EAST Publishes European Fraud Update 2-2017

EAST has published its second European Fraud Update for 2017.  This is based on country crime updates given by representatives of 21 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 42nd EAST meeting held at Europol on 7th June 2017.

Payment fraud issues were reported by ten countries.  One country reported a new fraud type where the card Primary Account Number (PAN) is compromised in China, leading to fraud in China.  In these cases the CPP is sometimes detected, but most of the time it is not.  Another country reported data compromise due ‘vishing’ attacks (voice phishing), ‘phishing’ websites and ‘SMiShing’ (SMS phishing).  The EAST Payments Task Force (EPTF) is looking at security issues affecting payments with a view to the gathering, collation and dissemination of related information, trends and general statistics.

ATM malware and logical security attacks were reported by fifteen countries.  To date in 2017 EAST has published ten related Fraud Alerts.  Two of the countries reported ATM malware and fourteen reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  Five countries reported ‘black box’ attacks for the first time, further indication that this attack type is continuing to spread.  To help counter these threats Europol, supported by the EAST Expert Group on All Terminal Fraud (EGAF), has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks.  This is available in four languages: English, German, Italian and Spanish.

Card skimming at ATMs was reported by nineteen countries.  The usage of M3 – Card Reader Internal Skimming devices continues to spread.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Nine countries reported such attacks and, to date in 2017, EAST has published six related Fraud Alerts.

International skimming related losses were reported in 49 countries and territories outside of the Single Euro Payments Area (SEPA) and in 9 within SEPA.  The top three locations where such losses were reported are the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by ten countries and five countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.  Two countries reported the usage of card reader internal shimming devices at POS terminals.

Eight countries reported incidents of Transaction Reversal Fraud (TRF).  One country reported a significant increase in such attacks and two countries reported such attacks for the first time.

Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks.  To date in 2017 EAST has published nine related ATM physical attack alerts.  The use of solid explosives continues to spread and six countries reported such attacks.  This is of increasing concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.

The full Fraud Update is available to EAST Members (National and Associate).

EAST Publishes European Fraud Update 1-2017

European Fraud Update 1-2017EAST has just published its first European Fraud Update for 2017.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 41st EAST meeting held in Oslo, Norway on 8th February 2017.

Card skimming at ATMs was reported by eighteen countries.  The usage of M3 – Card Reader Internal Skimming devices continues.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Five countries reported such attacks and EAST has recently published four related ATM Fraud Alerts.

International skimming related losses were reported in 45 countries and territories outside of the SEPA and in 9 within SEPA.  The top three locations where such losses were reported remain the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and four countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.  One country reported the use of an M3 – Card Reader Internal Skimming Device at a public transport ticket machine, the first time this has been seen.

One country reported a new form of crime, ‘Cash-in’ or ‘Cash Deposit’ fraud.  The criminals deposit fake banknotes into ATMs (where the cash deposit function is available) and then credit their cards or other accounts.

ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  EAST has recently published seven related ATM Fraud Alerts.  To help counter such attacks Europol has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  This is available in four languages: English, German, Italian and Spanish.

Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks.  The use of solid explosives continues to spread and seven countries reported such attacks.

Payment fraud issues were reported by five countries.  One country reported an increase in both vishing and phishing attacks and another reported criminal abuse of the chargeback system.

The full Fraud Update is available to EAST Members (National and Associate).

ATM Malware Criminals Apprehended

Five members of an international organised criminal group (OCG) have been arrested and three of them convicted so far as a result of a complex operation led by law enforcement agencies from Europe and Asia, with the active support of Europol’s European Cybercrime Centre (EC3).  One arrest was made by the Romanian National Police, three arrests by the Taiwanese Criminal Investigation Bureau and one arrest by the Belarusian Central Office of the Investigative Committee.  EC3 assisted the investigation by providing analytical support, organising operational meetings in Europe and Asia as well as analysing the seized data/ equipment.

This OCG is responsible for carrying out highly-sophisticated ATM malware attacks against bank ATMs, which were made to dispense all the money they contained (known as cash-out or jackpotting).  The modus operandi employed was highly sophisticated and involved:

  • spear-phishing emails with attachments containing malicious programmes,
  • penetration of the banks’ internal networks,
  • compromising and controlling the network of ATMs,
  • special computer programmes which deleted most of the traces of the criminal activity, etc.

Related losses suffered by the affected banks are estimated at around EUR 3 million. In some cases, after the cashing-out, the stolen money was partially recovered from the criminals.

EC3A key factor for the successful dismantling of this international cybercrime syndicate was close police cooperation on the global level and deep involvement of the Europol Liaison Office at the INTERPOL Global Complex for Innovation (IGCI).

Steven Wilson, Head of EC3, said: “The majority of cybercrimes have an international dimension, taking into account the origins of suspects and places where crimes are committed. Only through a coordinated approach at the global level between law enforcement agencies can we successfully track down the criminal networks behind such large-scale frauds and bring them to justice.”  Mr Wilson will give the keynote address at the EAST Financial Crime and Security Forum which will be held in The Hague on 8th/9th June 2017.

To further strengthen international police cooperation the Third Strategic Meeting on Payment Card Fraud (PCF) was held last month at the Electronic Transactions Development Agency (ETDA) in Bangkok, Thailand.

Europol, working with the EAST Expert Group on ATM Fraud (EGAF), has published guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.

EAST EGAF holds 12th Meeting

The EAST Expert Group on ATM FraudThe Twelfth Meeting of the EAST Expert Group on ATM Fraud (EAST EGAF) took place on Wednesday 18th January 2017 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global ATM crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from ATM Deployers, ATM Networks, ATM Vendors, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on ATM Skimming, ATM Card Trapping, ATM Cash Trapping, ATM Reversal Fraud and ATM Logical Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 34 countries with a total deployment of 1,332,228 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST ATM Fraud Alerts for all EAST Members (National and Associate). In total 127 EAST ATM Fraud Alerts have been issued, 3 to date in 2017.

EAST Publishes European Fraud Update 3-2016

east-european-fraud-update-3-2016EAST has just published its third European Fraud Update for 2016. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 40th EAST meeting held in Bucharest, Romania on 12th October 2016.

Card skimming at ATMs was reported by nineteen countries. The usage of M3 – Card Reader Internal Skimming devices continues. This type of device is placed at various locations inside the motorised card reader behind the shutter.  Seven countries reported such attacks.

International skimming related losses were reported in 57 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. The top three locations where such losses were reported are the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and six countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To help counter such attacks the Europol document ‘Guidance and Recommendations regarding Logical attacks on ATMs’ is now available in four languages: English, German, Italian and Spanish.

Ram raids and ATM burglary were reported by nine countries and eleven countries reported explosive gas attacks, four of them seeing big increases in such attacks.  The use of solid explosives continues to spread and six countries reported such attacks.

Payment fraud issues were reported by eight countries. Two of them reported data breaches and one updated on contactless card fraud. One country reported fraud relating to a popular games console and another fraud related to advertising on social media.

The full Fraud Update is available to EAST Members (National and Associate).

Europol publishes Italian version of guidance and recommendations to help counter logical attacks on ATMs

ATM Malware Guidelines - ItalianEuropol has just published an Italian language version of the guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.  The English version of the document was officially launched in June 2015 at the EAST Financial Crime & Security (FCS) Forum – EAST FCS 2015 – and versions have also been published in German and Spanish.

The production of this document was coordinated by the EAST Expert Group on ATM Fraud (EGAF), and it is a first of its kind.

The document is a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

EAST publishes European Fraud Update 2-2016

EAST - EUROPEAN FRAUD UPDATE 2 - 2016EAST has just published its second European Fraud Update for 2016. This is based on country crime updates given by representatives of 17 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 39th EAST meeting held at Europol in The Hague on 8th June 2016.

Card skimming at ATMs was reported by eighteen countries.  An emerging trend is the usage of M3 – Card Reader Internal Skimming devices.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Five countries reported such attacks.

The trend of losses due to skimming occurring outside of EMV Chip liability shift areas continues.  International losses were reported in 52 countries and territories outside of the Single Euro Payments Area (SEPA) and in 9 within SEPA.  The top three locations where such losses were reported are the USA, Indonesia and Jamaica.

Skimming attacks on other terminal types were reported by nine countries and eight countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

ATM malware and logical security attacks were reported by five countries – three of them reported the successful usage of ‘black-box’ devices to allow the unauthorised dispensing of cash.  To help counter such attacks the Europol document ‘Guidance and Recommendations regarding Logical attacks on ATMs’ is now available in three languages: English, German and Spanish.

Ram raids and ATM burglary were reported by ten countries and eight countries reported explosive gas attacks.  The use of solid explosives continues to increase and five countries reported such attacks.

For the first time this European Fraud Update also includes information on Payment Fraud, with nine countries reporting related issues.  Three of them reported data leakage from hotel booking sites and one country reported contactless card fraud.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.

Europol has published a Spanish version of guidance and recommendations to help counter logical attacks on ATMs

ATM Malware Guidelines - SpanishEuropol has just published a Spanish language version of the guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.  The English version of the document was officially launched in June 2015 at the EAST Financial Crime & Security (FCS) Forum – EAST FCS 2015 – and the German version was published in January 2016..

The production of this document was coordinated by the EAST Expert Group on ATM Fraud (EGAF), and it is a first of its kind.

The document is a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

ATM Malware Report issued by Europol and Trend Micro

ec3_logo_17Europol’s European Cybercrime Centre (EC3) and Trend Micro have announced the release of a new joint report, “ATM Malware on the Rise”, which offers a comprehensive overview of the ATM malware threat and the specific malware types in circulation.

With more than three million ATMs across the globe and the total number of cash withdrawals averaging around EUR 8.6 billion per year, ATMs are an attractive target for criminal attacks. Through the use of specially designed malware, attackers no longer need to use traditional safe cracking methods to empty an ATM’s money safe.

In this report, the first of its kind to offer such a comprehensive overview on the topic, Trend Micro and Europol highlight the increasing sophistication of cyber criminals in terms of how attacks are planned and orchestrated, using both new methods and techniques in conjunction with well-known attack vectors.

More information can be found on the Europol website.  To counter the ATM Malware threat Europol and the EAST Expert Group on ATM Fraud (EGAF) produced ‘Guidance & recommendations regarding logical attacks on ATMs’ in June 2015.  EAST EGAF continues to focus on the latest ATM malware and logical threats and what can be done to counter them.

This new and restricted report has been released to a closed audience consisting of law enforcement authorities, financial institutions and the IT security industry.  It has also been authorised for release to EAST Members (National and Associate).

Card skimming losses continue to rise outside Europe

EAST 2015 Crime ReportIn a European ATM Crime Report covering the full year 2015 EAST has reported that skimming losses relating to the usage of stolen European card data outside Europe have risen to the highest level seen since 2008.

There was a 19% increase in ATM related fraud attacks, up from 15,702 to 18,738 in 2015.  This increase was mainly driven by a significant rise in Transaction Reversal Fraud (TRF) attacks (up from 160 to 5,104) and a smaller rise in card trapping attacks (up from 5,298 to 6,352).  4,131 card skimming incidents were reported, down 27% from 5,631 in 2014.

Losses due to ATM related fraud attacks were up 17% when compared with 2014 (up from €280 million to €327million).  This rise was largely driven by a 15% rise in international skimming losses (up from €238 million to €274 million).  The USA and the Asia-Pacific region are where the majority of such losses were reported.  Domestic skimming losses rose 19% over the same period (up from €37 million to €44 million).

EAST Executive Director Lachlan Gunn said, “While regional card blocking, often known as geo-blocking, is effective at minimising international skimming losses when implemented, the continued rise of such losses is of concern to Europe.  EAST is now working closely with Europol to increase awareness among experts in Asia-Pacific and the Americas about all types of non-cash means of payment, including card skimming, ATM malware, internet fraud and eCommerce fraud.  Most recently we supported the Second Strategic Meeting on Payment Card Fraud.  This event, which was organised by Europol’s European Cybercrime Centre (EC3) in Kuala Lumpur on 22-23 March 2016, provided the regional law enforcement community with a comprehensive overview of the ATM fraud and its migration to Asia, and the focus is now to establish a cross-regional network to assist international investigations.”

ATM related physical attacks rose by 34% when compared with 2014 (up from 1,980 to 2,657 incidents).  This is partly explained by a 9% increase in reported solid explosive and explosive gas attacks.  673 such attacks were reported, up from 619 in 2014.  Nine countries reported such attacks, four of them countries with more than 40,000 ATMs installed.  The number of reported robberies also increased, up from 60 in 2014 to 838 in 2015.  This rise is partly due to the fact that more countries are now apply to provide such data.

Losses due to ATM related physical attacks rose 81% to €49 million (up from €27 million in 2014).  The average cash loss for ram raids/ATM burglary was €17,830 per incident, and the average cash loss for an explosive or gas attack is €15,602 per incident.  While around 40% of such attacks do not result in cash loss, collateral damage to equipment and buildings can be significant.

In 2014 EAST began to collect statistics for ATM Malware after the first incidents were reported in Western Europe.  15 incidents were reported in 2015, down from 51 in 2014.  These were all ‘cash out’ or ‘jackpotting’ attacks.  Related losses of €743,000 were reported, down from €1.23 million in 2014.

To counter the malware threat, the EAST Expert Group on ATM Fraud (EGAF) worked with the European Cybercrime Centre (EC3) at Europol to create ‘Guidance & recommendations regarding logical attacks on ATMs’, a document published by Europol in June 2015.

 A summary of the report statistics under the main headings is in the table below.

EAST 2015 Crime Report Summary Stats

The full Crime Report is available to EAST Members (National and Associate).