EAST has published a document entitled ‘ATM Physical Security Guidelines.’
These Guidelines have been put together by members of the EAST Expert Group on ATM Physical Attacks (EGAP).
An ATM physical attack is defined as one where the criminals’ aim is obtain the cash from within the ATM, either entirely or partially, through a breach in the safe or ATM’s mechanism, or as it is being delivered. It excludes attacks which are aimed getting relatively small amounts of cash such as cash trapping and also system attacks where the ATM does un-authorised transactions and functions, for example malware or system penetration. These would be classed as “Fraud”.
ATM Physical attacks come in three main categories, Ram Raid, ATM Burglary and Robbery (ATM replenishment attack).
The document, which is designed to help ATM operators, ATM network operators and Law Enforcement, covers three main themes for the various physical attack types:
- Advice for Police and Law Enforcement attending the scene
These ATM Physical Security Guidelines are available for download on the EAST Intranet to EAST members (National and Associate), and there is a version available for wider circulation. EAST Associate Membership is free for Law Enforcement Officers.
The European ATM Security Team (EAST) has published an updated version of its document ‘General Advice for Industry and Law Enforcement – Recovering Fraud Devices at an ATM Fraud Crime Scene’
The updated version includes a section giving guidance to Law Enforcement on handling seized Camera Units at ATMs. Camera units are a vital source of both evidence and intelligence in skimming cases and it is important that as much evidence as possible is preserved from a seized Camera Unit.
You can see footage from a seized camera unit in the video clip below (If the streamed video does not appear in your browser click here to download it – 13Mb).
These Guidelines, which have been put together by members of the EAST Expert Group on ATM Fraud (EGAF), were first published in November 2014. They are available for download on the EAST Intranet to EAST members (National and Associate). EAST Associate Membership is free for Law Enforcement Officers.
EAST has published a document entitled ‘Standardisation of Terminology for locations of Card Data Compromise devices at ATMs.’
These Guidelines have been put together by members of the EAST Expert Group on ATM Fraud (EGAF).
Fraudsters have been constantly improving ATM skimming devices since the first basic devices appeared. Various types of ATM skimming devices are used by fraudsters, both digital and analogue. Initially fraudsters used simple overlay skimming devices at the card reader throat, but with the evolution of more sophisticated types of skimming devices, the placement of them has moved to other locations around the card reader (both external and internal). Wire-tapping devices (eavesdropping) have also been used to tap data at the card reader pre-read and read heads, and also card reader-electronics.
In order to assist with the reporting and analysis of such devices, and to set a common standard for describing the placement of skimming (and shimming) devices, EAST has produced these Guidelines for the Industry and Law Enforcement. While most skimming devices are designed to skim magnetic stripe data, these Guidelines also consider the possible placement of devices that are used to read data from the Chip (shimming devices) or to perform a relay attack.
These Guidelines are available for download on the EAST Intranet to EAST members (National and Associate), and there is a version available for wider circulation. EAST Associate Membership is free for Law Enforcement Officers.