EAST supports Europol Strategic Payment Card Fraud Meeting

On 20-21 November 2017, Europol’s European Cybercrime Centre (EC3), with the support of EAST, hosted an international meeting with a specific focus on combating payment card fraud across Europe and beyond.

In its sixth occurrence since it was first organised in Singapore in 2015, this meeting was held for the first time at Europol’s headquarters in The Hague, bringing together representatives from 3 regions of the world: 8 EU Member States (Portugal, Greece, France, Denmark, Spain, Romania, Bulgaria and Italy), Latin America (Argentina, Dominican Republic, Chile, Colombia and AMERIPOL) and Asia (Malaysia, Philippines, Thailand and ASEANAPOL).

The EAST presentation focused on combating payment card fraud from the perspective of the private sector – EAST Executive Director Lachlan Gunn gave an overview of EAST and presented the latest threats, criminal methodologies and crime and fraud statistics.  EAST Development Director Rui Carvalho, who chairs the EAST Payments Task Force (EPTF), covered the latest payment crime trends as reported at the 43rd EAST Meeting.

The latest European Central Bank Report estimates €1.44 billion losses in Payment card fraud in 2013 The overall losses were up 8%. Card Not Present (CNP) fraud has experienced significant increases in Europe in the last years and although Card Present Fraud (CP) within the EU decreased during the last years still remain significant as the EMV (chip and pin) protection has not yet been fully implemented. In fact, organised crime groups set up permanent bases in overseas locations where Chip is not implemented cashing out compromised European cards.

EAST has supported all the Europol Strategic Meetings on Payment Card Fraud held in the ASEAN and LATAM regions.

 

EAST and ASEANAPOL formalise collaboration

EAST and ASEANAPOL have formalised collaboration.  This was agreed by the 37th ASEANAPOL Conference held in Singapore on 11-15 September 2017 and by the 43rd EAST Meeting held in Edinburgh on 4th October 2017. This collaboration is another step forward in addressing the consequences of the spread of the activities of organised criminal groups across regions and globally.

ASEANAPOL is the National Police organisation for the Association of Southeast Asian Nations (ASEAN).

Working with Europol’s European Cybercrime Centre (EC3) EAST has attended four Strategic Meetings on Payment Card Fraud that were held in the ASEAN region.  At the most recent meeting in July 2017, the increasing threat posed by fraudulent payment card activities by organised crime groups led to the creation of the Investigative Network of Law Enforcement specialists from the European Union and ASEAN countries (EURASEAN). This initiative, led by Europol, is supported by both ASEANAPOL and INTERPOL, with the assistance of EAST representing the private sector.

In June of this year ASEANAPOL gave a presentation at the 3rd EAST FCS Forum in the Hague.  Mr Ferdinand Bartolome, Director for Police Services, ASEANAPOL Secretariat, gave a presentation which covered ASEANAPOL and its initiatives in the pursuit of payment card fraud, initiatives undertaken with EUROPOL and trends and counter-measures in ATM fraud.  Mr Bartolome is pictured left, with EAST Executive Director Lachlan Gunn, at the event.

In a European Payment Terminal Crime Report, published today, EAST shows that out of total reported losses of €118 million, suffered by European card issuers due to payment card skimming, and reported for the period January to June 2017, €96 million were international skimming losses.  Such losses are committed outside national borders by criminals using stolen card details.  The majority of these losses were seen in the USA and the Asia-Pacific region. The above-mentioned EURASEAN initiative, and the EAST-ASEANAPOL collaboration, are significant steps forward in the efforts to counter the spread of such losses.

3rd EAST FCS Forum – the most successful yet!

EAST FCS ForumThe sun has set on another successful EAST Financial Crime & Security (FCS) Forum which was held for the second time at the Grand Hotel Amrâth Kurhaus, in Scheveningen, The Hague. Feedback from delegates has been hugely positive.  This year marked a new format which included plenary sessions covering expert information from global regions: Asia-Pacific (ASEAN), Latin America, USA, Russia and Europe. 19 expert speakers travelled from 14 countries around the world to share their knowledge of ATM crime prevention.

In addition an afternoon of breakout sessions was held covering topics related to ATM and payment terminal fraud, and to ATM physical attacks.

Networking opportunities were abundant – a welcome cocktail the evening before the event, ensured all delegates were comfortable to kick off the Forum having met with their peers in a relaxed environment. Exhibitors enjoyed increased traffic through the exhibition hall, giving demos to attendees during coffee breaks, lunch and demonstration sessions.

 

Day One of the EAST FCS Forum opened with keynote speaker Steven Wilson, Head of the Europol Cyber Crime Centre (EC3) who spoke about the multi-faceted approach to countering cybercrime and the success of public private partnerships, especially the cooperation between EC3, non-EU States and EAST members.

Lachlan Gunn, Executive Director EAST, provided relevant statistics from the EAST European ATM Crime Report. He also announced a name change for EAST which is now the European Association for Secure Transactions. A milestone for EAST which has mainly focused on issues facing the ATM industry thus far, but which will now look at all threats against payment terminals (ATM, SST and POS), as well the security of payments and transactions.

Lachlan was followed by presenters from ASEANAPOL, the US Secret Service, the Russian Mastercard Members Association, and from the Latin American Association of Operators Electronic Funds Transfer and Information Services (ATEFI), who all gave the audience the most current information on activity in their regions.

In the afternoon breakout sessions Otto de Jong, EAST EGAF Chair, led discussions which covered R&D by fraudsters on EMV and old school ATM Fraud, and Graham Mott, EAST EGAP Chair, facilitated discussions on banknote degradation, physical attack types and countermeasures and traditional attacks.

The day closed out nicely with a BBQ by the beach!

Day Two kicked off with Group-IB providing an overview on the evolution of logical attacks on financial institutions. This was followed by a case study on Black Box attacks from NCR Czech Republic and an update from ING Netherlands on the evolution of gas and solid explosive attacks. There was a case study on countering such explosive attacks from the UK’s West Midlands Regional Organised Crime Unit, and the final talk of the day came from Rui Carvalho, Development Director EAST, who is building the EAST Payments Task Force and provided an overview on current and future activities for EAST.

In her closing address, conference Chairman Úna Dillon, Development Director of EAST, summarised the two-day conference by noting the importance of cross-border public-private sector cooperation in the fight against financial crime – stressing the need for private sector industry stakeholders to collaborate with law-enforcement agencies. She added that whilst EAST delivered the conference, the people charged with building the event are also deeply involved in the collaborative work already going on. Their ‘on-the-ground’ involvement means the EAST FCS Forum agenda will always be relevant and current.

This 3rd EAST FCS Forum has proven to be a successful platform in bringing together the perfect mix of banking representatives, security experts, law enforcement, payments associations, government agencies and many other stakeholders in the ATM and payment crime prevention sector  –  the dialogue and learning from  across Europe, the USA, Latin America, Russia and Asia-Pacific will no doubt help all participants to better detect and prevent current and future financial crime threats.

The event could not have taken place without the support of sponsors, exhibitors, speakers and delegates. EAST hugely appreciates the participation of all who took part and thanks everyone for their contribution to making the event a success.

Overall sponsor of the EAST FCS Forum 2017 was 3SI Security Systems.

Other sponsors and exhibitors included, the ATM Security Association, ACG, BVK, GMV, MIB, Startech Ltd. and TMD Security.

153 detained for ticket fraud following Global Airport Action Days (GAAD)

GAAD control room153 individuals have been detained following the sixth Global Airport Action Days (GAAD) major international law enforcement operation targeting airline fraudsters. The individuals are suspected of flying using airline tickets purchased with stolen, compromised or fake credit card details.

From 6 to 8 June 2017, 64 countries, 84 airlines and eight online travel agencies worked jointly with law enforcement officers to carry out operational actions in 230 airports across the world.

During the operation, 312 suspicious transactions were reported. As a result, 153 people were detained, denied boarding, questioned by police and criminally charged; several investigations are ongoing.

During the actions, new modi operandi were identified as being used by organised crime networks to gain access to transit areas in airports in order to facilitate illegal immigration and drug trafficking.

GAAD checksSince many individuals use credit cards and fake identification documents to facilitate illegal immigration, Europol’s European Migrant Smuggling Centre (EMSC) joined this year’s GAAD to provide better support to EU Member States and partners for fighting human smuggling networks. Europol specialists and analysts equipped with special technical equipment were deployed to several European airports.

Representatives from airlines, online travel agencies, payment card companies, Perseuss, and the International Air Transport Association (IATA), worked together with experts from Europol’s European Cybercrime Centre (EC3) to identify suspicious transactions and provide confirmation to law enforcement officers deployed in the airports.

GAAD was coordinated from operational centres at Europol in the Netherlands, INTERPOL Global Complex for Innovation in Singapore, NCFTA in the U.S., and Ameripol in Bogota. GAAD was also supported by UNODC (AIRCOP for Africa), the Latin American and Caribbean Intelligence Police Community (CLACIP), Canadian and US law enforcement agencies.

Law enforcement is now tackling this international phenomenon on a daily basis in close cooperation with the private sector. This has enhanced trust between all involved parties and will continue to inflict damage to the criminals involved in airline ticket fraud.

For more information visit the Europol website

Europol helps to dismantle Payment Card Fraud network

A successful operation that took down an international payment card fraud network was carried out by the Public Prosecution Office at the Audiencia Nacional and National Police of Spain, and the General Directorate Combating Organized Crime in Bulgaria, with the support of Eurojust and Europol’s European Cybercrime Centre (EC3).

As a result of the cross-border action, 31 suspects were arrested (21 in Spain, 9 in Bulgaria and one in the Czech Republic) and 48 house searches (14 in Spain and 34 in Bulgaria) were carried out. The suspects were in possession of equipment used to forge payment cards, payment card data readers-recorders, skimmers, micro cameras, devices to manipulate ATMs, as well as cash and numerous counterfeit cards.

Between 2014 and 2017, the criminal network installed skimming devices on an average of 400 ATMs every year, to copy and clone the data contained on the bank cards. The forged cards were then used to make illegal transactions in 200 ATMs outside the European Union, mainly in the USA, the Dominican Republic, Malaysia, Indonesia, Vietnam, Peru, the Philippines and Costa Rica. Approximately 3,000 EU citizens were affected by the criminal network, with losses of at least EUR 500,000.

For more information visit Europol’s website.

42nd EAST Meeting hosted by EC3 at Europol

EAST National Members - badgeThe 42nd Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol on 7th June 2017.  National country crime updates were provided by 26 countries, and a global update by HSBC.

EAST Fraud Update 2-2017 will be produced later this month, based on the updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

The 42nd EAST Meeting was the final meeting of EAST as the ‘European ATM Security Team’.  As announced by EAST Executive Director Lachlan Gunn, at the EAST FCS Forum on 8th June 2017, EAST has now changed to become the ‘European Association for Secure Transactions’.

Countering ATM Black Box attacks

black boxBlack box attacks on ATMs are a form of logical attack.  To perform these ‘cash-out’ or ‘jackpotting’ attacks the criminals connect an unauthorised device (typically an unknown box or laptop) to an ATM.  This device then sends dispense commands directly to the ATM cash dispenser in order to get it to spit out banknotes.  In order to physically connect such a device the criminals gain access to the ATM’s Top Box by either drilling or melting holes.

The latest statistics published by EAST show that, while the number of black box attacks in Europe is increasing, related losses have fallen when comparing 2016 with 2015.  This drop can be partly attributed to the recent arrests by law enforcement agencies across Europe (in an operation supported by EC3, Europol’s European Cybercrime Centre) and partly to actions taken by the industry to counter such attacks.  The first black box attacks in the Czech Republic took place in August 2016 and three arrests were subsequently made there by the Police.  The industry also took actions to counter such attacks and, at the upcoming EAST Financial Crime & Security Forum (EAST FCS 2017), Petr Ullmann from NCR in the Czech Republic will give an update on the actions taken.

About Petr Ullmann

After graduating in 2007 Petr Ullmann started his career as an IT and network administrator in the automotive industry and went on to work for various Czech companies in IT administration and project management roles.  His key area of expertise was Enterprise Resource Planning (ERP) software – business process management software that allows an organization to use a system of integrated applications to manage the business and automate many back office functions related to technology, services and human resources.

In 2011 he joined NCR Česká republika, initially working as a member of a team working on a project for Tesco Plc in Central Europe.  Since then he has worked on several specific projects for NCR customers (banks and financial institutions) including the migration to Windows 7 and implementation of McAfee ePO.

Who Is Attending?

Over 150 delegates will attend EAST FCS 2017 from ATM networks, banks, law enforcement, vendors, and EAST national and associate members.

Book soon to ensure you don’t miss this great opportunity to attend what has been described as an “excellent event for helping to make a difference in the area of financial crime prevention”.

There are some sponsorship slots still available so, if you are in the business of ATM crime and fraud prevention and wish to showcase your brand to a key audience, contact us.

27 arrested in connection with ATM Black Box attacks

ATM Black Box attackEuropol has announced that 27 arrests have been made across Europe in connection with ATM Black Box attacks.  This success is due to actions taken by a number of EU Member States and Norway, supported by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT).  The arrests were made in the Czech Republic, Estonia, France, the Netherlands, Romania, Spain and Norway.  Most of the arrests took place in 2016 and 2017 with the most recent in Spain this month.  The criminals involved with ATM Black Box attacks mainly originate from Romania, Moldova, Russia and Ukraine.

Since ATM Black Box attacks first started in Western Europe EAST has produced 19 Black Box related ATM Fraud Alerts from the following countries:  Cyprus, Czech Republic, France, Greece, Ireland, Italy, the Netherlands, Norway, Romania, Russia, Spain, Turkey, Ukraine, the United Kingdom.  These Alerts are available to EAST members and to Law Enforcement.  To date 142 Alerts have been issued. In a recently published European ATM Crime Report covering 2016, EAST reported a 287% increase in ATM Black Box attacks, up from 15 attacks in 2015 to 58 attacks in 2016.  EAST works closely with Europol and other law enforcement agencies to help counter financial crime.

Read the full announcement from Europol here.

An ATM Black Box case study from the Czech Republic will be presented at EAST’s 3rd Global Financial Crime and Security (FCS) Forum on 9th June 2017 following on from a presentation by Group-IB on the Evolution of Logical Attacks on Financial Institutions. Steven Wilson, Head of Europol’s European Cybercrime Centre, will give the Keynote Address.  The event will be held in the Netherlands at the Grand Hotel Amrâth Kurhaus (see below) in Scheveningen, the popular seaside resort which is located in The Hague.  Book soon to ensure you don’t miss this great opportunity to attend what has been described as an “excellent event for helping to make a difference in the area of financial crime prevention”.

Cyber Attack Threat Mitigation

Cyber AttackThe European Cybercrime Centre, EC3, at Europol is working closely with affected countries cybercrime units and key industry partners to mitigate the threat of cyber attack and assist victims. The recent Wannacry ransomware attack is at an unprecedented level and will require a complex international investigation to identify the culprits. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation.

For further information on Ransomware, how to protect your data, devices, what to do when infected with ransomware and access to unlocking tools please visit https://www.nomoreransom.org/, a free online resource developed by Europol, Dutch Police and industry partners.

At the EAST Financial Crime & Security Forum (EAST FCS 2017) that will be held in The Hague next month, Group-IB, an organisation that specialises in preventing and investigating high-tech crimes and online fraud, will present on global developments in ATM related theft – tactics, techniques and procedures – alongside new trends in attacks on card processing and payment systems.

ATM Malware Criminals Apprehended

Five members of an international organised criminal group (OCG) have been arrested and three of them convicted so far as a result of a complex operation led by law enforcement agencies from Europe and Asia, with the active support of Europol’s European Cybercrime Centre (EC3).  One arrest was made by the Romanian National Police, three arrests by the Taiwanese Criminal Investigation Bureau and one arrest by the Belarusian Central Office of the Investigative Committee.  EC3 assisted the investigation by providing analytical support, organising operational meetings in Europe and Asia as well as analysing the seized data/ equipment.

This OCG is responsible for carrying out highly-sophisticated ATM malware attacks against bank ATMs, which were made to dispense all the money they contained (known as cash-out or jackpotting).  The modus operandi employed was highly sophisticated and involved:

  • spear-phishing emails with attachments containing malicious programmes,
  • penetration of the banks’ internal networks,
  • compromising and controlling the network of ATMs,
  • special computer programmes which deleted most of the traces of the criminal activity, etc.

Related losses suffered by the affected banks are estimated at around EUR 3 million. In some cases, after the cashing-out, the stolen money was partially recovered from the criminals.

EC3A key factor for the successful dismantling of this international cybercrime syndicate was close police cooperation on the global level and deep involvement of the Europol Liaison Office at the INTERPOL Global Complex for Innovation (IGCI).

Steven Wilson, Head of EC3, said: “The majority of cybercrimes have an international dimension, taking into account the origins of suspects and places where crimes are committed. Only through a coordinated approach at the global level between law enforcement agencies can we successfully track down the criminal networks behind such large-scale frauds and bring them to justice.”  Mr Wilson will give the keynote address at the EAST Financial Crime and Security Forum which will be held in The Hague on 8th/9th June 2017.

To further strengthen international police cooperation the Third Strategic Meeting on Payment Card Fraud (PCF) was held last month at the Electronic Transactions Development Agency (ETDA) in Bangkok, Thailand.

Europol, working with the EAST Expert Group on ATM Fraud (EGAF), has published guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.