EAST participates in Europol’s AG-Financial Services

EAST Development Director Rui Carvalho participated in and presented at a meeting of Europol’s Advisory Group on Financial Services (AG-Financial Services) on 20th June 2019.  The meeting was held at Europol’s HQ in The Hague.  The AG-Financial Services advises the Programme Board of the European Cybercrime Centre (EC3) at Europol. Its purpose is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services

Rui Carvalho is also Chair of the EAST Payments Task Force (EPTF) which has great synergy with AG- Financial Services in that its remit, as a public-private sector expert working group, covers the impact of cybercrime on financial services.  Going forwards he will share updates from the EPTF at future meetings of the AG-Financial Services.


Europol and EBF launch cyberscams awareness campaign

avoid cyberscamsEuropol’s European Cybercrime Centre (EC3), the European Banking Federation (EBF) and their partners from the public and private sector have launched the cyberscams awareness campaign (#Cyberscams) as part of the European Cyber Security Month (ECMS). The ECMS is an EU awareness campaign that promotes cyber security among citizens and organisations, highlighting simple steps that can be taken to protect their personal, financial and professional data.

Over the next week, law enforcement agencies from all 28 EU Member States, 5 non- EU Member States, 24 national banking associations and banks and many other cybercrime fighters will be raising awareness about this criminal phenomenon. This pan-European endeavour will be driven by a communication campaign via social media channels and national law enforcement, bank associations and financial institutions.  The EAST Payments Task Force (EPTF) focuses on tackling such cyberscams.

Europol’s Internet Organised Crime Threat Assessemtnt (IOCTA) 2018 recommendations highlight that the most effective defence against social engineering is the education of potential victims – that’s each and every one of us when online! Raising awareness among the general public on how to identify cyberscams will help to protect us and keep our finances safe online.

Awareness-raising material in 27 languages is available for public download – this includes information on the 7 most common online financial scams, and how to avoid them.  These are:

  • CEO fraud: scammers pretend to be your CEO or senior representative in the organisation and trick you into paying a fake invoice or making an unauthorised transfer out of the business account.
  • Invoice fraud: they pretend to be one of your clients/suppliers and trick you into paying future invoices into a different bank account.
  • Phishing/Smishing/Vishing: they call you, send you a text message or an email to trick you into sharing your personal, financial or security information.
  • Spoofed bank website fraud: they use bank phishing emails with a link to the spoofed website. Once you click on the link, various methods are used to collect your financial and personal information. The site will look like its legitimate counterpart, with small differences.
  • Romance scam: they pretend to be interested in a romantic relationship. It commonly takes place on online dating websites, but scammers often use social media or email to make contact.
  • Personal data theft: they harvest your personal information via social media channels.
  • Investment and online shopping scams: they make you think you are on a smart investment… or present you with a great fake online offer.

Some general tips to help avoid falling victim to the above cyberscams are:

  • Check your online accounts regularly.
  • Check your bank account regularly and report any suspicious activity to your bank.
  • Perform online payments only on secure websites (check the URL bar for the padlock and https) and using secure connections (choose a mobile network instead of public Wi-Fi).
  • Your bank will never ask you for sensitive information such as your online account credentials over the phone or email.
  • If an offer sounds too good to be true, it’s almost always a scam.
  • Keep your personal information safe and secure.
  • Be very careful about how much personal information you share on social network sites. Fraudsters can use your information and pictures to create a fake identity or to target you with a scam.
  • If you think that you have provided your account details to a scammer, contact your bank immediately.
  • Always report any suspected fraud attempt to the police, even if you did not fall victim to the scam.

Don’t become a cyberscams victim!  Stay aware and spread the word

EAST joins Europol’s Advisory Group on Financial Services

EAST Development Director Rui Carvalho will represent EAST at Europol’s Advisory Group on Financial Services, an advisory group to the Programme Board of the European Cybercrime Centre (EC3).  In the context of the cross-border fight against cybercrime the purpose of the advisory group is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services.

EAST has worked closely with Europol since 2004 and in 2015 Europol and EAST signed a Memorandum of Understanding to further strengthen the partnership.

EAST Executive Director Lachlan Gunn said: “I am delighted that EAST can support Europol in the Advisory Group on Financial Services, a further development of our strategic partnership.  Since 2015, and in addition to the normal operation of our National Member and Expert Group meetings, EAST has supported Europol at five strategic payment card fraud meetings in Asia, most recently in May in Vietnam, and also at similar meetings in The Hague and in Colombia.  We have also presented at three Europol Trainings on Payment Card Fraud Forensics, most recently in June at the Spanish National Police Academy.” 

EAST Attends Europol’s Cryptocurrencies Conference

Rui Carvalho, Chair of the EAST Payments Task Force (EPTF), attended the 5th Virtual Currencies Conference organised by Europol’s European Cybercrime Centre (EC3) in The Hague (from 19-21 June 2018). Over 300 participants from 40 countries attended the event, which focused on cryptocurrencies and how to foster the legitimate use of this virtual monetary system which is often abused by hackers, international drug dealers and the money movers of organised crime.

While the majority of participants came from law enforcement agencies and public prosecutors’ offices, key experts from well-known cryptocurrency services were also in attendance – the companies, who work closely with law enforcement agencies, foster the legitimate use of virtual currencies by implementing strong Know Your Customer (KYC) policies. Private sector participants included Bitcoin.de, Bitfinex, BitPanda, Bitstamp, BitPay, Blockchain.info, CEX, Coinfloor, Coinhouse, Cryptopia, Cubits, Kraken, LocalBitcoins, OKCoin, SpectroCoin and Xapo.

This year twelve operational case studies were presented, where suspects were detected through cryptocurrency tracing, including phishing incidents, DDoS extortion, take downs of dark web marketplaces and malicious cryptocurrency mining. The legitimate use of blockchain technologies was also discussed, including the use of cryptocurrencies for trading/investment activities, payment methods for goods and services and as a store of value.

In order to practically demonstrate the benefits of the tamper-proof decentralised ledger technology, all speakers received Europol’s certificates permanently stored and fully traceable within Bitcoin blockchain. Europol therefore became the first law enforcement organisation to award active participants blockchain validated certificates.

Airline Fraud Action Day leads to 141 Arrests

As part of a global action against airline fraud Europol coordinated raids at European airports, targeting criminals trying to travel using fraudulently bought tickets. Last week (from 18-22 June) over 141 individuals were arrested around the world during a law enforcement swoop which took place at over 226 airports.

61 countries, 69 airlines and 6 online travel agencies were involved in the 11th edition of the Global Airport Action Days (GAAD) targeting criminals suspected of travelling with airline tickets bought using stolen, compromised or fake credit card details. Some 334 suspicious transactions were reported, and a number of investigations have been subsequently opened.

The GAAD which was organised through coordination centres at Europol in The Hague, at the INTERPOL Global Complex for Innovation in Singapore and at Ameripol in Bogota, was supported by Canadian and US law enforcement authorities through the NCFTA in Pittsburgh.

During the action week, representatives from airlines, online travel agencies, payment card companies, Perseuss and IATA worked together with experts from Europol’s European Cybercrime Centre (EC3) to identify suspicious airline ticket transactions.

More information can be found on Europol’s website

Information on the GAAD held in June 2017 can be found here



Cross-border e-Commerce Police action leads to 95 arrests

Police forces across Europe have arrested 95 professional fraudsters and members of internet-based criminal networks in a successful cross-border e-Commerce Action (eComm 2018).

The joint law enforcement operation, coordinated by the European Cybercrime Centre (EC3) from Europol’s headquarters in The Hague, was supported by 28 countries and ran from 4 to 15 June 2018. It received the direct assistance from merchants, logistic companies, and banks and payment card schemes. Europol also supported national authorities on-the-spot by providing analytical services in their investigations.

The main goal was to target online fraud through a coordinated law enforcement action within the European Union (EU) and beyond, followed by an awareness-raising campaign. This action also marks the start of several investigations with more arrests expected in the next few months. The activity was inspired by a similar UK pilot conducted in collaboration with Visa.

The suspects arrested during the operation were responsible for more than 20 000 fraudulent transactions with compromised credit cards, with an estimated value exceeding EUR 8 million.

The e-commerce action focused on combating card-not-present (CNP) fraud, to help create a safer online environment for customers worldwide by sharing information and developing best practices between law enforcement and the private sector. It promotes the hashtag  #BuySafePaySafe: tips to avoid becoming a fraud victim.

For more information visit Europol’s website.

Rui Carvalho, Chair of the EAST Payments Task Force (EPTF), represents EAST at Europol’s e-Commerce actions.


45th EAST Meeting hosted by EC3 at Europol

EC3The 45th Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol on 6th June 2018. National country crime updates were provided by 21 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

EC3 presented on the latest initiatives and events relating to e-commerce fraud prevention, global airport actions (GAAD) to combat online fraud involving stolen or fake credit card data to purchase plane tickets, actions relating to virtual currencies, the Europol-ASEAN Strategic Payment Card Fraud Meeting, and provided updates on Advisory Group activities relating to Internet Security, Communication Providers and Financial Services.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).  An update was given by the EAST Expert Group on All Terminal Fraud (EGAF).

EAST Fraud Update 2-2018 will be produced later this month, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

The 46th EAST Meeting will be held in London on 9th October 2018 and will be followed by EAST FCS Seminars on 10th October 2018 at the same venue.

Four members of international Payment Card Fraud network arrested

payment card fraudFour key members of an international criminal network responsible for payment card fraud – compromising payment card data and illegal transactions against European citizens – were arrested on 30 November 2017, during a joint law enforcement operation called “Neptune”.  The operation, which was supported by Europol’s European Cybercrime Centre (EC3), was run by the Italian Carabinieri, in cooperation with the Bulgarian General Directorate of Combating Organised Crime, and the National Police of the Czech Republic.

Four Bulgarian citizens were arrested, leaders of a transnational criminal group who actively supervised all stages of criminal activities, including placing technical equipment on ATMs in the central areas of European cities, producing counterfeit credit cards and subsequently cashing out money from ATMs in non-European countries (such as Belize, Indonesia and Jamaica).  During the coordinated action dozens of ATMs were found to have had fraudulent equipment, such as skimming devices and micro cameras, installed. Over 1000 counterfeit credit cards were seized and evidence was collected for many fraudulent international transactions worth over EUR 50,000.  Since most of the illegal transactions with counterfeit cards took place overseas, cooperation through dedicated investigative networks set up by Europol was key to the success of the operation.

EAST supports Europol Strategic Payment Card Fraud Meeting

On 20-21 November 2017, Europol’s European Cybercrime Centre (EC3), with the support of EAST, hosted an international meeting with a specific focus on combating payment card fraud across Europe and beyond.

In its sixth occurrence since it was first organised in Singapore in 2015, this meeting was held for the first time at Europol’s headquarters in The Hague, bringing together representatives from 3 regions of the world: 8 EU Member States (Portugal, Greece, France, Denmark, Spain, Romania, Bulgaria and Italy), Latin America (Argentina, Dominican Republic, Chile, Colombia and AMERIPOL) and Asia (Malaysia, Philippines, Thailand and ASEANAPOL).

The EAST presentation focused on combating payment card fraud from the perspective of the private sector – EAST Executive Director Lachlan Gunn gave an overview of EAST and presented the latest threats, criminal methodologies and crime and fraud statistics.  EAST Development Director Rui Carvalho, who chairs the EAST Payments Task Force (EPTF), covered the latest payment crime trends as reported at the 43rd EAST Meeting.

The latest European Central Bank Report estimates €1.44 billion losses in Payment card fraud in 2013 The overall losses were up 8%. Card Not Present (CNP) fraud has experienced significant increases in Europe in the last years and although Card Present Fraud (CP) within the EU decreased during the last years still remain significant as the EMV (chip and pin) protection has not yet been fully implemented. In fact, organised crime groups set up permanent bases in overseas locations where Chip is not implemented cashing out compromised European cards.

EAST has supported all the Europol Strategic Meetings on Payment Card Fraud held in the ASEAN and LATAM regions.


EAST and ASEANAPOL formalise collaboration

EAST and ASEANAPOL have formalised collaboration.  This was agreed by the 37th ASEANAPOL Conference held in Singapore on 11-15 September 2017 and by the 43rd EAST Meeting held in Edinburgh on 4th October 2017. This collaboration is another step forward in addressing the consequences of the spread of the activities of organised criminal groups across regions and globally.

ASEANAPOL is the National Police organisation for the Association of Southeast Asian Nations (ASEAN).

Working with Europol’s European Cybercrime Centre (EC3) EAST has attended four Strategic Meetings on Payment Card Fraud that were held in the ASEAN region.  At the most recent meeting in July 2017, the increasing threat posed by fraudulent payment card activities by organised crime groups led to the creation of the Investigative Network of Law Enforcement specialists from the European Union and ASEAN countries (EURASEAN). This initiative, led by Europol, is supported by both ASEANAPOL and INTERPOL, with the assistance of EAST representing the private sector.

In June of this year ASEANAPOL gave a presentation at the 3rd EAST FCS Forum in the Hague.  Mr Ferdinand Bartolome, Director for Police Services, ASEANAPOL Secretariat, gave a presentation which covered ASEANAPOL and its initiatives in the pursuit of payment card fraud, initiatives undertaken with EUROPOL and trends and counter-measures in ATM fraud.  Mr Bartolome is pictured left, with EAST Executive Director Lachlan Gunn, at the event.

In a European Payment Terminal Crime Report, published today, EAST shows that out of total reported losses of €118 million, suffered by European card issuers due to payment card skimming, and reported for the period January to June 2017, €96 million were international skimming losses.  Such losses are committed outside national borders by criminals using stolen card details.  The majority of these losses were seen in the USA and the Asia-Pacific region. The above-mentioned EURASEAN initiative, and the EAST-ASEANAPOL collaboration, are significant steps forward in the efforts to counter the spread of such losses.