EAST Publishes European Fraud Update 2-2017

EAST has published its second European Fraud Update for 2017.  This is based on country crime updates given by representatives of 21 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 42nd EAST meeting held at Europol on 7th June 2017.

Payment fraud issues were reported by ten countries.  One country reported a new fraud type where the card Primary Account Number (PAN) is compromised in China, leading to fraud in China.  In these cases the CPP is sometimes detected, but most of the time it is not.  Another country reported data compromise due ‘vishing’ attacks (voice phishing), ‘phishing’ websites and ‘SMiShing’ (SMS phishing).  The EAST Payments Task Force (EPTF) is looking at security issues affecting payments with a view to the gathering, collation and dissemination of related information, trends and general statistics.

ATM malware and logical security attacks were reported by fifteen countries.  To date in 2017 EAST has published ten related Fraud Alerts.  Two of the countries reported ATM malware and fourteen reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  Five countries reported ‘black box’ attacks for the first time, further indication that this attack type is continuing to spread.  To help counter these threats Europol, supported by the EAST Expert Group on All Terminal Fraud (EGAF), has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks.  This is available in four languages: English, German, Italian and Spanish.

Card skimming at ATMs was reported by nineteen countries.  The usage of M3 – Card Reader Internal Skimming devices continues to spread.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Nine countries reported such attacks and, to date in 2017, EAST has published six related Fraud Alerts.

International skimming related losses were reported in 49 countries and territories outside of the Single Euro Payments Area (SEPA) and in 9 within SEPA.  The top three locations where such losses were reported are the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by ten countries and five countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.  Two countries reported the usage of card reader internal shimming devices at POS terminals.

Eight countries reported incidents of Transaction Reversal Fraud (TRF).  One country reported a significant increase in such attacks and two countries reported such attacks for the first time.

Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks.  To date in 2017 EAST has published nine related ATM physical attack alerts.  The use of solid explosives continues to spread and six countries reported such attacks.  This is of increasing concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.

The full Fraud Update is available to EAST Members (National and Associate).

Countering ATM Black Box attacks

black boxBlack box attacks on ATMs are a form of logical attack.  To perform these ‘cash-out’ or ‘jackpotting’ attacks the criminals connect an unauthorised device (typically an unknown box or laptop) to an ATM.  This device then sends dispense commands directly to the ATM cash dispenser in order to get it to spit out banknotes.  In order to physically connect such a device the criminals gain access to the ATM’s Top Box by either drilling or melting holes.

The latest statistics published by EAST show that, while the number of black box attacks in Europe is increasing, related losses have fallen when comparing 2016 with 2015.  This drop can be partly attributed to the recent arrests by law enforcement agencies across Europe (in an operation supported by EC3, Europol’s European Cybercrime Centre) and partly to actions taken by the industry to counter such attacks.  The first black box attacks in the Czech Republic took place in August 2016 and three arrests were subsequently made there by the Police.  The industry also took actions to counter such attacks and, at the upcoming EAST Financial Crime & Security Forum (EAST FCS 2017), Petr Ullmann from NCR in the Czech Republic will give an update on the actions taken.

About Petr Ullmann

After graduating in 2007 Petr Ullmann started his career as an IT and network administrator in the automotive industry and went on to work for various Czech companies in IT administration and project management roles.  His key area of expertise was Enterprise Resource Planning (ERP) software – business process management software that allows an organization to use a system of integrated applications to manage the business and automate many back office functions related to technology, services and human resources.

In 2011 he joined NCR Česká republika, initially working as a member of a team working on a project for Tesco Plc in Central Europe.  Since then he has worked on several specific projects for NCR customers (banks and financial institutions) including the migration to Windows 7 and implementation of McAfee ePO.

Who Is Attending?

Over 150 delegates will attend EAST FCS 2017 from ATM networks, banks, law enforcement, vendors, and EAST national and associate members.

Book soon to ensure you don’t miss this great opportunity to attend what has been described as an “excellent event for helping to make a difference in the area of financial crime prevention”.

There are some sponsorship slots still available so, if you are in the business of ATM crime and fraud prevention and wish to showcase your brand to a key audience, contact us.

EAST Publishes European Fraud Update 1-2017

European Fraud Update 1-2017EAST has just published its first European Fraud Update for 2017.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 41st EAST meeting held in Oslo, Norway on 8th February 2017.

Card skimming at ATMs was reported by eighteen countries.  The usage of M3 – Card Reader Internal Skimming devices continues.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Five countries reported such attacks and EAST has recently published four related ATM Fraud Alerts.

International skimming related losses were reported in 45 countries and territories outside of the SEPA and in 9 within SEPA.  The top three locations where such losses were reported remain the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and four countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.  One country reported the use of an M3 – Card Reader Internal Skimming Device at a public transport ticket machine, the first time this has been seen.

One country reported a new form of crime, ‘Cash-in’ or ‘Cash Deposit’ fraud.  The criminals deposit fake banknotes into ATMs (where the cash deposit function is available) and then credit their cards or other accounts.

ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  EAST has recently published seven related ATM Fraud Alerts.  To help counter such attacks Europol has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  This is available in four languages: English, German, Italian and Spanish.

Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks.  The use of solid explosives continues to spread and seven countries reported such attacks.

Payment fraud issues were reported by five countries.  One country reported an increase in both vishing and phishing attacks and another reported criminal abuse of the chargeback system.

The full Fraud Update is available to EAST Members (National and Associate).

EAST Publishes European Fraud Update 3-2016

east-european-fraud-update-3-2016EAST has just published its third European Fraud Update for 2016. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 40th EAST meeting held in Bucharest, Romania on 12th October 2016.

Card skimming at ATMs was reported by nineteen countries. The usage of M3 – Card Reader Internal Skimming devices continues. This type of device is placed at various locations inside the motorised card reader behind the shutter.  Seven countries reported such attacks.

International skimming related losses were reported in 57 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. The top three locations where such losses were reported are the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and six countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To help counter such attacks the Europol document ‘Guidance and Recommendations regarding Logical attacks on ATMs’ is now available in four languages: English, German, Italian and Spanish.

Ram raids and ATM burglary were reported by nine countries and eleven countries reported explosive gas attacks, four of them seeing big increases in such attacks.  The use of solid explosives continues to spread and six countries reported such attacks.

Payment fraud issues were reported by eight countries. Two of them reported data breaches and one updated on contactless card fraud. One country reported fraud relating to a popular games console and another fraud related to advertising on social media.

The full Fraud Update is available to EAST Members (National and Associate).