EAST Publishes European Fraud Update 1-2017

European Fraud Update 1-2017EAST has just published its first European Fraud Update for 2017.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 41st EAST meeting held in Oslo, Norway on 8th February 2017.

Card skimming at ATMs was reported by eighteen countries.  The usage of M3 – Card Reader Internal Skimming devices continues.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Five countries reported such attacks and EAST has recently published four related ATM Fraud Alerts.

International skimming related losses were reported in 45 countries and territories outside of the SEPA and in 9 within SEPA.  The top three locations where such losses were reported remain the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and four countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.  One country reported the use of an M3 – Card Reader Internal Skimming Device at a public transport ticket machine, the first time this has been seen.

One country reported a new form of crime, ‘Cash-in’ or ‘Cash Deposit’ fraud.  The criminals deposit fake banknotes into ATMs (where the cash deposit function is available) and then credit their cards or other accounts.

ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  EAST has recently published seven related ATM Fraud Alerts.  To help counter such attacks Europol has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  This is available in four languages: English, German, Italian and Spanish.

Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks.  The use of solid explosives continues to spread and seven countries reported such attacks.

Payment fraud issues were reported by five countries.  One country reported an increase in both vishing and phishing attacks and another reported criminal abuse of the chargeback system.

The full Fraud Update is available to EAST Members (National and Associate).

EAST Publishes European Fraud Update 3-2016

east-european-fraud-update-3-2016EAST has just published its third European Fraud Update for 2016. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 40th EAST meeting held in Bucharest, Romania on 12th October 2016.

Card skimming at ATMs was reported by nineteen countries. The usage of M3 – Card Reader Internal Skimming devices continues. This type of device is placed at various locations inside the motorised card reader behind the shutter.  Seven countries reported such attacks.

International skimming related losses were reported in 57 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. The top three locations where such losses were reported are the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and six countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To help counter such attacks the Europol document ‘Guidance and Recommendations regarding Logical attacks on ATMs’ is now available in four languages: English, German, Italian and Spanish.

Ram raids and ATM burglary were reported by nine countries and eleven countries reported explosive gas attacks, four of them seeing big increases in such attacks.  The use of solid explosives continues to spread and six countries reported such attacks.

Payment fraud issues were reported by eight countries. Two of them reported data breaches and one updated on contactless card fraud. One country reported fraud relating to a popular games console and another fraud related to advertising on social media.

The full Fraud Update is available to EAST Members (National and Associate).

International Payment Fraud Network taken down

europol-sep-16-pcfAn international payment fraud network responsible for large-scale misuse of compromised payment card data, prostitution and money laundering was taken down on 6th September 2016.  The operation was conducted by the Italian Polizia Postale e delle Comunicazioni in close cooperation with the Romanian DIICOT, the General Inspectorates of the Romanian Police and Gendarmerie and Europol.

The criminal network, mainly made up of Romanian Nationals, used sophisticated ATM skimming devices which allowed them to compromise ATMs and deceptive phishing techniques to perform a high volume of fraudulent transactions in Italy (in the Milan and Monza areas). It is estimated that related losses ran into several hundred thousands of euros.

During the operation multiple house searches were conducted and 14 people were detained, of which 7 were arrested in Italy and Romania.  Thousands of plastic cards ready to be encoded were seized in several locations in Romania and Italy, along with micro camera bars, card readers, magnetic stripe readers and writers, computers, phones and flash drives, and several vehicles.

Europol’s European Cybercrime Centre (EC3) started supporting the case earlier this year and helped the involved law enforcement authorities in their efforts to identify the suspects. Operational meetings were held at Europol’s headquarters in The Hague and EC3 provided analytical support and expertise throughout the investigation including the deployment of a mobile office during the final action day to assist the Italian and Romanian authorities on-the-spot

More information can be found on the Europol website.