EAST Terminal Fraud Definitions are now available in the Russian language. At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type. In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.
The translation was carried out by two EAST National Member organisations – the Ukrainian Interbank Payment Systems Member Association “EMA” and the MasterCard Members Association (MCMA).
These fraud definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates. The aim is for these Terminal Fraud Definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud. This translation into Russian is another step forward towards achieving this.
Below is the definition for Card Skimming in the Russian language.
The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.
EAST has upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type. This information is now available on the EAST website.
The EAST Expert Group on All Terminal Fraud (EGAF) has identified six ways by which criminals achieve their targets from the different terminal fraud types as shown below:
In the upgraded Terminal Fraud Definitions each applicable criminal benefit is highlighted next to each terminal fraud type. The defined Terminal Fraud Types are: Card Skimming; Card Shimming; Eavesdropping; Card Trapping; Cash Trapping; Transaction Reversal Fraud (TRF); Malware; and Black Box.
Below is the definition for Card Skimming which highlights that skimming enables criminals to: Create counterfeit cards; make card-not-present (CNP) purchases; use fake cards in-store; and sell compromised data.
EAST Executive Director Lachlan Gunn said “This is a major step forward in standardising the classification of terminal fraud, which will hopefully help to continue to drive down related fraud losses. The EGAF Chair, Otto de Jong, and his team have produced something fresh and simple which we hope will be adopted globally by the Industry and Law enforcement when describing or reporting terminal fraud. In particular we would like to thank Ben Birtwistle of NatWest Bank plc, along with Claire Shufflebotham and Niek Westendorp of TMD Security, whose creative ideas and design made this latest upgrade possible.”
A summary of the upgraded fraud definitions and terminology is available on the EAST website along with a more detailed document for download. These have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.
To date 155 EAST Fraud Alerts have been issued by 25 countries. EAST first started issuing such Alerts in September 2013. These Alerts provide valuable and timely intelligence to law enforcement agencies and the industry, allowing the spread of emerging threats and criminal methodologies to be tracked across the world. While most of the Alerts have been issued by countries within the Single Euro Payments Area (SEPA), there have been some from Belarus, Mexico, Russia, Serbia, Turkey, Ukraine and the United States.
To date EAST Fraud Alerts issued have covered: ATM Malware / Black Box attacks (cash out / jackpotting); Card Shimming; Card Skimming (highlighting the spread of different devices such as M1, M2 and M3); Card Trapping; Cash Trapping; Eavesdropping (highlighting the use of different MOs such as E2 and E3); EMV Shock Cards; Transaction Reversal Fraud; and Vandalism. The table below shows a summary the Alerts issued:
The EAST Expert Group on All Terminal Fraud (EGAF) initiated the Alerts and conducts in-depth analysis of some of the emerging threats and devices. Each Alert covers: the type of fraud; the country where discovered; the ATM type(s) affected; an indication as to whether or not the fraud was successful; a description of the device and the criminal MO; indication as the device location; information on PIN compromise (if card skimming or card trapping); and any available images.
The Alerts are restricted documents and are issued to to EAST Members (National and Associate) for their internal usage.
Definitions of the different fraud types and related terminology are available on this website.
EAST has just published its second European Fraud Update for 2015. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 2 non-SEPA countries, at the 36th EAST meeting held at Europol in the Hague on 10th June 2015.
Card skimming at ATMs was reported by 17 countries, with decreases reported by 7 countries and increases by two. Six countries reported card data compromise through wire-tapping or ‘Eavesdropping’ – the criminals cut a hole in the fascia near to the card reader, insert a device which is connected internally to the card reader and then cover the hole with a fake decal.
Skimming attacks on other terminal types were reported by 8 countries and overall the number of attacks appears to be decreasing.
Fourteen countries reported cash trapping attacks and 7 countries incidents of transaction reversal fraud (TRF).
ATM malware incidents were reported by four countries. These were ATM ‘cash out’ or ‘jackpotting’ attacks. Two of the countries reported such attacks for the first time. To help counter this threat Europol has recently published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.
Ram raids and ATM burglary were reported by 9 countries, with one of them reporting increases in this type of attack and another a new method for accessing the ATM from below. Eleven countries reported explosive gas attacks, and two of them also reported attacks on ATMs using solid explosives.
The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.