Terminal related fraud attacks fall in Europe

EAST has just published a European Payment Terminal Crime Report covering H1 2023 which highlights a fall in terminal related fraud attacks.

Terminal related fraud attacks were down 40% (from 5,022 to 3,021 incidents).  This decrease was primarily due to a fall in cash trapping at ATMs. These attacks decreased by 40% (from 2,984 to 1,805 incidents).  Man-in-the middle/relay attacks continued to occur with 63 cases reported during the 6-month period.  The successful attacks resulted in cash out at ATMs. Total losses of €105 million were reported, up 8% from the €97 million reported in H1 2022.  Most losses remain international issuer losses due to card skimming, which were €88 million.

EAST Executive Director Lachlan Gunn said, “This fall in terminal related fraud attacks is very good news for the industry, for law enforcement, and for all stakeholders.  The excellent work done by our EAST Expert Group on All Terminal Fraud (EGAF) has played a major role in highlighting the risks of such attacks, and what can be done to mitigate them.  The group has also helped to counter ATM malware and logical attacks for which the numbers are now very low.  While terminal fraud levels are falling, social engineering, along with major scams, is a rising threat and our Expert Group on Payment and Transaction Fraud is focussed on countering this.”

ATM malware and logical attacks were down 33% (from 6 to 4) and all of the reported attacks were black box attacks.  A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM.  Most such attacks remain unsuccessful, and total losses of just €2,237 were reported.

ATM related physical attacks were down 4% (from 2,008 to 1,931 incidents).  Within this total, ATM explosive attacks (including explosive gas and solid explosive attacks) were up 7% (from 354 to 378 incidents) and attacks due to ram raids and ATM burglary were down 9% (from 274 to 249 incidents).  Losses due to ATM related physical attacks were €3.8 million, a 34% decrease from the €5.8 million reported during H1 2022. 57% of these losses were due to explosive attacks, which were down 1% from €2.19 million to €2.17 million.  While on average around 40% of such attacks do not result in cash loss, the loss figures shown do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST EGAF holds 30th Meeting in Amsterdam

The 30th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 20th September 2023 hosted by the Dutch Banking Association (Nederlandse Vereniging van Banken) in Amsterdam.   The hybrid meeting was chaired by Otto de Jong from ING Bank.

It was attended by 23 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts. 12 people were in the room and there were 11 virtual participants.

Experts from the following organisations contributed to the meeting: BKA, BNP Paribas, BVK Technology, Cartes Bancaires (CB), Cennox, Damage Control, Diebold Nixdorf, Dutch Banking Association, Europol, GMV, ING Bank, KAL, LINK Scheme, Mastercard, NCR ATLEOS, Payment Services Austria (PSA), Tietoevry, TMD Security, US Secret Service, and Visa.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Discussion at the meeting focussed on the follow up to five EAST Fraud Alerts relating to Active Shimmer (Wedge) / Relay attacks, to cash trapping, to transaction reversal fraud (TRF), and to prevention measures relating to black box attacks.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 281 Fraud Alerts have been issued as can be seen in the table below.

New fraud type adds to surge in European Terminal Fraud attacks

Terminal FraudEAST has just published a European Payment Terminal Crime Report covering H1 2022 which highlights a new type of fraud along with a rise in terminal fraud attacks.

Terminal related fraud attacks were up 81% (from 2,775 to 5,022 incidents). This increase was primarily due to a rise in cash trapping at ATMs, which increased by 284% (from 819 to 2,984 incidents). A new type of man-in-the middle/relay attack was seen, with 501 cases reported. Total fraud losses of €97 million were reported, down 5% from the €102 million reported in H1 2021. Most losses remain international issuer losses due to card skimming, which were €80 million.

EAST Executive Director Lachlan Gunn said, “While an increase in cash trapping at ATMs has led the surge in terminal fraud, the new man-in-the-middle/relay attacks are much more complex and, if successful, can lead to cash out at ATMs.  Our Expert Group on All Terminal Fraud (EGAF) is monitoring and analysing these attacks, with close cooperation between industry partners and law enforcement in the affected countries.”

ATM malware and logical attacks were down 82% (from 33 to 6) and all but one of the reported attacks were black box attacks.  A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM.  Most such attacks remain unsuccessful, and no losses were reported during the period.  On 16 June 2022 Europol, supported by EAST, published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.

ATM related physical attacks were up 7% (from 1,873 to 2,008 incidents), mainly driven by a rise in vandalism. Within this total ATM explosive attacks were up 47% (from 241 to 354 incidents) and attacks due to ram raids and ATM burglary were up 17% (from 234 to 274 incidents).  Losses due to ATM related physical attacks were €5.8 million, an 18% increase from the €4.9 million reported during H1 2021.  38% of these losses were due to explosive attacks, which were down 31% from €3.17 million to €2.19 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

New EAST Fraud Definitions now available in Russian

EAST Terminal Fraud Definitions are now available in the Russian language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by two EAST National Member organisations – the Ukrainian Interbank Payment Systems Member Association “EMA”  and the MasterCard Members Association (MCMA).

These fraud definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these Terminal Fraud Definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Russian is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Russian language.

The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST Upgrades Terminal Fraud Definitions

EAST has upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  This information is now available on the EAST website.

The EAST Expert Group on All Terminal Fraud (EGAF) has identified six ways by which criminals achieve their targets from the different terminal fraud types as shown below:

In the upgraded Terminal Fraud Definitions each applicable criminal benefit is highlighted next to each terminal fraud type.  The defined Terminal Fraud Types are: Card Skimming; Card Shimming; Eavesdropping; Card Trapping; Cash Trapping; Transaction Reversal Fraud (TRF); Malware; and Black Box.

Below is the definition for Card Skimming which highlights that skimming enables criminals to: Create counterfeit cards; make card-not-present (CNP) purchases; use fake cards in-store; and sell compromised data.

fraud definitions - card skimming

EAST Executive Director Lachlan Gunn said “This is a major step forward in standardising the classification of terminal fraud, which will hopefully help to continue to drive down related fraud losses. The EGAF Chair, Otto de Jong, and his team have produced something fresh and simple which we hope will be adopted globally by the Industry and Law enforcement when describing or reporting terminal fraud. In particular we would like to thank Ben Birtwistle of NatWest Bank plc, along with Claire Shufflebotham and Niek Westendorp of TMD Security, whose creative ideas and design made this latest upgrade possible.”

A summary of the upgraded fraud definitions and terminology is available on the EAST website along with a more detailed document for download.  These have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST EGAF holds 15th Meeting in Amsterdam

The Fifteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 17th January 2018 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 35 countries. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 168 EAST Fraud Alerts have been issued, one to date in 2018.

Viewpoint: Poll indicates malware and black box attacks are biggest fraud risk to the ATM channel

In a website research poll that ran from May to August 2017 participants were asked how they saw fraud risk developing for ATMs. 67% of respondents felt that malware and black box attacks were the biggest risk, 20% went for card skimming, 7% chose social engineering, and cash trapping and card trapping were each chosen by 3%. The poll results can be seen in the chart below.

black box

This poll result is in line with EAST’s published European ATM fraud statistics, with reports that date back to 2004.  Over the past thirteen years we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced.  Most recently we have seen an increase in black box attacks, as highlighted in an ATM Crime Report published by EAST in April 2017 and covering the full year 2016.

The current website research poll, which closes at the end of December, is on Payment Fraud and asks if you have experienced losses due to payment fraud over the past two years, how long did it take to get reimbursed?  To take it, and to see all past results, visit the Payment and Terminal Research page on this website.

EAST EGAF holds 14th Meeting in Amsterdam

EAST EGAFThe Fourteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 20th September 2017 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Networks, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 36 countries with a total deployment of 1,454,182 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 155 EAST Fraud Alerts have been issued, 31 to date in 2017.

EAST Fraud Alerts

To date 155 EAST Fraud Alerts have been issued by 25 countries.  EAST first started issuing such Alerts in September 2013.  These Alerts provide valuable and timely intelligence to law enforcement agencies and the industry, allowing the spread of emerging threats and criminal methodologies to be tracked across the world.  While most of the Alerts have been issued by countries within the Single Euro Payments Area (SEPA), there have been some from Belarus, Mexico, Russia, Serbia, Turkey, Ukraine and the United States.

To date EAST Fraud Alerts issued have covered:  ATM Malware / Black Box attacks (cash out / jackpotting); Card Shimming; Card Skimming (highlighting the spread of different devices such as M1, M2 and M3); Card Trapping; Cash Trapping; Eavesdropping (highlighting the use of different MOs such as E2 and E3); EMV Shock Cards; Transaction Reversal Fraud; and Vandalism.  The table below shows a summary the Alerts issued:

EAST Fraud Alerts

The EAST Expert Group on All Terminal Fraud (EGAF) initiated the Alerts and conducts in-depth analysis of some of the emerging threats and devices.  Each Alert covers: the type of fraud; the country where discovered; the ATM type(s) affected; an indication as to whether or not the fraud was successful; a description of the device and the criminal MO; indication as the device location; information on PIN compromise (if card skimming or card trapping); and any available images.

The Alerts are restricted documents and are issued to to EAST Members (National and Associate) for their internal usage.

Definitions of the different fraud types and related terminology are available on this website.

EAST Publishes European Fraud Update 1-2016

EAST - EUROPEAN FRAUD UPDATE 1 - 2016EAST has just published its first European Fraud Update for 2016. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 38th EAST meeting held in Stockholm on 10th February 2016

Card skimming at ATMs was reported by twenty countries. Criminal usage of M2 – Throat Inlay Skimming Devices appears to be increasing. This type of device is placed inside the card reader throat in front of the shutter. Three countries reported such attacks.

The trend of losses due to skimming occurring outside of EMV Chip liability shift areas continues. International losses were reported in 44 countries and territories outside of the Single Euro Payments Area (SEPA) and in 3 within SEPA. The top three locations where such losses were reported remain the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by twelve countries and seven countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

Fifteen countries reported cash trapping attacks and five countries reported transaction reversal fraud (TRF) incidents.

ATM malware and logical security attacks were reported by three countries – two of them reported the successful usage of ‘black-box’ devices to allow the unauthorised dispensing of cash.

Ram raids and ATM burglary were reported by ten countries and ten countries also reported explosive gas attacks, one of them for the first time. One country reported the use of explosive liquid (nitro-glycerine) to blow open an ATM safe – the first time that this has been reported to EAST.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.