New EAST FCS Event Website now live!

EAST FCSThe new EAST FCS Event website is now ‘live’ and registrations can now be made for the two EAST Financial Crime & Security (FCS) Seminars that will be co-located with RBR’s ATM & Cyber Security 2018 conference on 10th October 2017.  The two interactive EAST FCS Seminars are:

Terminal Fraud Seminar hosted by the EAST Expert Group on All Terminal Fraud (EGAF)

This event focuses on two key outputs of EAST EGAF – guidelines regarding logical attacks on ATMs and standardised Fraud Definitions.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2018).  A session will then focus on the experience of one country when faced with ATM ‘cash-out’ attacks, with a focus on the processes followed by the industry and law enforcement.  This will be followed by a Q&A session on ATM logical attacks and how to counter them.  A national perspective on card shimming will then be given, followed by a session on the importance of standardising fraud definitions.

ATM Physical Attack Seminar hosted by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP)

This  event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2018).  Then two sessions will focus on the ATM physical attack situation in several of the Key European markets, which will be followed by a session on how to counter ATM explosive attacks (gas and solid).  The event will conclude with a Q&A session on all attack types and counter-measures.

The 46th Meeting of EAST National Members will be held at the same venue on Tuesday 9th October 2017 and so there will be great networking opportunities across the EAST and RBR events.

If you are interested in sponsorship opportunities for the EAST FCS Seminars you can download a brochure here.

 

 

EAST EGAF holds 15th Meeting in Amsterdam

The Fifteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 17th January 2018 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 35 countries. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 168 EAST Fraud Alerts have been issued, one to date in 2018.

EAST EGAF holds 14th Meeting in Amsterdam

EAST EGAFThe Fourteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 20th September 2017 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Networks, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 36 countries with a total deployment of 1,454,182 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 155 EAST Fraud Alerts have been issued, 31 to date in 2017.

ATM Black Box Attacks spread across Europe

EAST ATM Crime Report 2016 - ATM black box attacks increaseIn a European ATM Crime Report covering 2016 EAST has reported that ATM black box attacks were up 287% when compared to 2015.

A total of 58 such attacks were reported by ten countries, up from 15 attacks during 2015.  ‘Black Box’ is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser in order to ‘cash-out’ the ATM.  Related losses were down 39%, from €0.74 million to €0.45 million.

EAST Executive Director Lachlan Gunn said, “While the rise in ATM black box attacks is a concern, we are pleased to note that many of these attacks were not successful.  In 2015, to help the industry counter such attacks, our EAST Expert Group on ATM Fraud (EGAF) worked with Europol to produce a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’.  At our third global Financial Crime & Security (FCS) Forum, which will be held in The Hague on 8th/9th June 2017, EAST EGAF will lead a proactive breakout session during which black box attacks will be discussed.”

ATM related fraud attacks increased by 26%, up from 18,738 in 2015 to 23,588 in 2016.  This rise was mainly driven by a 147% increase in Transaction Reversal Fraud (up from 5,104 to 12,581 incidents).  The downward trend for card skimming continues with 3,315 card skimming incidents reported, down 20% from 4,131 in 2015.  This is the lowest number of skimming incidents reported since 2005.

Losses due to ATM related fraud attacks were up 2% when compared with 2015 (up from €327 million to €332 million).  The Asia-Pacific region and the USA are where the majority of such losses were reported.  Domestic skimming losses rose 24% over the same period (up from €44 million to €53 million).

ATM related physical attacks rose 12% when compared with 2015 (up from 2,657 to 2,974 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were up 47% from the previous year (up from 673 to 988 incidents).  Losses due to ATM related physical attacks were €49 million, unchanged from the previous year.

The average cash loss for a ram raid or burglary attack is estimated at €14,890, the average cash loss per explosive attack is €17,403 and the average cash loss for a robbery is €20,293.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below:

European ATM Crime Statistics Summary

The full Crime Report is available to EAST Members (National and Associate).

CDC Device Location Terminology and ATM Fraud Definitions

Terminology for locations of CDC Devices at ATMs and ATM Fraud DefinitionsThe EAST Expert Group on ATM Fraud (EGAF) has updated its guidelines on standardising terminology for locations of Card Data Compromise (CDC) devices at ATMs and also the definitions used to report and classify ATM fraud.  The new information can be found on the EAST website on the pages Terminology for locations of CDC Devices at ATMs and ATM Crime Definitions.  EAST has made this information publicly available to promote the usage of both the location terminology and the ATM fraud definitions worldwide, in order to assist the industry and law enforcement agencies to consistently classify all CDC devices, and to standardise definitions used when reporting ATM crime.

The document ‘Standardisation of Terminology for locations of Card Data Compromise devices at ATMs’ has been updated; a  new location has been added – D3. Card Reader Internal Skimming Device – and several other minor amendments have also been made.  This terminology is used in all EAST ATM Fraud Alerts and Fraud Updates and anyone in the industry or law enforcement finding a CDC device at an ATM is encouraged to use the terminology when making a report.  The document is available for download on the EAST Intranet to EAST members (National and Associate),

EAST EGAF will host a breakout session on Day One of the EAST Financial Crime and Security (FCS) Forum which will be held in The Hague on 8th/9th June 2017.

EAST EGAF holds 12th Meeting

The EAST Expert Group on ATM FraudThe Twelfth Meeting of the EAST Expert Group on ATM Fraud (EAST EGAF) took place on Wednesday 18th January 2017 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global ATM crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from ATM Deployers, ATM Networks, ATM Vendors, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on ATM Skimming, ATM Card Trapping, ATM Cash Trapping, ATM Reversal Fraud and ATM Logical Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 34 countries with a total deployment of 1,332,228 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST ATM Fraud Alerts for all EAST Members (National and Associate). In total 127 EAST ATM Fraud Alerts have been issued, 3 to date in 2017.

EAST Expert Group on ATM Fraud holds 11th Meeting

The EAST Expert Group on ATM Fraud - LogoThe Eleventh Meeting of the EAST Expert Group on ATM Fraud (EAST EGAF) took place on Wednesday 28th September 2016 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global ATM crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from ATM Deployers, ATM Networks, ATM Vendors, Security Equipment Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on ATM Skimming, ATM Card Trapping, ATM Cash Trapping, ATM Reversal Fraud and ATM Logical Fraud.

The focus of EAST EGAF is on topics and issues raised by EAST National Members, which represent 34 countries with a total deployment of 1,332,228 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST ATM Fraud Alerts for all EAST Members (National and Associate). In total 115 EAST ATM Fraud Alerts have been issued, 40 to date in 2016.

Europol publishes Italian version of guidance and recommendations to help counter logical attacks on ATMs

ATM Malware Guidelines - ItalianEuropol has just published an Italian language version of the guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.  The English version of the document was officially launched in June 2015 at the EAST Financial Crime & Security (FCS) Forum – EAST FCS 2015 – and versions have also been published in German and Spanish.

The production of this document was coordinated by the EAST Expert Group on ATM Fraud (EGAF), and it is a first of its kind.

The document is a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Europol has published a Spanish version of guidance and recommendations to help counter logical attacks on ATMs

ATM Malware Guidelines - SpanishEuropol has just published a Spanish language version of the guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.  The English version of the document was officially launched in June 2015 at the EAST Financial Crime & Security (FCS) Forum – EAST FCS 2015 – and the German version was published in January 2016..

The production of this document was coordinated by the EAST Expert Group on ATM Fraud (EGAF), and it is a first of its kind.

The document is a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Terminology for the standardisation of locations of CDC Devices at ATMs

Standardisation of Terminology for Locations of Card Data Compromise Devices at ATMsIn June 2015 EAST published a document entitled ‘Standardisation of Terminology for locations of Card Data Compromise devices at ATMs’ to assist with the reporting and analysis of such devices, and to set a common standard for describing the placement of skimming (and shimming) devices.

In order to further promote the usage of the terminology worldwide, the EAST Expert Group on ATM Fraud (EGAF) has agreed that the key descriptions should be openly available on this website.  They can be found on the page Terminology for locations of CDC Devices at ATMs.

This terminology is used in all EAST ATM Fraud Alerts and Fraud Updates and anyone in the industry or law enforcement finding a card data compromise (CDC) device at an ATM is encouraged to use the terminology when making a report.

The full Guidelines are available for download on the EAST Intranet to EAST members (National and Associate),  EAST Associate Membership is free for Law Enforcement Officers.