ATM Logical Attacks

48th EAST Meeting hosted by Europol in The Hague

Posted on

The 48th EAST Meeting (National Members) was hosted by Europol at their Headquarters in The Hague on 5th June 2019. Presentations were made by the European Cybercrime Centre (EC3) and the European Serious Organised Crime Centre (ESOCC).

National country crime updates were provided by 18 countries, and a global update by HSBC. Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF), the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 2-2019 will be produced later this month, based on the national country crime updates provided at the meeting. EAST Fraud Updates are available on the EAST Website to EAST Members.

48th EAST Meeting

2019 EAST FCS Seminars – Programme Announcement

Posted on

EAST FCS

The programme for the 2019 EAST FCS Seminars is now available.

Two concurrent seminars will be held on 9th October 2019:

EAST FCS Terminal Fraud Seminar (organised by the EAST Expert Group on All Terminal Fraud (EGAF)

This interactive event follows the basic structure of EAST EGAF Member meetings.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2019) and a high-level overview of the European situation by Europol.  Then a session will then focus on the terminal fraud situation in four countries/regions, followed by a short discussion.  This will be followed by a practical demonstration of Project Checkcard, aimed at checking the validity of EMV cards, followed by a session topic still tbc.  Attendance at EAST EGAF meetings is limited due to the size of the Group and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

EAST FCS ATM Physical Attacks Seminar (organised by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP)

This interactive event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2019) and recent attack definitions, and a high-level overview of the European situation.  Then a session will focus on the ATM physical attack situation in five countries, which will be followed by a session on banknote infrared recognition.  The event will conclude with a Q&A session on all attack types and counter-measures.  Attendance at EAST EGAP meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

HIGHLIGHTS FROM THE TERMINAL FRAUD SEMINAR

Otto de Jong, of ING Bank and Chair of EAST EGAF, will host the Terminal Fraud Seminar and chair the discussion on Threat Assessments – Europe;

Tobias Wieloch, of Europol’s European Cybercrime Centre (EC3), will provide an overview of terminal fraud in Europe from Europol’s perspective;

Arnt Olav Rottereng, of EVRY ATM Services, will update on the terminal fraud situation in the Nordics;

and Tobias Heckmann, Software Developer at the University of Applied Sciences Bingen, will present and demonstrate Project CheckCard, an investigation tool designed to assist law enforcement to validate whether or not a smart card is genuine.

 

ATM Physical Attacks in Europe on the increase

Posted on

ATM physical attacksEAST has just published a European Payment Terminal Crime Report covering 2018 which reports that ATM physical attacks have risen for the fourth consecutive year.

ATM related physical attacks rose 27% when compared with 2017 (up from 3,584 to 4,549 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were down 3% (down from 1,081 to 1,052 incidents).  Explosive attacks remain a cause for concern as the number of countries reporting them has risen from ten in 2017 to eleven in 2018.  Such attacks result in extensive collateral damage and can pose a risk to life.

Losses due to ATM related physical attacks were €36 million, a 16% increase from the €31 million reported during 2017.  The average cash loss per explosive or gas attack is estimated at €17,103, the average cash loss for a robbery is estimated at €13,682 per incident and the average cash loss for a ram raid or burglary attack is estimated at €13,198.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

EAST Executive Director Lachlan Gunn said, “The success rate for solid explosive attacks is of particular concern – we estimate that the average cash loss per solid explosive attack is €27,065.  Such attacks continue to spread geographically with two countries reporting them for the first time in early 2019.  Our Expert Group on ATM and ATS Physical Attacks (EGAP) is actively monitoring the situation and provides a cross-border platform for the industry and law enforcement to share related intelligence and measures that can be taken to mitigate the risks.”

Payment terminal related fraud attacks fell 36% when compared with 2017 (down from 20,971 to 13,511 incidents).  This fall was mainly driven by a 26% decrease in card skimming incidents (down from 2,556 to 1,883 incidents) and by a 66% fall in transaction reversal fraud incidents (down from 14,098 to 4,843 incidents).

Losses due to payment terminal related fraud attacks fell 30% when compared with 2017 (down from €353 million to €247 million).  Within these totals international skimming losses fell by 27% (down from €280 million to €205 million) and domestic skimming losses were down 44% (from €64 million to €36 million).

A total of 157 ATM malware and logical attacks were reported, down from 192 in 2017, an 18% decrease.  156 of the attacks were logical attacks where equipment typically referred to as a ‘black box’ is used to send dispense commands directly to the ATM cash dispenser in order to cash-out the ATM.  Related losses were down 70%, from €1.52 million to €0.45 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National and Associate)

Europol publishes French language version of new ATM Logical Attack Guidelines

Posted on

ATM LogicalEuropol has just published a French language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF)

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Description des Modes Opératoires)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Réduction du risque d’Attaques Logiques et de Programmes Malveillants visant les DAB, Mise en place de Lignes de Défense)
  3. Identifying and responding  to Logical and Malware Attacks (Identification et réponse aux Attaques Logiques et de Logiciels Malveillants)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

2019 EAST FCS Seminars – Save The Date!

Posted on

The 2019 EAST Financial Crime & Security (FCS) Seminars will be held on Wednesday 9th October 2019, at the Park Plaza, Victoria, London, UK.  Save the date!  Register now to get the Early Bird Registration Rate and save £100 on the Standard Registration Rate! (see current 2019 prices here)

Early Registration deadline – Monday 19th August 2019

Two concurrent seminars will be held:

To view last year’s EAST FCS programme and speakers or to check the venue details please visit our events website: www.east-events.org

These events will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.

FCS Seminars

47th EAST Meeting hosted by SIBS in Lisbon

Posted on

The 47th Meeting of EAST National Members was hosted by SIBS at the SANA Metropolitan Hotel in Lisbon on 6th February 2019. National country crime updates were provided by 21 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).  An update was given by the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 1-2019 will be produced in early March, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

Europol launches new ATM Logical Attack Guidelines at 17th EAST EGAF Meeting

Posted on

ATM Logical AttackEuropol has published new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The document was officially launched at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF), which took place on Wednesday 16th January 2019 at ING Domestic Bank in Amsterdam.  Production of the document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence
  3. Identifying and responding  to Logical and Malware Attacks

The original Guidelines were published in 2015 when law enforcement and the private sector came together to support the banking and payments industry. That report, the first of its kind, provided vendor-neutral guidance on countermeasures to such attacks, as well as a collection of indicators that could be used to detect when an incident may have occurred.  This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Steven Wilson, Head of Business at Europol’s European Cybercrime Centre (EC3), said “This updated and refocused edition of the report draws upon the expertise of an expanded panel of experts from both law enforcement and the private sector. In addition to the key role played by EAST, I would like to extend my thanks to Diebold Nixdorf, GMV, ING, INTERPOL, NCR, TMD Security and Trend Micro for their invaluable work and contributions, without which this report would not be possible.  I continue to look forward to Europol’s engagement and cooperation with all of our partners within private industry and law enforcement in such endeavours, and our continuing fight against threats affecting the payment industry.”

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

17TH EAST EGAF Meeting

The 17th Meeting was chaired by Mr Otto de Jong and was attended by Europol and INTERPOL as well as by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors and Forensic Analysts.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.  The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 204 EAST Fraud Alerts have been issued, 3 to date in 2019.

EAST EGAF meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 9th October 2019.  Registration for this is now open and more information can be found on the EAST Events website.

EAST FCS Terminal Fraud Seminar 2018

Posted on

terminal fraudAn EAST FCS Terminal Fraud Seminar was held on 10th October 2018 in London, co-located with RBRs ATM & Cyber Security 2018 Conference. The interactive and successful event focused on two key outputs of the EAST Expert Group on All Terminal Fraud (EGAF):

  • Guidelines regarding logical attacks on ATMs
  • Standardised fraud definitions

An introduction to EGAF by the Chair, Otto de Jong, was followed by a presentation by EAST’s Executive Director Lachlan Gunn, covering the latest EAST fraud statistics from the H1 2018 European Payment Terminal Crime Report. This highlighted that losses due to card fraud at payment terminals have fallen to the lowest level since 2005. Total losses of €107 million were reported and the decrease is primarily due to a fall in losses due to card skimming (down from €118 million to €104 million). Overall payment terminal related fraud incidents were down 43% (from 11,934 to 6,790). Within this total card skimming incidents were down 19% (from 1,221 to 985) and well below the peak of 5,743 incidents reported during the same period in 2010.

Juan Jesus Leon Cobos of GMV then covered the evolution of ‘Cash-out’/jackpotting attacks, sharing the latest trends from Latin America.  This was followed by a presentation from Tobias-Christian Wieloch of the European Cybercrime Centre (EC3) at Europol which focused on Europol’s published ‘Guidance & Recommendations regarding Logical & Malware Attacks on ATMs’, and an update to it that will soon be available.

Nick Webber, an independent forensic expert, then shared insights into card shimming and ‘wedge’ attacks, with a particular focus on the UK experience.

The final presentation came from Ben Birtwistle of the Royal Bank of Scotland and Claire Shufflebotham of TMD Security, who jointly covered the existing fraud definitions published by EAST, and steps being taken to update and simplify the definitions using graphics, as well as the addition of criminal benefits for each fraud type.  Otto de Jong then summarised the event and what would be taken forward for future discusson.

Attendance to the regular EAST EGAF work group meetings is limited and this event enabled active participation and input from a much wider pool of expertise.  Due to the positive response received from delegates, this Terminal Fraud Seminar is expected to be repeated in 2019.

More information on the event, which was sponsored by NCR, can be found on the EAST Events Website

.

2018 EAST FCS Terminal Fraud Seminar Sponsor

 

 

46th EAST Meeting hosted by LINK in London

Posted on

EASTThe 46th Meeting of EAST National Members was hosted by the LINK scheme in London on 9th October 2018. National country crime updates were provided by 18 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Europol gave a presentation which included information on the latest Internet Organised Crime Threat Assessment (IOCTA) 2018.

Presentations were also given by the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).  An update was given by the EAST Payments Task Force (EPTF).

EAST Fraud Update 3-2018 will be produced later this month, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

Card fraud losses fall to 13 year low

Posted on

EAST has just published a European Payment Terminal Crime Report covering the first six months of 2018 which reports that losses due to card fraud at payment terminals have fallen to the lowest level since 2005.

Total losses of €107 million were reported and the decrease is primarily due to a fall in losses due to card skimming (down from €118 million to €104 million). Overall payment terminal related fraud incidents were down 43% (from 11,934 to 6,790). Within this total card skimming incidents were down 19% (from 1,221 to 985) and well below the peak of 5,743 incidents reported during the same period in 2010.

EAST Executive Director Lachlan Gunn said, “The significant drop in card skimming incidents and losses reflects the continued effectiveness of EMV, as well as the work that has been put in by payment terminal deployers and card issuers with regard to counter-measures such as geo-blocking, fraud monitoring capabilities and fraud detection. Europe led the way with EMV, which is now a global standard, and all stakeholders in the payment card industry are benefitting from the increased security.”

Logical attacks against ATMs were down 46% (from 114 to 61) and all the reported ‘jackpotting’ attacks were ‘black box’ attacks.  Related losses were down 83% (from €1.51 million to €0.25 million) reflecting the fact that many of these attacks are unsuccessful.

ATM related physical attacks were up 21% (from 1,696 to 2,046 incidents).  Attacks due to ram raids and ATM burglary were up 26% (from 470 to 590 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 2% (from 481 to 490 incidents).  Losses due to ATM related physical attacks were €15.1 million, a 24% increase from the €12.2 million reported during the same period in 2017.

The average cash loss per explosive or gas attack is estimated at €14,748, the average cash loss for a robbery is €14,613 per incident and the average cash loss for a ram raid or burglary attack is €12,275.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below.

card fraud

The full Crime Report is available to EAST Members (National and Associate)