ATM malware and logical attacks fall in Europe

EAST has just published a European Payment Terminal Crime Report covering the first six months of 2019 which reports that ATM malware and logical attacks continue to trend downwards.

ATM malware and logical attacks against ATMs were down 43% (from 61 to 35) and all bar one of the reported ‘jackpotting’ attacks are believed to have been unsuccessful. Malware was used for 3 of the attack attempts and the remainder were ‘black box’ attacks. Related losses were down 100% (from €0.25 million to €0.00 million), although a small loss (less than €1,000) was reported in one case.

EAST Executive Director Lachlan Gunn said, “This fall in logical and malware attacks is very good news and reflects the work that has been put into preventing such attacks by the industry and law enforcement. In January 2019, supported by our Expert Group on All Terminal Fraud (EGAF), Europol updated their ‘Guidance & recommendations regarding logical attacks on ATMs’, which was first published in 2015. These Guidelines, which have been widely shared with ATM deployers and law enforcement agencies, reinforce the recommendations made by the ATM vendors.”

Terminal related fraud attacks were up 59% (from 6,760 to 10,723 incidents). This increase was primarily due to an increase in transaction reversal fraud attacks (up from 2,292 to 5,649 incidents), while card skimming incidents fell to an all time low (down from 985 to 731 incidents). This downward trend reflects the success of EMV and that measures to counter skimming at terminals, along with geo-blocking, are working well in Europe.

Total losses of €124 million were reported, up 16% from the €107 million reported during the same period in 2018. This increase is primarily due to a rise in international losses due to card skimming (up from €87 million to €100 million), which indicates that EMV implementation is not yet complete globally with resultant risks for European cardholders. Losses due to transaction reversal fraud were up 135% (from €1.36 million to €3.2 million).

ATM related physical attacks were up 16% (from 2,046 to 2,376 incidents). Attacks due to ram raids and ATM burglary were up 3% (from 590 to 610 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 3% (from 490 to 503 incidents). Losses due to ATM related physical attacks were €11.4 million, a 25% decrease from the €15.1 million reported during the same period in 2018.

The average cash loss for a robbery is estimated at €15,140 per incident, the average cash loss per explosive or gas attack is €10,161 and the average cash loss for a ram raid or burglary attack is €9,632. These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National and Associate)

EAST EGAF holds 19th Meeting in Amsterdam

EAST EGAFThe Nineteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 18th September 2019 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 219 EAST Fraud Alerts have been issued, 18 to date in 2019.

EAST EGAF meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 9th October 2019.  Registration for this is still open and more information can be found on the EAST Events website.

Terminal Fraud Update – EAST FCS Seminars 2019

Terminal Fraud

Act now to save your place for the Terminal Fraud Seminar that will be held by the EAST Expert Group on All Terminal Fraud (EGAF) on 9th October 2019.

SESSION FOCUS – LOGICAL SECURITY UPDATE

This session will focus on logical attacks against ATMs. These can be split into two types – black box attacks and malware attacks.

Terminal FraudEAST EGAF Chair, Otto de Jong of ING Bank, will first present on black box attacks. These are a type of jackpotting attack. The criminals connect an unauthorised device (or black box) which sends dispense commands directly to the ATM cash dispenser in order to ‘Cash-Out’ the ATM. He will cover the latest developments for this type of attack methodology.

Terminal FraudThen Terence Devereux of Diebold Nixdorf will present an update on malware attacks. For these attacks the criminals use unauthorised software, or authorised software run in an unauthorised manner, on the ATM’s PC. These attacks are focussed on either jackpotting (most common), or card skimming, as follows:

  • Jackpotting: Targets control of the cash dispense function in order to ‘cash-out’ the ATM
  • Man-In-The-Middle (MitM): Targets communication between the ATM’s PC and the acquirer host system in order to falsify host responses and dispense cash without debiting the criminal’s account
  • SW-Skimming: Targets card and PIN data in order to create counterfeit cards for subsequent fraudulent transactions

This interactive event follows the basic structure of EAST EGAF Member meetings. Attendance at EAST EGAF meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

Terminal Fraud

The EAST FCS Seminars will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.


2019 EAST FCS ATM Physical Attack Seminar Sponsors

 

 

 

 

Additional sponsorship opportunities are still available

Europol publishes Spanish language version of ATM Logical Attack Guidelines

Logical AttackEuropol has just published a Spanish language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF), and the French version was published in March 2019.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Descripción De Los Ataques Lógicos)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Mitigación De Los Riesgos Y Establecimiento De Líneas De Defensa)
  3. Identifying and responding  to Logical and Malware Attacks (Identificación Y Respuesta Frente A Ataques Lógicos A Cajeros Automáticos)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

48th EAST Meeting hosted by Europol in The Hague

The 48th EAST Meeting (National Members) was hosted by Europol at their Headquarters in The Hague on 5th June 2019. Presentations were made by the European Cybercrime Centre (EC3) and the European Serious Organised Crime Centre (ESOCC).

National country crime updates were provided by 18 countries, and a global update by HSBC. Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF), the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 2-2019 will be produced later this month, based on the national country crime updates provided at the meeting. EAST Fraud Updates are available on the EAST Website to EAST Members.

48th EAST Meeting

2019 EAST FCS Seminars – Programme Announcement

EAST FCS

The programme for the 2019 EAST FCS Seminars is now available.

Two concurrent seminars will be held on 9th October 2019:

EAST FCS Terminal Fraud Seminar (organised by the EAST Expert Group on All Terminal Fraud (EGAF)

This interactive event follows the basic structure of EAST EGAF Member meetings.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2019) and a high-level overview of the European situation by Europol.  Then a session will then focus on the terminal fraud situation in four countries/regions, followed by a short discussion.  This will be followed by a practical demonstration of Project Checkcard, aimed at checking the validity of EMV cards, followed by a session topic still tbc.  Attendance at EAST EGAF meetings is limited due to the size of the Group and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

EAST FCS ATM Physical Attacks Seminar (organised by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP)

This interactive event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2019) and recent attack definitions, and a high-level overview of the European situation.  Then a session will focus on the ATM physical attack situation in five countries, which will be followed by a session on banknote infrared recognition.  The event will conclude with a Q&A session on all attack types and counter-measures.  Attendance at EAST EGAP meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

HIGHLIGHTS FROM THE TERMINAL FRAUD SEMINAR

Otto de Jong, of ING Bank and Chair of EAST EGAF, will host the Terminal Fraud Seminar and chair the discussion on Threat Assessments – Europe;

Tobias Wieloch, of Europol’s European Cybercrime Centre (EC3), will provide an overview of terminal fraud in Europe from Europol’s perspective;

Arnt Olav Rottereng, of EVRY ATM Services, will update on the terminal fraud situation in the Nordics;

and Tobias Heckmann, Software Developer at the University of Applied Sciences Bingen, will present and demonstrate Project CheckCard, an investigation tool designed to assist law enforcement to validate whether or not a smart card is genuine.

 

ATM Physical Attacks in Europe on the increase

ATM physical attacksEAST has just published a European Payment Terminal Crime Report covering 2018 which reports that ATM physical attacks have risen for the fourth consecutive year.

ATM related physical attacks rose 27% when compared with 2017 (up from 3,584 to 4,549 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were down 3% (down from 1,081 to 1,052 incidents).  Explosive attacks remain a cause for concern as the number of countries reporting them has risen from ten in 2017 to eleven in 2018.  Such attacks result in extensive collateral damage and can pose a risk to life.

Losses due to ATM related physical attacks were €36 million, a 16% increase from the €31 million reported during 2017.  The average cash loss per explosive or gas attack is estimated at €17,103, the average cash loss for a robbery is estimated at €13,682 per incident and the average cash loss for a ram raid or burglary attack is estimated at €13,198.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

EAST Executive Director Lachlan Gunn said, “The success rate for solid explosive attacks is of particular concern – we estimate that the average cash loss per solid explosive attack is €27,065.  Such attacks continue to spread geographically with two countries reporting them for the first time in early 2019.  Our Expert Group on ATM and ATS Physical Attacks (EGAP) is actively monitoring the situation and provides a cross-border platform for the industry and law enforcement to share related intelligence and measures that can be taken to mitigate the risks.”

Payment terminal related fraud attacks fell 36% when compared with 2017 (down from 20,971 to 13,511 incidents).  This fall was mainly driven by a 26% decrease in card skimming incidents (down from 2,556 to 1,883 incidents) and by a 66% fall in transaction reversal fraud incidents (down from 14,098 to 4,843 incidents).

Losses due to payment terminal related fraud attacks fell 30% when compared with 2017 (down from €353 million to €247 million).  Within these totals international skimming losses fell by 27% (down from €280 million to €205 million) and domestic skimming losses were down 44% (from €64 million to €36 million).

A total of 157 ATM malware and logical attacks were reported, down from 192 in 2017, an 18% decrease.  156 of the attacks were logical attacks where equipment typically referred to as a ‘black box’ is used to send dispense commands directly to the ATM cash dispenser in order to cash-out the ATM.  Related losses were down 70%, from €1.52 million to €0.45 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National and Associate)

Europol publishes French language version of new ATM Logical Attack Guidelines

ATM LogicalEuropol has just published a French language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF)

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Description des Modes Opératoires)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Réduction du risque d’Attaques Logiques et de Programmes Malveillants visant les DAB, Mise en place de Lignes de Défense)
  3. Identifying and responding  to Logical and Malware Attacks (Identification et réponse aux Attaques Logiques et de Logiciels Malveillants)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

2019 EAST FCS Seminars – Save The Date!

The 2019 EAST Financial Crime & Security (FCS) Seminars will be held on Wednesday 9th October 2019, at the Park Plaza, Victoria, London, UK.  Save the date!  Register now to get the Early Bird Registration Rate and save £100 on the Standard Registration Rate! (see current 2019 prices here)

Early Registration deadline – Monday 19th August 2019

Two concurrent seminars will be held:

To view last year’s EAST FCS programme and speakers or to check the venue details please visit our events website: www.east-events.org

These events will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.

FCS Seminars

47th EAST Meeting hosted by SIBS in Lisbon

The 47th Meeting of EAST National Members was hosted by SIBS at the SANA Metropolitan Hotel in Lisbon on 6th February 2019. National country crime updates were provided by 21 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).  An update was given by the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 1-2019 will be produced in early March, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.