EAST EPTF holds 14th Meeting

The 14th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 9th November 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 14 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol and provided the law enforcement perspective, and presentations were also made by Cartes Bancaires, Diebold NixdorfDutch Banking Association, Group-IB, PAN-Nordic Card AssociationPayment Services Austra (PSA), PLUSCARD, SIBs, TietoEVRY and Worldline.  Social engineering remains a key concern, as does Card Not Present (CNP) fraud outside Europe.  Contactless fraud is a rising issue, as is mobile wallet fraud.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 34 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 216 EAST Associate Member Organisations from 52 countries and territories.

National & Global Fraud Intelligence sharing – 2nd EAST Global Congress

The 2nd EAST Global Congress took place on Wednesday 5th October 2022 in London as a hybrid meeting, with some delegates participating online. The event was hosted by the LINK Scheme.

The meeting was chaired by Veronica Borgogna from Worldline and the key focus was on the sharing of payment and terminal fraud intelligence (global, regional, national).

Law enforcement overviews were provided by Europol’s European Cybercrime Centre (EC3) on various fraud types, and the Gulf Cooperation Council Police (GCCPOL) on technological and non-technological fraud trends.

Private sector fraud intelligence updates were received from 25 countries, either directly or via regional/global updates by HSBC and Worldline.  Regional Updates were also provided for ASP, LATAM, and MENA.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains the key issue, and discussions also took place on a new fraud modus operandi now affecting four countries.

Updates were also given by the Chairs of the three EAST Expert Groups:

EAST Fraud Update 3-2022 will be produced early next month, based on the country updates provided at the EAST Global Congress.  EAST Fraud, Payment, and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The 3rd EAST Global Congress, scheduled for 8th February 2023, will also be held as a Hybrid Meeting.

National & Global Fraud Intelligence sharing – 1st EAST Global Congress

The 1st EAST Global Congress took place on Thursday 16th June 2022 at Europol’s HQ in the Hague as a hybrid meeting, with some delegates participating online. This was the first in-person meeting of EAST Global and National Members since February 2020.  Six virtual interim meetings were held between that meeting and the Global Congress.

The meeting was chaired by Graham Mott from the LINK Scheme and the key focus was on the sharing of payment and terminal fraud intelligence (global, regional, national).  A special welcome was given to Olesya Danylchenko from the Ukrainian Interbank Payment Systems Member Association (EMA).

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), and the United States Secret Service (USSS).  An update was provided from Europol’s European Cybercrime Centre (EC3) on various fraud types and an updated version of the document Guidance and Recommendations Regarding Logical Attacks Against ATMs‘  was officially launched.  A presentation from Europol’s Organised Property Crime Unit covered recent Physical ATM attacks across Europe. The USSS update covered recent reports from the FBI’s Internet Crime Complaint Centre (IC3), as well the latest fraud trends seen.

Private sector fraud intelligence updates were received from 25 countries, either directly or via regional/global updates by HSBC and Worldline.  Regional Updates were also provided for ASP, and MENA.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

Updates were also given by the Chairs of the three EAST Expert Groups:

EAST Fraud Update 2-2022 will be produced early next month, based on the country updates provided at the EAST Global Congress.  EAST Fraud, Payment, and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The 2nd EAST Global Congress, scheduled for 5th October 2022, will also be held as a Hybrid Meeting.

National & Global Fraud Intelligence sharing – 6th Interim EAST Meeting

The sixth Interim Meeting of EAST National and Global Members took place on Wednesday 9th February 2022 as a virtual meeting. The meeting was chaired by Thomas Von der Gathen from Payment Services Austria (PSA).  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), and the United States Secret Service (USSS).  An update was provided from Europol’s European Cybercrime Centre (EC3) on various fraud types and a presentation from Europol’s Organised Property Crime Unit covered recent Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim). The USSS update covered card fraud and recent man-in-the-middle black box attacks.

Private sector fraud intelligence updates were received from 28 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Regional Updates were also provided for ASP, MENA and LATAM. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue, particularly for elderly people.

EAST Fraud Update 1-2022 will be produced early next month, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 16th June 2022, will hopefully be the 1st EAST Global Congress, which is planned as Hybrid Meeting.  This is dependant on the prevailing travel situation at that time, and the meeting will revert to a virtual Interim Meeting if required.

National & Global Fraud Intelligence sharing – 5th Interim EAST Meeting

The fifth Interim Meeting of EAST National and Global Members took place on Wednesday 6th October 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Veronica Borgogna from AXEPTA BNP Paribas.  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL.  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim). The USSS presentation covered Covid-19 pandemic relief fraud and the INTERPOL presentation covered recent issues relating to financial crimes in the LATAM region.

Private sector fraud intelligence updates were received from 28 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Regional Updates were also provided for ASP, MENA and LATAM. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

EAST Fraud Update 3-2021 will be produced early next month, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 9th February 2022, will hopefully be the 1st EAST Global Congress, which is planned as Hybrid Meeting.  This is dependant on the prevailing status of the Covid-19 pandemic and the meeting will revert to a virtual Interim Meeting if required.

National & Global Fraud Intelligence sharing – 4th Interim EAST Meeting

A fourth Interim Meeting of EAST National and Global Members took place on Wednesday 9th June 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Graham Mott from the LINK Scheme.  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL.  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim. The USSS presentation covered US Fraud Trends (2020/2021), along with prevention/detection techniques, and the INTERPOL presentation covered recent issues relating to financial crimes, money laundering, and asset tracing.

Private sector fraud intelligence updates were received from 31 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  A key issue, highlighted by most of the countries, continues to be the importance of raising consumer awareness to counter the rising threats related to social engineering.

EAST Fraud Update 2-2021 will be produced during July, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 6th October 2021, will also be a virtual Interim meeting.  The 1st EAST Global Congress is now scheduled to be held in February 2022, dependant on the prevailing status of the Covid-19 pandemic.

3rd Interim EAST Meeting – National and Global Members

A third Interim Meeting of EAST National and Global Members took place on Wednesday 10th February 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Martine Hemmerijckx from Worldline.

Law enforcement overviews were provided by Europol and the Gulf Cooperation Council Police (GCCPOL).  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries – it focussed on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim).

Updates were received from 26 countries, either directly or via a global update by Worldline.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  A key issue, highlighted by most of the countries, is the importance of raising consumer awareness to counter the rising threats related to social engineering.

EAST Fraud Update 1-2021 will be produced during March, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 9th June 2021, will also be a virtual Interim meeting.  The 1st EAST Global Congress is now scheduled to be held in October 2021, dependant on the prevailing status of the Covid-19 pandemic.

Carding Action by Police prevents €40 million in losses

EFECCCarding Action 2020, an operation led by law enforcement agencies from Italy and Hungary and supported by the UK and Europol, targeted fraudsters selling and purchasing compromised card details on websites selling stolen credit card data, known as ‘card shops’, and ‘dark web marketplaces’.

The operation sought to mitigate and prevent losses for financial institutions and cardholders. Group-IB and card schemes worked in close cooperation with police authorities from the countries involved. During the three-month operation, 90,000 pieces of card data were analysed and prevented approximately €40 million in losses.

Europol facilitated the coordination and the information exchange between law enforcement authorities and partners from the private sector. Europol’s experts provided operational analysis on large volumes of data and supported with expertise in the field of payment card fraud.

“Cybercrime can affect all aspects of our daily life, from paying in the supermarket, transferring money to our friends to using online communication tools or Internet of Things devices at home. Cybercriminals can attack us in different ways and this requires a robust response not only from law enforcement, but also from the private sector,” said Edvardas Sileris, Head of Europol’s European Cybercrime Centre (EC3). “With more than €40 million in losses prevented, Carding Action 2020 is a great example of how sharing information between private industries and law enforcement authorities is a key in combating the rising trend of e-skimming and preventing criminals from profiting on the back of EU citizens…..” he added.

The expansion of e-skimming attacks targeting merchant point of sale systems and e-commerce merchants also influenced the significant increase of prevented losses. As reported in Europol’s iOCTA 2020, card-not-present (CNP) fraud is a criminal threat in constant evolution, generating millions of euros of losses and affecting thousands of victims from across the EU.

The EAST Payments Task Force (EPTF) is a public-private sector platform that focusses on tackling the issues of e-skimming and payment fraud.

COVID-19 impact on Non-Cash Payment Fraud

EAST Executive Director Lachlan Gunn presented at a webinar organised by the European Union Agency for Law Enforcement Training (CEPOL) that focussed on the impact of the COVID-19 pandemic on Non-Cash Payment Fraud.  The webinar took place on Thursday 29 October and was attended by over 80 representatives from European Law Enforcement Agencies and Judicial Authorities specialised in electronic payment fraud investigations.

The objective of the webinar was to raise awareness of:

  • different trends and typologies of electronic payment frauds (Card Present Fraud and Card Not Present Fraud);
  • public-private cooperation and role of the private sector in combatting non-cash payment fraud.

The EAST presentation highlighted the role played by EAST in combatting financial crime, how its public/private sector platforms operate, and the impact of the COVID-19 pandemic.  The key topics covered by EAST were:

2nd Interim EAST Meeting – National and Global Members

A second Interim Meeting of EAST National and Global Members took place on Wednesday 7th October 2020. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Rui Carvalho, EAST Development Director.  The 1st EAST Global Congress is now scheduled to be held in February 2021, dependant on the prevailing status of the pandemic.

Law enforcement overviews were provided by EuropolINTERPOL and the Gulf Cooperation Council Police (GCCPOL).  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered the recent publication of their Internet Organised Crime Threat Assessment (IOCTA 2020), focussed on criminal trends relating to Covid-19, and prevention and awareness; the other covered Physical ATM attacks across Europe.  The INTERPOL presentation covered the impact of Covid-19 on Financial crimes from the global perspective and the GCCPOL presentation covered payment and fraud issues seen by their 6 member countries.

Updates were received from 28 countries, either directly or via a global update by HSBC. As with the previous meeting, the key focus remained on the impact of the coronavirus crisis and each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).

EAST Fraud Update 3-2020 will be produced during October, based on the country updates provided at the Interim EAST Meeting. EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.