EAST Publishes Fraud Update 3-2022

EAST has published its third Fraud Update for 2022.  This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 7 non-SEPA countries, at the 2nd EAST Global Congress held on 5th October 2022.

The following countries supplied full or partial information for this Update:

Algeria; Armenia; Canada; Finland; France; Germany; Greece; Ireland; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Morocco; Netherlands; Norway; Poland; Portugal; Romania; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published five related Fraud Alerts.

Fraud Update

To date in 2022 the EAST EGAF has published three related Fraud Alerts.

FRAUD ORIGIN

Fraud Update

To date in 2022 the EAST EGAF has published one related Fraud Alert.

Fraud Update

To date in 2022 the EAST EGAF has published one related Fraud Alert.

DUE DILIGENCE

Fraud Update

PHYSICAL ATTACKS

To date in 2022 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts.

The full EAST European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

New fraud type adds to surge in European Terminal Fraud attacks

Terminal FraudEAST has just published a European Payment Terminal Crime Report covering H1 2022 which highlights a new type of fraud along with a rise in terminal fraud attacks.

Terminal related fraud attacks were up 81% (from 2,775 to 5,022 incidents). This increase was primarily due to a rise in cash trapping at ATMs, which increased by 284% (from 819 to 2,984 incidents). A new type of man-in-the middle/relay attack was seen, with 501 cases reported. Total fraud losses of €97 million were reported, down 5% from the €102 million reported in H1 2021. Most losses remain international issuer losses due to card skimming, which were €80 million.

EAST Executive Director Lachlan Gunn said, “While an increase in cash trapping at ATMs has led the surge in terminal fraud, the new man-in-the-middle/relay attacks are much more complex and, if successful, can lead to cash out at ATMs.  Our Expert Group on All Terminal Fraud (EGAF) is monitoring and analysing these attacks, with close cooperation between industry partners and law enforcement in the affected countries.”

ATM malware and logical attacks were down 82% (from 33 to 6) and all but one of the reported attacks were black box attacks.  A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM.  Most such attacks remain unsuccessful, and no losses were reported during the period.  On 16 June 2022 Europol, supported by EAST, published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.

ATM related physical attacks were up 7% (from 1,873 to 2,008 incidents), mainly driven by a rise in vandalism. Within this total ATM explosive attacks were up 47% (from 241 to 354 incidents) and attacks due to ram raids and ATM burglary were up 17% (from 234 to 274 incidents).  Losses due to ATM related physical attacks were €5.8 million, an 18% increase from the €4.9 million reported during H1 2021.  38% of these losses were due to explosive attacks, which were down 31% from €3.17 million to €2.19 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

13 more arrests of ATM explosive gang members

German authorities, together with Dutch and Belgian counterparts, have arrested thirteen members of a Dutch gang linked to 21 ATM explosive attacks against cash machines in Germany.  The gang stole over €1.6 million as a result of the attacks, and collateral damage to equipment and buildings was in excess of €4 million.

The arrests took place on 28 June with over 100 Police officers involved in Germany (North Rhine Westphalia) and the Netherlands.

  • 8 arrests were made in the Netherlands
  • 3 arrests were made in Germany
  • 2 arrests were made in Belgium

These arrests follow another successful police operation in May 2022.

Europol’s European Serious Organised Crime Centre supported the investigation from the onset by bringing together the national investigators from Germany and the Netherlands to establish a joint strategy and to organise the intensive exchange of evidence needed to prepare for final phase of the investigation.

Threat To Life

Law enforcement is increasingly concerned about the heavier explosives that criminals are using to gain access to the ATM safes. The explosions are putting the lives of local residents and bystanders at risk: the surrounding buildings can collapse, or fragments of the explosion can hit passers-by.

In some cases, the perpetrators escape the crime scene in powerful motorised vehicles at speeds of up to 250 km/h, causing a serious risk to public safety.

Cross Border Cooperation

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) is a cross-border European specialist expert forum for discussion of ATM, ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.  The Group meets twice each year to enable in-depth and technical discussion to take place. The 17th EAST EGAP Meeting took place on 2nd March 2022.  Information exchange linked to the prevention of ATM explosive attacks is a key focus of the Group.

EAST Publishes Fraud Update 2-2022

EAST has published its second Fraud Update for 2022.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 1st EAST Global Congress held on 16th June 2022.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Canada; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Poland; Romania; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update 1

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published two related Fraud Alerts.

EAST Fraud Update 2

To date in 2022 the EAST EGAF has published three related Fraud Alerts.

FRAUD ORIGIN

To date in 2022 EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2022 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full EAST European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

 

ATM explosive attack gang members arrested in successful Police operation

On 17 May 2022 three people were arrested in the Netherlands in connection with a series of ATM explosive attacks in Germany.  The arrests, which took place in Haarlem and Vianen, followed the arrests of 3 other members of the same criminal group on 30 March 2022 in Hessen, Germany.

This gang is believed to have targeted 8 ATMs in Germany between October and November 2021, stealing over €958,000 in cash.  Typically these attacks took place in the early hours of the morning – to access the cash the gang blew open the ATMs with explosives.  These explosions caused nearly €1 million in collateral damage to the buildings where the ATMs were located and the criminals showed reckless disregard for the safety of people in the vicinity of the attacks, or living nearby.

International Police Operation

The arrests were made by the Dutch Police (Politie Noord-Holland), working together with the German Police Directorate of Hochtaunus (Polizeidirektion Hochtaunus)Europol coordinated the operation (Op Pfeil/Pentagon), which was the culmination of many months of meticulous planning between the German and Dutch authorities.  Europol brought together the national investigators, who have been working closely together with Europol’s Serious Organised Crime Centre, to establish a joint strategy to take down the criminal gang. On the action day a Europol mobile office was deployed to Haarlem to facilitate the extensive exchange of information and evidence, and to support with the analysis of the seized electronic devices.

Police Appeal

In addition to the 6 members arrested so far, law enforcement is seeking to identify a seventh member of this gang.  The German Prosecutor General’s Office Frankfurt am Main are urging members of the public with information to come forward. Anyone who has any knowledge of these fugitives’ whereabouts should get in touch with any information that can help to track down the fugitives.

For more information click here

Cross Border Cooperation

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) is a cross-border European specialist expert forum for discussion of ATM, ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.  The Group meets twice each year to enable in-depth and technical discussion to take place. The 17th EAST EGAP Meeting took place on 2nd March 2022.  Information exchange linked to the prevention of ATM explosive attacks is a key focus of the Group.

ATM jackpotting attacks fall in Europe

EAST has published a European Payment Terminal Crime Report covering 2021 which highlights a fall in ATM jackpotting attacks.

ATM JackpottingATM malware and logical attacks against ATMs were down 74% (from 202 to 52). All the reported attacks were aimed at ATM jackpotting, either using black box attacks or malware. A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses fell from €1.2 million to €0.7 million).

EAST Executive Director Lachlan Gunn said, “This fall in ATM malware and logical attacks is great news and reflects the hard work that has been put in by the industry and law enforcement to address the issue. Most such attacks remain unsuccessful. A recent trend is a shift from logical black box attacks to malware attacks aimed at ATM jackpotting. When executed similar holes are made in the ATM fascia and so it can be difficult to work out which type of attack took place. Our Expert Group on All Terminal Fraud (EGAF) is focussed on countering such attacks, with close cooperation between industry partners and law enforcement. EGAF is working with Europol right now to update a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’, which has been a key tool in the fight against such attacks.”

Terminal related fraud attacks were down 8% (from 6,523 to 5,969 incidents). All fraud types were down except for cash trapping at ATMs, which increased by 14% (from 1,829 to 2,086 incidents). Total losses of €198 million were reported, down 9% from the €218 million reported in 2020. Most losses remain international issuer losses due to card skimming, which were €166 million.

ATM related physical attacks were up 6% (from 3,722 to 3,947 incidents). Attacks due to ram raids and ATM burglary were down 40% (from 749 to 447 incidents). ATM explosive attacks (including explosive gas and solid explosive attacks) were down 32% (from 923 to 629 incidents). Losses due to ATM related physical attacks were €10 million, a 55% decrease from the €22 million reported during 2020. 64% of these losses were due to explosive attacks, which were down 56% from €14.59 million to €6.35 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST Publishes Fraud Update 1-2022

EAST has published its first Fraud Update for 2022.  This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 6th (virtual) EAST Interim Meeting held on 9th February 2022.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Canada; Cyprus; Czech Republic; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

EAST Update

EAST Update

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published one related Fraud Alert.

FRAUD ORIGIN

DUE DILIGENCE

PHYSICAL ATTACKS

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

EAST Publishes Fraud Update 3-2021

EAST has just published its third Fraud Update for 2021. This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 5th (virtual) EAST Interim Meeting held on 6th October 2021.

The following countries supplied full or partial information for this Update:

Armenia; Austria; Belgium; Canada; Cyprus; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2021 the EAST Expert Group on Payment and Transaction Fraud (EPTF) has published two related Payment Alerts and one related Security Alert, and the EAST Expert Group on All Terminal Fraud (EGAF) has published six related Fraud Alerts.

Fraud Update

To date in 2021 EAST EPTF has published one related Payment Alert.

FRAUD ORIGIN

 

To date in 2021 EAST EPTF has published one related Payment Alert and EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

 

To date in 2021 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

ATM Explosive Attacks fall in Europe

EAST has published a European Payment Terminal Crime Report covering the first 6 months of 2021 which shows a significant fall in ATM explosive attacks.

While overall ATM related physical attacks were up 2% (from 1,829 to 1,873 incidents), mainly driven by a rise in vandalism, ATM explosive attacks (including explosive gas and solid explosive attacks) were down 52% (from 505 to 241 incidents).  Attacks due to ram raids and ATM burglary were down 42% (from 405 to 234 incidents).  Losses due to ATM related physical attacks were €4.9 million, a 61% decrease from the €12.6 million reported during the same period in 2020.  35% of these losses were due to explosive attacks, which were down 58% from €7.6 million to €3.2 million.

EAST Executive Director Lachlan Gunn said, “The first 6 months of this year have been influenced by the Covid-19 pandemic, although travel restrictions have eased across Europe. This significant fall in explosive attacks at ATMs is welcome news for all of us, given the destructive nature of such attacks and the resultant risks to life and property. However, the prize remains an attractive option for criminals and the average cash loss per successful solid explosive attack is now estimated at €40,877. To address the issue our EGAP expert group has worked closely with Europol and other Law Enforcement Agencies, and all parties remain vigilant to the threat.”

ATM malware and logical attacks against ATMs were down 74% (from 129 to 33) and all but one of the reported attacks were Black Box attacks. A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses were down 37% from €1.0 to €0.63 million. Most such attacks remain unsuccessful.

Terminal related fraud attacks were down 24% (from 3,631 to 2,775 incidents). Card skimming fell to another all-time low (down from 321 to 279 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 100% (down from 108 to zero incidents). Total losses of €102 million were reported, down 6% from the €109 million reported during the same period in 2020. Most losses remain international issuer losses due to card skimming, which were €86 million.

A summary of the report statistics under the main headings is in the table below.

 

The full Crime Report is available to EAST Members (National, Global and Associate)

ATM Explosive Attack OCG taken down by Police

An organised crime group (OCG) specialised in ATM explosive attacks has been taken down by a coordinated cross-border police operation.  9 suspects were taken into custody after the action by a joint investigation team (JIT) between the Dutch and German authorities.  The 18-month investigation was coordinated by Europol and Eurojust.

The criminals produced step-by-step tutorials on how to blow up ATMs and have been linked to at least 15 ATM attacks in Germany.  The ATMs were blown open using homemade improvised explosive devices (IEDs), posing a serious risk to life.  During one test run by the criminals, one suspect died and another was seriously injured.

Some key facts relating to the investigation are:

  • It was initiated in February 2020 after authorities in Osnabrück, Germany, identified suspicious orders of ATMs from a German company.
  • Special surveillance measures were put in place, which led the investigators to Utrecht, the Netherlands, where a 29 year-old individual and his 24 year-old accomplice were running an illegal training centre for ATM attacks.
  • The pair was ordering different models of ATMs and recording tutorials on how to most effectively blow them up.
  • Links were also established between this criminal organisation and at least 15 ATM attacks in Germany. The total damage, including both the losses and the property damage, is estimated at approximately €2,150,000.

The investigation culminated in a series of police raids on 28 September for which two Europol experts were deployed in the field.  Seven house searches were carried out in the Netherlands in the triangle of Utrecht, Amsterdam and the Hague, resulting in the arrest of three suspects.  These three individuals are currently in custody in the Netherlands and are to be extradited to Germany.

Given the cross-border nature of this case, a Joint Investigation Team (JIT) was set-up in April 2021 between the Dutch and German authorities with the assistance and financing of Eurojust.  Furthermore, the Agency organised the judicial cooperation and supported the execution of European Investigation Orders (EIOs).

In addition, an Operational Taskforce (OTF) was set up between Europol, Germany and the Netherlands to pool investigative resources and expertise.  In the framework of this OTF, 18 operational meetings were held at Europol to prepare for the final phase of the action.

ATM explosive attacks are a growing concern, as they often put innocent lives in danger.  In order to prevent and tackle this type of crime, close cooperation between law enforcement and the ATM industry is paramount.  Europol and the European Crime Prevention Network (EUCPN) have worked on a number of recommendations to prevent physical attacks against ATMs.

The EAST Expert Group on ATM and ATS Physical Attacks (EAST EGAP) is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.

The EAST EGAP meets twice each year to enable in-depth and technical discussion to take place.  The Group held its 16th Meeting on 1 September 2021.  To date it has published 46 Physical Attack Alerts for EAST members, 35 of which relate to ATM Explosive Attacks (22 Explosive Gas and 13 Solid explosive).