EAST EGAF holds 31st Meeting

The 31st Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 17th January 2024.  It was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

It was attended by 21 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

Experts from the following organisations contributed to the meeting: Atruvia AG, BNP Paribas, Cartes Bancaires (CB), Cennox, Diebold Nixdorf, Europol, GMV, ING Bank, KAL, LINK Scheme, Mastercard, NatWest Group, NCR ATLEOS, Payment Services Austria (PSA), Tietoevry, TMD Security, US Secret Service.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Discussion at the meeting focussed on Active Shimmer (Wedge) / Relay attacks, card trapping, transaction reversal fraud (TRF), and to prevention measures relating to black box attacks.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 282 Fraud Alerts have been issued as can be seen in the table below.

New EAST Fraud Definitions now available in Russian

EAST Terminal Fraud Definitions are now available in the Russian language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by two EAST National Member organisations – the Ukrainian Interbank Payment Systems Member Association “EMA”  and the MasterCard Members Association (MCMA).

These fraud definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these Terminal Fraud Definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Russian is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Russian language.

The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST Upgrades Terminal Fraud Definitions

EAST has upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  This information is now available on the EAST website.

The EAST Expert Group on All Terminal Fraud (EGAF) has identified six ways by which criminals achieve their targets from the different terminal fraud types as shown below:

In the upgraded Terminal Fraud Definitions each applicable criminal benefit is highlighted next to each terminal fraud type.  The defined Terminal Fraud Types are: Card Skimming; Card Shimming; Eavesdropping; Card Trapping; Cash Trapping; Transaction Reversal Fraud (TRF); Malware; and Black Box.

Below is the definition for Card Skimming which highlights that skimming enables criminals to: Create counterfeit cards; make card-not-present (CNP) purchases; use fake cards in-store; and sell compromised data.

fraud definitions - card skimming

EAST Executive Director Lachlan Gunn said “This is a major step forward in standardising the classification of terminal fraud, which will hopefully help to continue to drive down related fraud losses. The EGAF Chair, Otto de Jong, and his team have produced something fresh and simple which we hope will be adopted globally by the Industry and Law enforcement when describing or reporting terminal fraud. In particular we would like to thank Ben Birtwistle of NatWest Bank plc, along with Claire Shufflebotham and Niek Westendorp of TMD Security, whose creative ideas and design made this latest upgrade possible.”

A summary of the upgraded fraud definitions and terminology is available on the EAST website along with a more detailed document for download.  These have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST EGAF holds 15th Meeting in Amsterdam

The Fifteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 17th January 2018 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 35 countries. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 168 EAST Fraud Alerts have been issued, one to date in 2018.

Viewpoint: Poll indicates malware and black box attacks are biggest fraud risk to the ATM channel

In a website research poll that ran from May to August 2017 participants were asked how they saw fraud risk developing for ATMs. 67% of respondents felt that malware and black box attacks were the biggest risk, 20% went for card skimming, 7% chose social engineering, and cash trapping and card trapping were each chosen by 3%. The poll results can be seen in the chart below.

black box

This poll result is in line with EAST’s published European ATM fraud statistics, with reports that date back to 2004.  Over the past thirteen years we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced.  Most recently we have seen an increase in black box attacks, as highlighted in an ATM Crime Report published by EAST in April 2017 and covering the full year 2016.

The current website research poll, which closes at the end of December, is on Payment Fraud and asks if you have experienced losses due to payment fraud over the past two years, how long did it take to get reimbursed?  To take it, and to see all past results, visit the Payment and Terminal Research page on this website.

EAST Fraud Alerts

To date 155 EAST Fraud Alerts have been issued by 25 countries.  EAST first started issuing such Alerts in September 2013.  These Alerts provide valuable and timely intelligence to law enforcement agencies and the industry, allowing the spread of emerging threats and criminal methodologies to be tracked across the world.  While most of the Alerts have been issued by countries within the Single Euro Payments Area (SEPA), there have been some from Belarus, Mexico, Russia, Serbia, Turkey, Ukraine and the United States.

To date EAST Fraud Alerts issued have covered:  ATM Malware / Black Box attacks (cash out / jackpotting); Card Shimming; Card Skimming (highlighting the spread of different devices such as M1, M2 and M3); Card Trapping; Cash Trapping; Eavesdropping (highlighting the use of different MOs such as E2 and E3); EMV Shock Cards; Transaction Reversal Fraud; and Vandalism.  The table below shows a summary the Alerts issued:

EAST Fraud Alerts

The EAST Expert Group on All Terminal Fraud (EGAF) initiated the Alerts and conducts in-depth analysis of some of the emerging threats and devices.  Each Alert covers: the type of fraud; the country where discovered; the ATM type(s) affected; an indication as to whether or not the fraud was successful; a description of the device and the criminal MO; indication as the device location; information on PIN compromise (if card skimming or card trapping); and any available images.

The Alerts are restricted documents and are issued to to EAST Members (National and Associate) for their internal usage.

Definitions of the different fraud types and related terminology are available on this website.

EAST Publishes European Fraud Update 3-2015

EAST - EUROPEAN FRAUD UPDATE 3 - 2015EAST has just published its third European Fraud Update for 2015. This is based on country crime updates given by representatives of 17 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 37th EAST meeting held in London on 7th October 2015.

Card skimming at ATMs was reported by seventeen countries. One country reported the successful usage of a stereo-skimming device, the first time that this has been reported. Another country reported an unsuccessful attack using an ATM shimming device.

The trend of losses due to skimming occurring outside of EMV* Chip liability shift areas continues. International losses were reported in 53 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. The top three locations where such losses were reported were the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by nine countries and one country reported such attacks at payment terminals linked to docking stations for the hire of bicycles.

Eleven countries reported cash trapping attacks and six countries card trapping incidents.

ATM malware and logical security attacks were reported by two countries – one of them reporting malware used for ‘cash-out’ attacks and the other black-box attacks used for the same purpose.

Ram raids and ATM burglary were reported by seven countries and seven countries also reported explosive gas attacks. In one country the average duration of an ATM explosive gas attack is 3-5 minutes.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.

European ATM Fraud Incidents up 15%, driven by low tech crime

EAST ATM Crime Report H1 2015In a European ATM Crime Report covering the first six months of 2015 EAST has reported that ATM fraud incidents were up 15% when compared to the same period in 2014.

ATM related fraud attacks were up from 7,345 in H1 2014 to 8,421 in H1 2015. This rise was mainly driven by an 18% increase in card trapping attacks (up from 2,579 to 3,043 incidents) and a 985% increase in Transaction Reversal Fraud (TRF) attacks (up from 117 to 1,270 incidents). Trapped cards can be used in the EMV environment (if the PIN has also been compromised). 1,986 card skimming incidents were reported, down 18% from 2,425 in H1 2014.

Losses due to ATM related fraud attacks were up 18% when compared with H1 2014 (up from €132 million to €156 million). This rise was largely driven by an 18% rise in international skimming losses (up from €111 million to €131 million). The Asia-Pacific region (particularly Indonesia) and the USA are where the majority of such losses were reported. Domestic skimming losses rose 11% over the same period.

EAST Executive Director Lachlan Gunn said, “International skimming losses have risen for the past four reporting periods and EAST is working closely with Europol to raise awareness of this issue in Asia-Pacific and the Americas.”

ATM related physical attacks rose by 19% when compared with H1 2014 (up from 1,032 to 1,232 incidents).  This is explained by a 1,013% increase in reported robberies, due to the fact that one country has been able to report on this for the first time.  423 such attacks were reported, up from 38 in 2014.

Losses due to ATM related physical attacks rose 100% to €26 million (up from €13 million in 2014), again mainly due to the fact that one country has reported losses due to robbery for the first time. Losses due to robbery rose from €0.4 million to €10.5 million. The average cash loss for robberies was €24,799 per incident, for ram raids/ATM burglary €22,604 per incident, and for explosive attacks €19,737.

In H1 2015 5 ATM malware incidents were reported (‘cash out’ or ‘jackpotting’ attacks), with related losses of €0.14 million. To counter the malware threat, the EAST Expert Group on ATM Fraud (EGAF) worked with Europol to create ‘Guidance & recommendations regarding logical attacks on ATMs’, a document published by Europol in June 2015.

A summary of the report statistics under the main headings is in the table below.

EAST H1 2015 Crime Report Summary Stats

The full Crime Report is available to EAST Members (National and Associate) and Subscribers.

VIEWPOINT: ATM Fraud

ATM Security2In an EAST website research poll that ran from September to December 2014 respondents were asked the question ‘What do you feel is the biggest fraud risk to the ATM channel over the next few years?’

52% chose malware, 37% voted for card skimming, 4% for cash trapping, 3% for card trapping and 3% for social engineering.

EAST Poll Sep to Dec 14

Malware is an emerging fraud trend for the ATM channel. EAST has been reporting European ATM fraud statistics since 2004. Over the past decade we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced. Most recently we have seen a shift from hi-tech skimming to lo-tech card and cash trapping. Our next European ATM Crime report, covering the full year 2014, is scheduled for publication in April 2015.

You can see some of our ATM Fraud definitions on this website. We define ATM Malware as either ‘cash out/jackpotting’ or ‘card and Pin compromise’ and a definition for social engineering is ‘the clever manipulation of the human tendency to trust’.

The current website research poll is on cardholder awareness and asks the question – ‘How often do you see fraud warnings and fraud prevention messages displayed on ATMs in your country?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.