Cross-border e-Commerce Police action leads to 95 arrests

Police forces across Europe have arrested 95 professional fraudsters and members of internet-based criminal networks in a successful cross-border e-Commerce Action (eComm 2018).

The joint law enforcement operation, coordinated by the European Cybercrime Centre (EC3) from Europol’s headquarters in The Hague, was supported by 28 countries and ran from 4 to 15 June 2018. It received the direct assistance from merchants, logistic companies, and banks and payment card schemes. Europol also supported national authorities on-the-spot by providing analytical services in their investigations.

The main goal was to target online fraud through a coordinated law enforcement action within the European Union (EU) and beyond, followed by an awareness-raising campaign. This action also marks the start of several investigations with more arrests expected in the next few months. The activity was inspired by a similar UK pilot conducted in collaboration with Visa.

The suspects arrested during the operation were responsible for more than 20 000 fraudulent transactions with compromised credit cards, with an estimated value exceeding EUR 8 million.

The e-commerce action focused on combating card-not-present (CNP) fraud, to help create a safer online environment for customers worldwide by sharing information and developing best practices between law enforcement and the private sector. It promotes the hashtag  #BuySafePaySafe: tips to avoid becoming a fraud victim.

For more information visit Europol’s website.

Rui Carvalho, Chair of the EAST Payments Task Force (EPTF), represents EAST at Europol’s e-Commerce actions.


45th EAST Meeting hosted by EC3 at Europol

EC3The 45th Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol on 6th June 2018. National country crime updates were provided by 21 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

EC3 presented on the latest initiatives and events relating to e-commerce fraud prevention, global airport actions (GAAD) to combat online fraud involving stolen or fake credit card data to purchase plane tickets, actions relating to virtual currencies, the Europol-ASEAN Strategic Payment Card Fraud Meeting, and provided updates on Advisory Group activities relating to Internet Security, Communication Providers and Financial Services.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).  An update was given by the EAST Expert Group on All Terminal Fraud (EGAF).

EAST Fraud Update 2-2018 will be produced later this month, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

The 46th EAST Meeting will be held in London on 9th October 2018 and will be followed by EAST FCS Seminars on 10th October 2018 at the same venue.

Four members of international Payment Card Fraud network arrested

payment card fraudFour key members of an international criminal network responsible for payment card fraud – compromising payment card data and illegal transactions against European citizens – were arrested on 30 November 2017, during a joint law enforcement operation called “Neptune”.  The operation, which was supported by Europol’s European Cybercrime Centre (EC3), was run by the Italian Carabinieri, in cooperation with the Bulgarian General Directorate of Combating Organised Crime, and the National Police of the Czech Republic.

Four Bulgarian citizens were arrested, leaders of a transnational criminal group who actively supervised all stages of criminal activities, including placing technical equipment on ATMs in the central areas of European cities, producing counterfeit credit cards and subsequently cashing out money from ATMs in non-European countries (such as Belize, Indonesia and Jamaica).  During the coordinated action dozens of ATMs were found to have had fraudulent equipment, such as skimming devices and micro cameras, installed. Over 1000 counterfeit credit cards were seized and evidence was collected for many fraudulent international transactions worth over EUR 50,000.  Since most of the illegal transactions with counterfeit cards took place overseas, cooperation through dedicated investigative networks set up by Europol was key to the success of the operation.

EAST supports Europol Strategic Payment Card Fraud Meeting

On 20-21 November 2017, Europol’s European Cybercrime Centre (EC3), with the support of EAST, hosted an international meeting with a specific focus on combating payment card fraud across Europe and beyond.

In its sixth occurrence since it was first organised in Singapore in 2015, this meeting was held for the first time at Europol’s headquarters in The Hague, bringing together representatives from 3 regions of the world: 8 EU Member States (Portugal, Greece, France, Denmark, Spain, Romania, Bulgaria and Italy), Latin America (Argentina, Dominican Republic, Chile, Colombia and AMERIPOL) and Asia (Malaysia, Philippines, Thailand and ASEANAPOL).

The EAST presentation focused on combating payment card fraud from the perspective of the private sector – EAST Executive Director Lachlan Gunn gave an overview of EAST and presented the latest threats, criminal methodologies and crime and fraud statistics.  EAST Development Director Rui Carvalho, who chairs the EAST Payments Task Force (EPTF), covered the latest payment crime trends as reported at the 43rd EAST Meeting.

The latest European Central Bank Report estimates €1.44 billion losses in Payment card fraud in 2013 The overall losses were up 8%. Card Not Present (CNP) fraud has experienced significant increases in Europe in the last years and although Card Present Fraud (CP) within the EU decreased during the last years still remain significant as the EMV (chip and pin) protection has not yet been fully implemented. In fact, organised crime groups set up permanent bases in overseas locations where Chip is not implemented cashing out compromised European cards.

EAST has supported all the Europol Strategic Meetings on Payment Card Fraud held in the ASEAN and LATAM regions.


EAST and ASEANAPOL formalise collaboration

EAST and ASEANAPOL have formalised collaboration.  This was agreed by the 37th ASEANAPOL Conference held in Singapore on 11-15 September 2017 and by the 43rd EAST Meeting held in Edinburgh on 4th October 2017. This collaboration is another step forward in addressing the consequences of the spread of the activities of organised criminal groups across regions and globally.

ASEANAPOL is the National Police organisation for the Association of Southeast Asian Nations (ASEAN).

Working with Europol’s European Cybercrime Centre (EC3) EAST has attended four Strategic Meetings on Payment Card Fraud that were held in the ASEAN region.  At the most recent meeting in July 2017, the increasing threat posed by fraudulent payment card activities by organised crime groups led to the creation of the Investigative Network of Law Enforcement specialists from the European Union and ASEAN countries (EURASEAN). This initiative, led by Europol, is supported by both ASEANAPOL and INTERPOL, with the assistance of EAST representing the private sector.

In June of this year ASEANAPOL gave a presentation at the 3rd EAST FCS Forum in the Hague.  Mr Ferdinand Bartolome, Director for Police Services, ASEANAPOL Secretariat, gave a presentation which covered ASEANAPOL and its initiatives in the pursuit of payment card fraud, initiatives undertaken with EUROPOL and trends and counter-measures in ATM fraud.  Mr Bartolome is pictured left, with EAST Executive Director Lachlan Gunn, at the event.

In a European Payment Terminal Crime Report, published today, EAST shows that out of total reported losses of €118 million, suffered by European card issuers due to payment card skimming, and reported for the period January to June 2017, €96 million were international skimming losses.  Such losses are committed outside national borders by criminals using stolen card details.  The majority of these losses were seen in the USA and the Asia-Pacific region. The above-mentioned EURASEAN initiative, and the EAST-ASEANAPOL collaboration, are significant steps forward in the efforts to counter the spread of such losses.

3rd EAST FCS Forum – the most successful yet!

EAST FCS ForumThe sun has set on another successful EAST Financial Crime & Security (FCS) Forum which was held for the second time at the Grand Hotel Amrâth Kurhaus, in Scheveningen, The Hague. Feedback from delegates has been hugely positive.  This year marked a new format which included plenary sessions covering expert information from global regions: Asia-Pacific (ASEAN), Latin America, USA, Russia and Europe. 19 expert speakers travelled from 14 countries around the world to share their knowledge of ATM crime prevention.

In addition an afternoon of breakout sessions was held covering topics related to ATM and payment terminal fraud, and to ATM physical attacks.

Networking opportunities were abundant – a welcome cocktail the evening before the event, ensured all delegates were comfortable to kick off the Forum having met with their peers in a relaxed environment. Exhibitors enjoyed increased traffic through the exhibition hall, giving demos to attendees during coffee breaks, lunch and demonstration sessions.


Day One of the EAST FCS Forum opened with keynote speaker Steven Wilson, Head of the Europol Cyber Crime Centre (EC3) who spoke about the multi-faceted approach to countering cybercrime and the success of public private partnerships, especially the cooperation between EC3, non-EU States and EAST members.

Lachlan Gunn, Executive Director EAST, provided relevant statistics from the EAST European ATM Crime Report. He also announced a name change for EAST which is now the European Association for Secure Transactions. A milestone for EAST which has mainly focused on issues facing the ATM industry thus far, but which will now look at all threats against payment terminals (ATM, SST and POS), as well the security of payments and transactions.

Lachlan was followed by presenters from ASEANAPOL, the US Secret Service, the Russian Mastercard Members Association, and from the Latin American Association of Operators Electronic Funds Transfer and Information Services (ATEFI), who all gave the audience the most current information on activity in their regions.

In the afternoon breakout sessions Otto de Jong, EAST EGAF Chair, led discussions which covered R&D by fraudsters on EMV and old school ATM Fraud, and Graham Mott, EAST EGAP Chair, facilitated discussions on banknote degradation, physical attack types and countermeasures and traditional attacks.

The day closed out nicely with a BBQ by the beach!

Day Two kicked off with Group-IB providing an overview on the evolution of logical attacks on financial institutions. This was followed by a case study on Black Box attacks from NCR Czech Republic and an update from ING Netherlands on the evolution of gas and solid explosive attacks. There was a case study on countering such explosive attacks from the UK’s West Midlands Regional Organised Crime Unit, and the final talk of the day came from Rui Carvalho, Development Director EAST, who is building the EAST Payments Task Force and provided an overview on current and future activities for EAST.

In her closing address, conference Chairman Úna Dillon, Development Director of EAST, summarised the two-day conference by noting the importance of cross-border public-private sector cooperation in the fight against financial crime – stressing the need for private sector industry stakeholders to collaborate with law-enforcement agencies. She added that whilst EAST delivered the conference, the people charged with building the event are also deeply involved in the collaborative work already going on. Their ‘on-the-ground’ involvement means the EAST FCS Forum agenda will always be relevant and current.

This 3rd EAST FCS Forum has proven to be a successful platform in bringing together the perfect mix of banking representatives, security experts, law enforcement, payments associations, government agencies and many other stakeholders in the ATM and payment crime prevention sector  –  the dialogue and learning from  across Europe, the USA, Latin America, Russia and Asia-Pacific will no doubt help all participants to better detect and prevent current and future financial crime threats.

The event could not have taken place without the support of sponsors, exhibitors, speakers and delegates. EAST hugely appreciates the participation of all who took part and thanks everyone for their contribution to making the event a success.

Overall sponsor of the EAST FCS Forum 2017 was 3SI Security Systems.

Other sponsors and exhibitors included, the ATM Security Association, ACG, BVK, GMV, MIB, Startech Ltd. and TMD Security.

153 detained for ticket fraud following Global Airport Action Days (GAAD)

GAAD control room153 individuals have been detained following the sixth Global Airport Action Days (GAAD) major international law enforcement operation targeting airline fraudsters. The individuals are suspected of flying using airline tickets purchased with stolen, compromised or fake credit card details.

From 6 to 8 June 2017, 64 countries, 84 airlines and eight online travel agencies worked jointly with law enforcement officers to carry out operational actions in 230 airports across the world.

During the operation, 312 suspicious transactions were reported. As a result, 153 people were detained, denied boarding, questioned by police and criminally charged; several investigations are ongoing.

During the actions, new modi operandi were identified as being used by organised crime networks to gain access to transit areas in airports in order to facilitate illegal immigration and drug trafficking.

GAAD checksSince many individuals use credit cards and fake identification documents to facilitate illegal immigration, Europol’s European Migrant Smuggling Centre (EMSC) joined this year’s GAAD to provide better support to EU Member States and partners for fighting human smuggling networks. Europol specialists and analysts equipped with special technical equipment were deployed to several European airports.

Representatives from airlines, online travel agencies, payment card companies, Perseuss, and the International Air Transport Association (IATA), worked together with experts from Europol’s European Cybercrime Centre (EC3) to identify suspicious transactions and provide confirmation to law enforcement officers deployed in the airports.

GAAD was coordinated from operational centres at Europol in the Netherlands, INTERPOL Global Complex for Innovation in Singapore, NCFTA in the U.S., and Ameripol in Bogota. GAAD was also supported by UNODC (AIRCOP for Africa), the Latin American and Caribbean Intelligence Police Community (CLACIP), Canadian and US law enforcement agencies.

Law enforcement is now tackling this international phenomenon on a daily basis in close cooperation with the private sector. This has enhanced trust between all involved parties and will continue to inflict damage to the criminals involved in airline ticket fraud.

For more information visit the Europol website

Europol helps to dismantle Payment Card Fraud network

A successful operation that took down an international payment card fraud network was carried out by the Public Prosecution Office at the Audiencia Nacional and National Police of Spain, and the General Directorate Combating Organized Crime in Bulgaria, with the support of Eurojust and Europol’s European Cybercrime Centre (EC3).

As a result of the cross-border action, 31 suspects were arrested (21 in Spain, 9 in Bulgaria and one in the Czech Republic) and 48 house searches (14 in Spain and 34 in Bulgaria) were carried out. The suspects were in possession of equipment used to forge payment cards, payment card data readers-recorders, skimmers, micro cameras, devices to manipulate ATMs, as well as cash and numerous counterfeit cards.

Between 2014 and 2017, the criminal network installed skimming devices on an average of 400 ATMs every year, to copy and clone the data contained on the bank cards. The forged cards were then used to make illegal transactions in 200 ATMs outside the European Union, mainly in the USA, the Dominican Republic, Malaysia, Indonesia, Vietnam, Peru, the Philippines and Costa Rica. Approximately 3,000 EU citizens were affected by the criminal network, with losses of at least EUR 500,000.

For more information visit Europol’s website.

42nd EAST Meeting hosted by EC3 at Europol

The 42nd Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol on 7th June 2017.  National country crime updates were provided by 26 countries, and a global update by HSBC.

EAST Fraud Update 2-2017 will be produced later this month, based on the updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

The 42nd EAST Meeting was the final meeting of EAST as the ‘European ATM Security Team’.  As announced by EAST Executive Director Lachlan Gunn, at the EAST FCS Forum on 8th June 2017, EAST has now changed to become the ‘European Association for Secure Transactions’.

Countering ATM Black Box attacks

black boxBlack box attacks on ATMs are a form of logical attack.  To perform these ‘cash-out’ or ‘jackpotting’ attacks the criminals connect an unauthorised device (typically an unknown box or laptop) to an ATM.  This device then sends dispense commands directly to the ATM cash dispenser in order to get it to spit out banknotes.  In order to physically connect such a device the criminals gain access to the ATM’s Top Box by either drilling or melting holes.

The latest statistics published by EAST show that, while the number of black box attacks in Europe is increasing, related losses have fallen when comparing 2016 with 2015.  This drop can be partly attributed to the recent arrests by law enforcement agencies across Europe (in an operation supported by EC3, Europol’s European Cybercrime Centre) and partly to actions taken by the industry to counter such attacks.  The first black box attacks in the Czech Republic took place in August 2016 and three arrests were subsequently made there by the Police.  The industry also took actions to counter such attacks and, at the upcoming EAST Financial Crime & Security Forum (EAST FCS 2017), Petr Ullmann from NCR in the Czech Republic will give an update on the actions taken.

About Petr Ullmann

After graduating in 2007 Petr Ullmann started his career as an IT and network administrator in the automotive industry and went on to work for various Czech companies in IT administration and project management roles.  His key area of expertise was Enterprise Resource Planning (ERP) software – business process management software that allows an organization to use a system of integrated applications to manage the business and automate many back office functions related to technology, services and human resources.

In 2011 he joined NCR Česká republika, initially working as a member of a team working on a project for Tesco Plc in Central Europe.  Since then he has worked on several specific projects for NCR customers (banks and financial institutions) including the migration to Windows 7 and implementation of McAfee ePO.

Who Is Attending?

Over 150 delegates will attend EAST FCS 2017 from ATM networks, banks, law enforcement, vendors, and EAST national and associate members.

Book soon to ensure you don’t miss this great opportunity to attend what has been described as an “excellent event for helping to make a difference in the area of financial crime prevention”.

There are some sponsorship slots still available so, if you are in the business of ATM crime and fraud prevention and wish to showcase your brand to a key audience, contact us.