ATMs’, a document published by Europol in June 2015.

 A summary of the report statistics under the main headings is in the table below.

EAST 2015 Crime Report Summary Stats

The full Crime Report is available to EAST Members (National and Associate).

European ATM Fraud Incidents up 15%, driven by low tech crime

EAST ATM Crime Report H1 2015In a European ATM Crime Report covering the first six months of 2015 EAST has reported that ATM fraud incidents were up 15% when compared to the same period in 2014.

ATM related fraud attacks were up from 7,345 in H1 2014 to 8,421 in H1 2015. This rise was mainly driven by an 18% increase in card trapping attacks (up from 2,579 to 3,043 incidents) and a 985% increase in Transaction Reversal Fraud (TRF) attacks (up from 117 to 1,270 incidents). Trapped cards can be used in the EMV environment (if the PIN has also been compromised). 1,986 card skimming incidents were reported, down 18% from 2,425 in H1 2014.

Losses due to ATM related fraud attacks were up 18% when compared with H1 2014 (up from €132 million to €156 million). This rise was largely driven by an 18% rise in international skimming losses (up from €111 million to €131 million). The Asia-Pacific region (particularly Indonesia) and the USA are where the majority of such losses were reported. Domestic skimming losses rose 11% over the same period.

EAST Executive Director Lachlan Gunn said, “International skimming losses have risen for the past four reporting periods and EAST is working closely with Europol to raise awareness of this issue in Asia-Pacific and the Americas.”

ATM related physical attacks rose by 19% when compared with H1 2014 (up from 1,032 to 1,232 incidents).  This is explained by a 1,013% increase in reported robberies, due to the fact that one country has been able to report on this for the first time.  423 such attacks were reported, up from 38 in 2014.

Losses due to ATM related physical attacks rose 100% to €26 million (up from €13 million in 2014), again mainly due to the fact that one country has reported losses due to robbery for the first time. Losses due to robbery rose from €0.4 million to €10.5 million. The average cash loss for robberies was €24,799 per incident, for ram raids/ATM burglary €22,604 per incident, and for explosive attacks €19,737.

In H1 2015 5 ATM malware incidents were reported (‘cash out’ or ‘jackpotting’ attacks), with related losses of €0.14 million. To counter the malware threat, the EAST Expert Group on ATM Fraud (EGAF) worked with Europol to create ‘Guidance & recommendations regarding logical attacks on ATMs’, a document published by Europol in June 2015.

A summary of the report statistics under the main headings is in the table below.

EAST H1 2015 Crime Report Summary Stats

The full Crime Report is available to EAST Members (National and Associate) and Subscribers.

EAST Presents at Wincor Nixdorf Security & Fraud Roadshow in Istanbul, Turkey

EAST Wincor TurkeyÚna Dillon, EAST Development Director, presented at the Wincor Nixdorf Security & Fraud Roadshow which was held in Istanbul, Turkey on Thursday 1st October 2015.  Wincor Nixdorf is an Associate Member of EAST. The company invited EAST to participate in the forum which combined close to one hundred of the ATM vendor’s existing and potential customers.

The session focused on ATM fraud trends in Turkey and some of the solutions available to ATM deployers. Karan Oberio from Wincor Nixdorf provided a global overview of ATM security issues and showed the company’s layered approach to delivering a secure customer experience. Aycan Aydogan of BKM (and incoming National Member of EAST, representing Turkey) gave specific and comprehensive figures for the Turkey region from 2003 to date.

There were break-out sessions also, where attendees were provided with demonstrations of all the security tools available from Wincor Nixdorf and their partners.

The event was hosted by Murat Karagozoglu of Wincor Nixdorf (pictured with Úna Dillon) and Master of Ceremonies was financial technology journalist Fatih Sari. EAST provided a video interview with Fatih for Tech Inside, the online financial magazine for the industry in Turkey, outlining what EAST is all about and the benefits to Turkey of becoming a member. Quite a few of the attendees showed an interest in joining EAST as Associate Members, realising the benefits as outlined during the event.

EAST updates Guidelines for recovering fraud devices at an ATM fraud crime scene

Recovering Fraud Devices at an ATM Fraud Crime SceneThe European ATM Security Team (EAST) has published an updated version of its document ‘General Advice for Industry and Law Enforcement – Recovering Fraud Devices at an ATM Fraud Crime Scene’

The updated version includes a section giving guidance to Law Enforcement on handling seized Camera Units at ATMs.  Camera units are a vital source of both evidence and intelligence in skimming cases and it is important that as much evidence as possible is preserved from a seized Camera Unit.

You can see footage from a seized camera unit in the video clip below (If the streamed video does not appear in your browser click here to download it – 13Mb).

These Guidelines, which have been put together by members of the EAST Expert Group on ATM Fraud (EGAF), were first published in November 2014. They are available for download on the EAST Intranet to EAST members (National and Associate). EAST Associate Membership is free for Law Enforcement Officers.

“Project Sandpiper”, an EU Project to fight Payment Card Fraud, will be presented at EAST FCS 2015

DCPCU LogoA Case Study on “Project Sandpiper” will be presented at the EAST Financial Crime and Security Forum (EAST FCS 2015). The successful project, an exercise in Private Sector & Law Enforcement cooperation, was initiated by UK authorities and headed by the Dedicated Card and Payment Crime Unit (DCPCU).

The DCPCU is a special police unit comprising police officers appointed from the City of London Police and Metropolitan Police Services who operate together with industry fraud investigators. The DCPCU secured European Commission funding in 2013 in order to finance the project specifically focused on tackling Romanian criminality affecting the UK payment industry at the time.

The project involved connecting the DCPCU with the UK payments industry as well as law enforcement officers in Romania, involved in tackling the country’s organised crime gangs.

The Case Study, which will be jointly presented by Ben Birtwistle from the Royal Bank of Scotland (RBS) and Russell Chinn from the DCPCU, will  explain how to effectively coordinate efforts to combat card fraud and ATM fraud through cooperation and information sharing.

Speaker Spotlight

Ben Birtwistle RBSBen Birtwistle is Manager – Customer Outcomes & Fraud – ATM Operations, at RBS Group. He heads the Customer Outcomes & Fraud unit in RBS ATM Operations, overseeing all deliverables designed to ensure customers are served correctly and securely at any RBS, NatWest, Ulster Bank or Tesco Bank ATM. Previous roles include Manager ATM Fraud Control, Intelligence & Co-Ordination Analyst and Customer Contact Training Manager. Ben started in the bank in 2003 after completing a Fine Arts degree and taking time out to travel.

Book soon to ensure you don’t miss your opportunity to attend the event. Places are limited and registration priority will be given to EAST Members, National and Associate.

European ATM Related Fraud Incidents fall 26%, although Skimming Losses rise

EAST ATM Crime Report 2014In a European ATM Crime Report covering the full year 2014 EAST has reported that ATM related fraud incidents fell 26% when compared to 2013, although related losses were up 13%.

EAST reported a 26% decrease in ATM related fraud attacks, down from 21,346 in 2013 to 15,702 in 2014. This fall was mainly driven by a 95% reduction in Transaction Reversal Fraud (TRF) attacks and a 31% reduction in cash trapping attacks. 5,631 card skimming incidents were reported, down 3% from 5,822 in 2013. Card trapping incidents fell 2% over the same period (down from 5,394 to 5,298). Trapped cards can be used in the EMV environment (if the PIN has also been compromised).

Losses due to ATM related fraud attacks were up 13% when compared with 2013 (up from €248 million to €280 million). This rise was largely driven by an 18% rise in international skimming losses (up from €201 million to €238 million). The USA and the Asia-Pacific region are where the majority of such losses were reported. Domestic skimming losses fell 9% over the same period.

EAST Executive Director Lachlan Gunn said, “The rise in international skimming losses is not being seen in European countries where regional card blocking, often known as geo-blocking, has been widely implemented. Keeping an active magnetic stripe on a European EMV card continues to make that card vulnerable to card skimming and geo-blocking significantly reduces the risk of successful compromise.”

ATM related physical attacks fell 6% when compared with 2013 (down from 2,102 to 1,980 incidents). This is partly explained by an 11% decrease in reported solid explosive and explosive gas attacks. 619 such attacks were reported, down from 696 in 2013. Nine countries reported such attacks, five of them countries with more than 40,000 ATMs installed.

Losses due to ATM related physical attacks rose 17% to €27 million (up from €23 million in 2013). The average cash loss for ram raids/ATM burglary was €25,640 per incident, up from €11,393 in 2013. While around 40% of such attacks do not result in cash loss, collateral damage to equipment and buildings can be significant.

In 2014 EAST began to collect statistics for ATM Malware after the first incidents were reported in Western Europe. These were ‘cash out’ or ‘jackpotting’ attacks. In 2014 51 such incidents were reported, with related losses of €1.23 million.

A summary of the report statistics under the main headings is in the table below.

2014 Summary Results Table

The full Crime Report is available to EAST Members (National and Associate) and Subscribers.

VIEWPOINT: ATM Fraud

ATM Security2In an EAST website research poll that ran from September to December 2014 respondents were asked the question ‘What do you feel is the biggest fraud risk to the ATM channel over the next few years?’

52% chose malware, 37% voted for card skimming, 4% for cash trapping, 3% for card trapping and 3% for social engineering.

EAST Poll Sep to Dec 14

Malware is an emerging fraud trend for the ATM channel. EAST has been reporting European ATM fraud statistics since 2004. Over the past decade we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced. Most recently we have seen a shift from hi-tech skimming to lo-tech card and cash trapping. Our next European ATM Crime report, covering the full year 2014, is scheduled for publication in April 2015.

You can see some of our ATM Fraud definitions on this website. We define ATM Malware as either ‘cash out/jackpotting’ or ‘card and Pin compromise’ and a definition for social engineering is ‘the clever manipulation of the human tendency to trust’.

The current website research poll is on cardholder awareness and asks the question – ‘How often do you see fraud warnings and fraud prevention messages displayed on ATMs in your country?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.