New EAST Fraud Definitions now available in Russian

EAST Terminal Fraud Definitions are now available in the Russian language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by two EAST National Member organisations – the Ukrainian Interbank Payment Systems Member Association “EMA”  and the MasterCard Members Association (MCMA).

These fraud definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these Terminal Fraud Definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Russian is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Russian language.

The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST Upgrades Terminal Fraud Definitions

EAST has upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  This information is now available on the EAST website.

The EAST Expert Group on All Terminal Fraud (EGAF) has identified six ways by which criminals achieve their targets from the different terminal fraud types as shown below:

In the upgraded Terminal Fraud Definitions each applicable criminal benefit is highlighted next to each terminal fraud type.  The defined Terminal Fraud Types are: Card Skimming; Card Shimming; Eavesdropping; Card Trapping; Cash Trapping; Transaction Reversal Fraud (TRF); Malware; and Black Box.

Below is the definition for Card Skimming which highlights that skimming enables criminals to: Create counterfeit cards; make card-not-present (CNP) purchases; use fake cards in-store; and sell compromised data.

fraud definitions - card skimming

EAST Executive Director Lachlan Gunn said “This is a major step forward in standardising the classification of terminal fraud, which will hopefully help to continue to drive down related fraud losses. The EGAF Chair, Otto de Jong, and his team have produced something fresh and simple which we hope will be adopted globally by the Industry and Law enforcement when describing or reporting terminal fraud. In particular we would like to thank Ben Birtwistle of NatWest Bank plc, along with Claire Shufflebotham and Niek Westendorp of TMD Security, whose creative ideas and design made this latest upgrade possible.”

A summary of the upgraded fraud definitions and terminology is available on the EAST website along with a more detailed document for download.  These have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST EGAF holds 15th Meeting in Amsterdam

The Fifteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 17th January 2018 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 35 countries. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 168 EAST Fraud Alerts have been issued, one to date in 2018.

Viewpoint: Poll indicates malware and black box attacks are biggest fraud risk to the ATM channel

In a website research poll that ran from May to August 2017 participants were asked how they saw fraud risk developing for ATMs. 67% of respondents felt that malware and black box attacks were the biggest risk, 20% went for card skimming, 7% chose social engineering, and cash trapping and card trapping were each chosen by 3%. The poll results can be seen in the chart below.

black box

This poll result is in line with EAST’s published European ATM fraud statistics, with reports that date back to 2004.  Over the past thirteen years we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced.  Most recently we have seen an increase in black box attacks, as highlighted in an ATM Crime Report published by EAST in April 2017 and covering the full year 2016.

The current website research poll, which closes at the end of December, is on Payment Fraud and asks if you have experienced losses due to payment fraud over the past two years, how long did it take to get reimbursed?  To take it, and to see all past results, visit the Payment and Terminal Research page on this website.

EAST EGAF holds 14th Meeting in Amsterdam

EAST EGAFThe Fourteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 20th September 2017 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Networks, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 36 countries with a total deployment of 1,454,182 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 155 EAST Fraud Alerts have been issued, 31 to date in 2017.

EAST Fraud Alerts

To date 155 EAST Fraud Alerts have been issued by 25 countries.  EAST first started issuing such Alerts in September 2013.  These Alerts provide valuable and timely intelligence to law enforcement agencies and the industry, allowing the spread of emerging threats and criminal methodologies to be tracked across the world.  While most of the Alerts have been issued by countries within the Single Euro Payments Area (SEPA), there have been some from Belarus, Mexico, Russia, Serbia, Turkey, Ukraine and the United States.

To date EAST Fraud Alerts issued have covered:  ATM Malware / Black Box attacks (cash out / jackpotting); Card Shimming; Card Skimming (highlighting the spread of different devices such as M1, M2 and M3); Card Trapping; Cash Trapping; Eavesdropping (highlighting the use of different MOs such as E2 and E3); EMV Shock Cards; Transaction Reversal Fraud; and Vandalism.  The table below shows a summary the Alerts issued:

EAST Fraud Alerts

The EAST Expert Group on All Terminal Fraud (EGAF) initiated the Alerts and conducts in-depth analysis of some of the emerging threats and devices.  Each Alert covers: the type of fraud; the country where discovered; the ATM type(s) affected; an indication as to whether or not the fraud was successful; a description of the device and the criminal MO; indication as the device location; information on PIN compromise (if card skimming or card trapping); and any available images.

The Alerts are restricted documents and are issued to to EAST Members (National and Associate) for their internal usage.

Definitions of the different fraud types and related terminology are available on this website.

EAST Publishes European Fraud Update 1-2016

EAST - EUROPEAN FRAUD UPDATE 1 - 2016EAST has just published its first European Fraud Update for 2016. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 38th EAST meeting held in Stockholm on 10th February 2016

Card skimming at ATMs was reported by twenty countries. Criminal usage of M2 – Throat Inlay Skimming Devices appears to be increasing. This type of device is placed inside the card reader throat in front of the shutter. Three countries reported such attacks.

The trend of losses due to skimming occurring outside of EMV Chip liability shift areas continues. International losses were reported in 44 countries and territories outside of the Single Euro Payments Area (SEPA) and in 3 within SEPA. The top three locations where such losses were reported remain the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by twelve countries and seven countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

Fifteen countries reported cash trapping attacks and five countries reported transaction reversal fraud (TRF) incidents.

ATM malware and logical security attacks were reported by three countries – two of them reported the successful usage of ‘black-box’ devices to allow the unauthorised dispensing of cash.

Ram raids and ATM burglary were reported by ten countries and ten countries also reported explosive gas attacks, one of them for the first time. One country reported the use of explosive liquid (nitro-glycerine) to blow open an ATM safe – the first time that this has been reported to EAST.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.

EAST Publishes European Fraud Update 3-2015

EAST - EUROPEAN FRAUD UPDATE 3 - 2015EAST has just published its third European Fraud Update for 2015. This is based on country crime updates given by representatives of 17 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 37th EAST meeting held in London on 7th October 2015.

Card skimming at ATMs was reported by seventeen countries. One country reported the successful usage of a stereo-skimming device, the first time that this has been reported. Another country reported an unsuccessful attack using an ATM shimming device.

The trend of losses due to skimming occurring outside of EMV* Chip liability shift areas continues. International losses were reported in 53 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. The top three locations where such losses were reported were the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by nine countries and one country reported such attacks at payment terminals linked to docking stations for the hire of bicycles.

Eleven countries reported cash trapping attacks and six countries card trapping incidents.

ATM malware and logical security attacks were reported by two countries – one of them reporting malware used for ‘cash-out’ attacks and the other black-box attacks used for the same purpose.

Ram raids and ATM burglary were reported by seven countries and seven countries also reported explosive gas attacks. In one country the average duration of an ATM explosive gas attack is 3-5 minutes.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.

European ATM Fraud Incidents up 15%, driven by low tech crime

EAST ATM Crime Report H1 2015In a European ATM Crime Report covering the first six months of 2015 EAST has reported that ATM fraud incidents were up 15% when compared to the same period in 2014.

ATM related fraud attacks were up from 7,345 in H1 2014 to 8,421 in H1 2015. This rise was mainly driven by an 18% increase in card trapping attacks (up from 2,579 to 3,043 incidents) and a 985% increase in Transaction Reversal Fraud (TRF) attacks (up from 117 to 1,270 incidents). Trapped cards can be used in the EMV environment (if the PIN has also been compromised). 1,986 card skimming incidents were reported, down 18% from 2,425 in H1 2014.

Losses due to ATM related fraud attacks were up 18% when compared with H1 2014 (up from €132 million to €156 million). This rise was largely driven by an 18% rise in international skimming losses (up from €111 million to €131 million). The Asia-Pacific region (particularly Indonesia) and the USA are where the majority of such losses were reported. Domestic skimming losses rose 11% over the same period.

EAST Executive Director Lachlan Gunn said, “International skimming losses have risen for the past four reporting periods and EAST is working closely with Europol to raise awareness of this issue in Asia-Pacific and the Americas.”

ATM related physical attacks rose by 19% when compared with H1 2014 (up from 1,032 to 1,232 incidents).  This is explained by a 1,013% increase in reported robberies, due to the fact that one country has been able to report on this for the first time.  423 such attacks were reported, up from 38 in 2014.

Losses due to ATM related physical attacks rose 100% to €26 million (up from €13 million in 2014), again mainly due to the fact that one country has reported losses due to robbery for the first time. Losses due to robbery rose from €0.4 million to €10.5 million. The average cash loss for robberies was €24,799 per incident, for ram raids/ATM burglary €22,604 per incident, and for explosive attacks €19,737.

In H1 2015 5 ATM malware incidents were reported (‘cash out’ or ‘jackpotting’ attacks), with related losses of €0.14 million. To counter the malware threat, the EAST Expert Group on ATM Fraud (EGAF) worked with Europol to create ‘Guidance & recommendations regarding logical attacks on ATMs’, a document published by Europol in June 2015.

A summary of the report statistics under the main headings is in the table below.

EAST H1 2015 Crime Report Summary Stats

The full Crime Report is available to EAST Members (National and Associate) and Subscribers.

EAST Publishes European Fraud Update 2-2015

EAST - EUROPEAN FRAUD UPDATE 2 - 2015EAST has just published its second European Fraud Update for 2015. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 2 non-SEPA countries, at the 36th EAST meeting held at Europol in the Hague on 10th June 2015.

Card skimming at ATMs was reported by 17 countries, with decreases reported by 7 countries and increases by two. Six countries reported card data compromise through wire-tapping or ‘Eavesdropping’ – the criminals cut a hole in the fascia near to the card reader, insert a device which is connected internally to the card reader and then cover the hole with a fake decal.

Skimming attacks on other terminal types were reported by 8 countries and overall the number of attacks appears to be decreasing.

Fourteen countries reported cash trapping attacks and 7 countries incidents of transaction reversal fraud (TRF).

ATM malware incidents were reported by four countries. These were ATM ‘cash out’ or ‘jackpotting’ attacks. Two of the countries reported such attacks for the first time. To help counter this threat Europol has recently published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.

Ram raids and ATM burglary were reported by 9 countries, with one of them reporting increases in this type of attack and another a new method for accessing the ATM from below. Eleven countries reported explosive gas attacks, and two of them also reported attacks on ATMs using solid explosives.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.