New fraud type adds to surge in European Terminal Fraud attacks

Terminal FraudEAST has just published a European Payment Terminal Crime Report covering H1 2022 which highlights a new type of fraud along with a rise in terminal fraud attacks.

Terminal related fraud attacks were up 81% (from 2,775 to 5,022 incidents). This increase was primarily due to a rise in cash trapping at ATMs, which increased by 284% (from 819 to 2,984 incidents). A new type of man-in-the middle/relay attack was seen, with 501 cases reported. Total fraud losses of €97 million were reported, down 5% from the €102 million reported in H1 2021. Most losses remain international issuer losses due to card skimming, which were €80 million.

EAST Executive Director Lachlan Gunn said, “While an increase in cash trapping at ATMs has led the surge in terminal fraud, the new man-in-the-middle/relay attacks are much more complex and, if successful, can lead to cash out at ATMs.  Our Expert Group on All Terminal Fraud (EGAF) is monitoring and analysing these attacks, with close cooperation between industry partners and law enforcement in the affected countries.”

ATM malware and logical attacks were down 82% (from 33 to 6) and all but one of the reported attacks were black box attacks.  A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM.  Most such attacks remain unsuccessful, and no losses were reported during the period.  On 16 June 2022 Europol, supported by EAST, published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.

ATM related physical attacks were up 7% (from 1,873 to 2,008 incidents), mainly driven by a rise in vandalism. Within this total ATM explosive attacks were up 47% (from 241 to 354 incidents) and attacks due to ram raids and ATM burglary were up 17% (from 234 to 274 incidents).  Losses due to ATM related physical attacks were €5.8 million, an 18% increase from the €4.9 million reported during H1 2021.  38% of these losses were due to explosive attacks, which were down 31% from €3.17 million to €2.19 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

ATM jackpotting attacks fall in Europe

EAST has published a European Payment Terminal Crime Report covering 2021 which highlights a fall in ATM jackpotting attacks.

ATM JackpottingATM malware and logical attacks against ATMs were down 74% (from 202 to 52). All the reported attacks were aimed at ATM jackpotting, either using black box attacks or malware. A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses fell from €1.2 million to €0.7 million).

EAST Executive Director Lachlan Gunn said, “This fall in ATM malware and logical attacks is great news and reflects the hard work that has been put in by the industry and law enforcement to address the issue. Most such attacks remain unsuccessful. A recent trend is a shift from logical black box attacks to malware attacks aimed at ATM jackpotting. When executed similar holes are made in the ATM fascia and so it can be difficult to work out which type of attack took place. Our Expert Group on All Terminal Fraud (EGAF) is focussed on countering such attacks, with close cooperation between industry partners and law enforcement. EGAF is working with Europol right now to update a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’, which has been a key tool in the fight against such attacks.”

Terminal related fraud attacks were down 8% (from 6,523 to 5,969 incidents). All fraud types were down except for cash trapping at ATMs, which increased by 14% (from 1,829 to 2,086 incidents). Total losses of €198 million were reported, down 9% from the €218 million reported in 2020. Most losses remain international issuer losses due to card skimming, which were €166 million.

ATM related physical attacks were up 6% (from 3,722 to 3,947 incidents). Attacks due to ram raids and ATM burglary were down 40% (from 749 to 447 incidents). ATM explosive attacks (including explosive gas and solid explosive attacks) were down 32% (from 923 to 629 incidents). Losses due to ATM related physical attacks were €10 million, a 55% decrease from the €22 million reported during 2020. 64% of these losses were due to explosive attacks, which were down 56% from €14.59 million to €6.35 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST EGAF holds 25th Meeting

The 25th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 19th January 2022.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

The meeting was attended by 28 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

A presentation on ‘Jackpotting with Malware’ was made by Diebold Nixdorf.

Experts from the following organisations also contributed to the meeting:  Bits A/S, BKA, BVK, Cardtronics, Damage Control, Dutch Payments Association, Europol, Gendarmerie Nationale (IRCGN), GMV, Group-IB, INTERPOL, KAL, LINK Scheme, Mastercard, MCMA, NatWest Group, NCR, PSA, Swedish National Anti-Fraud Centre, TietoEVRY, TMD Security, and TrendMicro.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 264 Fraud Alerts have been issued as can be seen in the table below.

EAST

 

ATM Explosive Attacks fall in Europe

EAST has published a European Payment Terminal Crime Report covering the first 6 months of 2021 which shows a significant fall in ATM explosive attacks.

While overall ATM related physical attacks were up 2% (from 1,829 to 1,873 incidents), mainly driven by a rise in vandalism, ATM explosive attacks (including explosive gas and solid explosive attacks) were down 52% (from 505 to 241 incidents).  Attacks due to ram raids and ATM burglary were down 42% (from 405 to 234 incidents).  Losses due to ATM related physical attacks were €4.9 million, a 61% decrease from the €12.6 million reported during the same period in 2020.  35% of these losses were due to explosive attacks, which were down 58% from €7.6 million to €3.2 million.

EAST Executive Director Lachlan Gunn said, “The first 6 months of this year have been influenced by the Covid-19 pandemic, although travel restrictions have eased across Europe. This significant fall in explosive attacks at ATMs is welcome news for all of us, given the destructive nature of such attacks and the resultant risks to life and property. However, the prize remains an attractive option for criminals and the average cash loss per successful solid explosive attack is now estimated at €40,877. To address the issue our EGAP expert group has worked closely with Europol and other Law Enforcement Agencies, and all parties remain vigilant to the threat.”

ATM malware and logical attacks against ATMs were down 74% (from 129 to 33) and all but one of the reported attacks were Black Box attacks. A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses were down 37% from €1.0 to €0.63 million. Most such attacks remain unsuccessful.

Terminal related fraud attacks were down 24% (from 3,631 to 2,775 incidents). Card skimming fell to another all-time low (down from 321 to 279 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 100% (down from 108 to zero incidents). Total losses of €102 million were reported, down 6% from the €109 million reported during the same period in 2020. Most losses remain international issuer losses due to card skimming, which were €86 million.

A summary of the report statistics under the main headings is in the table below.

 

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST EGAF holds 23rd Meeting

The 23rd Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 12th May 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

The meeting was attended by 28 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Presentations were made by EuropolINTERPOL, Swedish Police, Damage Control Mexico, and Diebold Nixdorf.

Experts from the following organisations also contributed to the meeting:  Bits A/S, BVK, Cennox, GMV, Mastercard, NatWest Group, NCR, PSA, KAL, Santander Bank, TietoEVRY, TMD Security, and TrendMicro.

The meeting approved a list of recommended Countermeasures against ATM Malware and Black Box attacks, which will be shown, as applicable, in future EAST Fraud Alerts.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 260 EAST Fraud Alerts have been issued as can be seen in the table below.

EAST presents at the ATEFI Security Committee 2021

EAST Development Director Rui Carvalho presented at the ATEFI Security Committee on 30th April 2021, a virtual event.  The impact of the Covid-19 pandemic has made it more important than ever for the sharing of threat intelligence to strengthen security strategies in Electronic Payments.  The event focussed on both physical and cyber security.  Rui shared key information and statistics from the latest EAST Payment Terminal Crime Report, as well as insights from the 9th Meeting of the EAST Payments Task Force (EPTF) held on 14th April 2021.  He covered:

  • ATM Malware & Logical Attacks
  • Terminal Related Fraud
  • ATM Physical Attacks
  • Payment Fraud (social engineering, ransomware, e-skimming)

The event was attended by public officials, law enforcement agencies, regulatory entities, representatives of international organisations, Managers and Network Security Officials, ATEFI Members from the entire LATAM region and Spain, as well as bank officials, representatives of the Latin American Bank Associations, Credit and Debit Card executives, and specialised media.

ATEFI is the Latin American Association of Operators Electronic Funds Transfer and Information Services and represents 20 ATM networks in 14 countries throughout Latin America.

In May 2016 EAST and ATEFI joined forces in order to further strengthen cross border cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks.

EAST EGAF holds 22nd Meeting

The 22nd Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 20th January 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

The meeting was attended by 29 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Presentations were made by EuropolINTERPOL, BKA, Diebold Nixdorf, Fiducia & GAD, and the MCMA.

Experts from the following organisations also contributed to the meeting:  AXEPTA – BNP Paribas, Bits A/S, BVK, Cardtronics, Cennox,  Damage Control, Dutch Payments Association, Group-IB, GMV, Mastercard, NatWest Group, NCR, PSA, KAL, TietoEVRY, TMD Security, and TrendMicro.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 256 EAST Fraud Alerts have been issued as can be seen in the table below.

EAST EGAF holds 21st Meeting

The 21st Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 16th September 2020.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

The meeting was attended by 28 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud (TRF).

Presentations were made by Europol, INTERPOL, Damage Control, Diebold Nixdorf, Group-IB, KAL, Mastercard and NCR.

Experts from the following organisations also contributed to the meeting:  Bits A/S, Cardtronics, Cennox,  Dutch Payments Association, Fiducia & GAD, GMV, NatWest Group, TietoEVRY, TMD Security, TrendMicro.

An increasing number of TRF incidents are being reported and, to help mitigate the risk, EAST EGAF has produced a general Security Alert about the threat, which was ratified by the meeting.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 247 EAST Fraud Alerts have been issued, 22 to date in 2020. Since 2013 there have been 15 Fraud Alerts issued relating to TRF.

France Breaks Up ATM Jackpotting Network

According to French prosecutors an international network engaged in ATM jackpotting has been broken up by police (Source: AFP/SecurityWeek).

In a statement on Friday 15 May Paris prosecutor Remy Heitz said that two suspects (aged 26 and 31) and already known to the authorities, have been charged and placed in detention.  He said that, between May 10-12, several individuals from the “Russian-speaking community” suspected of belonging to an “international jackpotting organisation” were detained in Colombes outside Paris, Laval in western France and the southern city of Nice, while trying to damage an ATM.  The criminal group worked across Europe to insert malware into ATMs, attacking the machines at night. “A hacker, operating from abroad, would take control of the cash dispensing software,” the statement said.

Nineteen incidents across France have already come to light, with the financial damage estimated at €280,000.

“We have a new wave of ‘jackpotting’ in France,” Francois-Xavier Masson, head of France’s agency for combating crimes in information and communication technologies (OCLCTIC), told AFP, adding that more than 60 incidents have been identified since the end of 2019.  “There was a previous wave in 2018 and then it came to a halt, before resuming at the end of 2019. The way the groups act is changing, the teams are more international. But we are also changing how we act”, he added.

ATM jackpotting has become a recognised problem across the world in recent years.  This is done by either using malware, or by using an unauthorised device (known as a black box), to ‘jackpot’ or  ‘cash-out’ an ATM. Typically all the cash in the machine is illegally ejected in such attacks, and collected by the criminals at the scene.  The EAST Expert Group on All Terminal Fraud (EGAF) focuses on the prevention of malware and black box attacks and, since 2016, has produced 48 malware and black box related Fraud Alerts from 24 countries, which are available to EAST Members.

EAST EGAF has also produced standard definitions for both methods, which can be seen in the below images (for a full list of all Terminal Fraud Definitions and related criminal benefits see the Terminal Fraud Definitions page on this website). 

 

 

Terminal fraud attacks increase in Europe

terminal fraudEAST has just published a European Payment Terminal Crime Report covering 2019 which reports that terminal fraud attacks were up 35%.

Terminal related fraud attacks rose from 13,511 to 18,217 incidents, mainly driven by an 87% increase in ATM transaction reversal fraud attacks (up from 4,843 to 9,054 incidents), while card skimming incidents fell 21% to an all-time low (down from 1,883 to 1,496 incidents).

EAST Executive Director Lachlan Gunn said, “Despite the overall rise in terminal fraud incidents, total reported losses were almost unchanged. Transaction reversal fraud losses did rise from €2.6 million to €5.2 million, but the continued drop in skimming incidents has helped to keep the overall loss position stable.”

Total losses of €249 million were reported, up 1% from the €247 million reported in 2018. Overall losses due to card skimming were unchanged and losses due to card trapping were down by 14% (from €2.9 million to €2.5 million).

ATM related physical attacks were up 0.5% (from 4,579 to 4,571 incidents). Attacks due to ram raids and ATM burglary were down 11% (from 1,256 to 1,122 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were down 7% (from 1,052 to 977 incidents). Losses due to ATM related physical attacks were €22 million, a 39% decrease from the €36 million reported in 2018.

The average cash loss for a robbery is estimated at €20,369 per incident, the average cash loss per explosive or gas attack is €10,735 and the average cash loss for a ram raid or burglary attack is €9,377. These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A total of 140 ATM malware and logical attacks were reported, down from 157 in 2018, an 11% decrease. All the reported attacks were ‘cash out’ or ‘jackpotting’ attacks. In 118 attacks equipment typically referred to as a ‘black box’ was used, and malware was used in the other 22 attacks. Related losses were up 142%, from €0.45 million to €1.09 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)