Cross-border e-Commerce Police action leads to 95 arrests

Police forces across Europe have arrested 95 professional fraudsters and members of internet-based criminal networks in a successful cross-border e-Commerce Action (eComm 2018).

The joint law enforcement operation, coordinated by the European Cybercrime Centre (EC3) from Europol’s headquarters in The Hague, was supported by 28 countries and ran from 4 to 15 June 2018. It received the direct assistance from merchants, logistic companies, and banks and payment card schemes. Europol also supported national authorities on-the-spot by providing analytical services in their investigations.

The main goal was to target online fraud through a coordinated law enforcement action within the European Union (EU) and beyond, followed by an awareness-raising campaign. This action also marks the start of several investigations with more arrests expected in the next few months. The activity was inspired by a similar UK pilot conducted in collaboration with Visa.

The suspects arrested during the operation were responsible for more than 20 000 fraudulent transactions with compromised credit cards, with an estimated value exceeding EUR 8 million.

The e-commerce action focused on combating card-not-present (CNP) fraud, to help create a safer online environment for customers worldwide by sharing information and developing best practices between law enforcement and the private sector. It promotes the hashtag  #BuySafePaySafe: tips to avoid becoming a fraud victim.

For more information visit Europol’s website.

Rui Carvalho, Chair of the EAST Payments Task Force (EPTF), represents EAST at Europol’s e-Commerce actions.

 

EPTF holds Third Meeting

EPTFThe Third Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 18th April 2018 at the Banking & Payments Federation Ireland (BPFI) in Dublin.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and was attended by key representatives from Card Issuers, Law Enforcement, Payment Processors, Payment Providers and Solution Providers.

Presentations were given by BPFI, Dutch Payments Association, EURO Kartensysteme GmbH, Europol, Groupement Des Cartes Bancaires, PayLife, Swordfish Security

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 198 EAST Associate Member Organisations from 52 countries and territories.

44th EAST Meeting hosted by EKS

The 44th Meeting of EAST National Members was hosted by EURO Kartensysteme GmbH (EKS) in Frankfurt on 7th February 2018.  National country crime updates were provided by 21 countries. Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were given by staff from the German Federal Criminal Police Office – BKA (Bundeskriminalamt) and also by the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).  An update was given by the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 1-2018 will be produced later this month based on the updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

Message from the Executive Director

The end of another busy year is almost upon us.  On behalf of the EAST Board I would like to thank everyone who has contributed towards the continued success of EAST this year – and it has been a very busy year.  In June we changed our name to become the European Association for Secure Transactions, the culmination of many discussions held by our Board and National Members, and positioning EAST to continue to be able to support the needs of our members in the fast changing payments landscape.  The announcement was made at our Third EAST FCS Forum in The Hague.  This well-attended event, the best yet, also featured two new interactive workshops run by EAST EGAF and EAST EGAP.

We held National Member meetings in Oslo in February (our 41st Meeting hosted by Bits AS), in The Hague in June (our 42nd Meeting hosted by Europol) and in Edinburgh in October (our 43rd Meeting hosted by the LINK Scheme).  In January Halo BCA joined EAST as a new National Member for Indonesia and in April Banorte IXE joined EAST as a new National Member for Mexico

The EAST Expert Group on All Terminal Fraud (EGAF), chaired by Otto de Jong, held three meetings in January, May and September, all hosted by ING in Amsterdam.  EGAF updated its guidelines on standardising terminology for locations of Card Data Compromise (CDC) devices at ATMs and also the definitions used to report and classify ATM fraud.  Law Enforcement participation is from Europol, the US Secret Service, the BKA and the French Gendarmerie (IRCGN).

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP), chaired by Graham Mott, held two meetings in March and September, both in The Hague, one hosted by Europol and the other by the LINK Scheme.  Law Enforcement participation in this group is increasing with LEAs from 8 different countries participating, in addition to Europol.

The EAST Payments Task Force (EPTF), chaired by Rui Carvalho, held its first face-to-face meeting in April and its second meeting last month.  Both were hosted by the BPFI in Dublin.  This group will add value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  Law Enforcement participation is from Europol and the US Secret Service.

In addition to the work of the above groups, we supported Law Enforcement during the year by presenting at:  the Europol Training on Payment Card Forensics; an INTERPOL event focussed on countering Cyber and Financial Crimes; Europol’s 4th Strategic Payment Card Fraud meeting in Asia; and Europol’s first combined Strategic Payment Card Fraud Meeting with representatives from Asia-Pacific, Europe and Latin America.

We took part in the 5th Europol-INTERPOL Cybercrime Conference and formalised a relationship with ASEANAPOL, another step forward in addressing the consequences of the spread of the activities of organised criminal groups across regions and globally.

We also presented at the following private sector events: the MasterCard Global Risk Leadership Conference – Europe, the NCR Fraud & Security Summit, the Third Latin America Security Forum, and the General Assembly of Vigie Billet.

EAST continues to keep abreast of the latest fraud trends and crime information, publishing our European Payment Terminal Crime Reports and European Fraud Updates.  Our thanks again go out to all the people and organisations that have shared information for the above, and for EAST Fraud Alerts (41 sent out this year to date), and EAST ATM Physical Attack Alerts (12 sent out this year to date).  Our first Payment Alert is expected to be published shortly.

EAST Associate Membership continues to grow.  We now have 192 Associate Member organisations from 52 countries and territories.  This membership category is open for worldwide application to all Banks, Law Enforcement (free membership available), and other approved ATM Stakeholder organisations.

Wherever you are reading this I would like to wish you a wonderful festive break and a very happy New Year!

Kind regards

Lachlan

 

EPTF holds Second Meeting

The Second Meeting of the EAST Payments Task Force (EPTF) took place on Tuesday 21st November 2017 at the Banking & Payments Federation Ireland (BPFI) in Dublin.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho and was attended by key representatives from Card Issuers, Law Enforcement, Payment Processors, Payment Providers and Solution Providers.

Presentations were given by BANCOMAT S.p.A, Europol, PayLifeSAS, Sistema 4BSquare, US Secret Service.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 36 countries and outputs from the group are presented to National Member Meetings.  There are 191 EAST Associate Member Organisations from 52 countries and territories.

EAST supports Europol Strategic Payment Card Fraud Meeting

On 20-21 November 2017, Europol’s European Cybercrime Centre (EC3), with the support of EAST, hosted an international meeting with a specific focus on combating payment card fraud across Europe and beyond.

In its sixth occurrence since it was first organised in Singapore in 2015, this meeting was held for the first time at Europol’s headquarters in The Hague, bringing together representatives from 3 regions of the world: 8 EU Member States (Portugal, Greece, France, Denmark, Spain, Romania, Bulgaria and Italy), Latin America (Argentina, Dominican Republic, Chile, Colombia and AMERIPOL) and Asia (Malaysia, Philippines, Thailand and ASEANAPOL).

The EAST presentation focused on combating payment card fraud from the perspective of the private sector – EAST Executive Director Lachlan Gunn gave an overview of EAST and presented the latest threats, criminal methodologies and crime and fraud statistics.  EAST Development Director Rui Carvalho, who chairs the EAST Payments Task Force (EPTF), covered the latest payment crime trends as reported at the 43rd EAST Meeting.

The latest European Central Bank Report estimates €1.44 billion losses in Payment card fraud in 2013 The overall losses were up 8%. Card Not Present (CNP) fraud has experienced significant increases in Europe in the last years and although Card Present Fraud (CP) within the EU decreased during the last years still remain significant as the EMV (chip and pin) protection has not yet been fully implemented. In fact, organised crime groups set up permanent bases in overseas locations where Chip is not implemented cashing out compromised European cards.

EAST has supported all the Europol Strategic Meetings on Payment Card Fraud held in the ASEAN and LATAM regions.

 

Viewpoint: Has your payment card been compromised and , if so, where?

In a website research poll that ran from January to April 2017 cardholders who had had a payment card compromised were asked if they knew where the compromise took place. 33% of respondents answered ‘during an online transaction’, 14% ‘at an ATM’, 14% ‘at a petrol (gas) station’ ,10% ‘due to a data breach’. and 5% ‘at a merchant terminal’.  24% did not know where the compromise took place. The poll results can be seen in the chart below.

 

How safe you feel as a cardholder when making a card-based payment transaction is of paramount concern to the industry.  The EAST Payments Task Force (EPTF) is focusing on payment research.

The current website research poll, which closes at the end of August is on ATM fraud and asks what you feel is the biggest fraud risk to the ATM channel over the next few years?  To take it, and to see all past results, visit the ATM Research Page on this website.

EPTF holds First Meeting

EPTFThe First Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 19th April 2017 at the Banking and Payments Federation Ireland (BPFI) in Dublin.

The purpose of the EPTF is to provide a specialist task force for discussion of security issues affecting payments and transactions and for the gathering,collation and dissemination of related information, trends and statistics.

The meeting was chaired by Mr Rui Carvalho and was attended by key representatives from card issuers and payment processors.

The EPTF will take the following actions covering payments:

  • Explore, inter alia, potential improvements in security and other issues affecting payments and transactions
  • Engage with payment and transaction stakeholders on the impact of regulations
  • Establish what payment industry information (trends / general statistics) is currently available and what gaps the EPTF can cover through the collection of data from EAST’s extensive membership network (National and Associate).
  • Through Payment Updates, share information on trends and issues affecting payments and transactions.

Mr Carvalho will give a presentation on the EPTF and where it is heading at this year’s EAST Financial Crime & Security Forum (EAST FCS 2017).

Viewpoint: What is the highest risk for card-based payment transactions?

In a website research poll that ran from September to December 2016 cardholders were asked, in a card present scenario, which type of transaction they felt is least secure.  31% of respondents answered ‘using an ATM’, 29% ‘using a mobile phone’, 26% ‘using a retail payment terminal’ and 14% ‘using contactless technology’.  The poll results can be seen in the chart below.

Most people make card-based payment transactions on a regular basis.  When doing so trust in the security of the transaction is vital.  The industry consistently works to ensure that this trust is not-misplaced by monitoring transactions and by putting effective security measures in place.

That being said criminals continue to work at finding weak points in current security measures and in developing new ways to fraudulently obtain cash.  This results in ‘technology chase’ as both sides react to the actions of the other.

How safe you feel as a cardholder when making a card-based payment transaction is of paramount concern to the industry.  The EAST Payments Task Force (EPTF) is currently focusing on payment research.

The current website research poll, which closes at the end of April, is also on payment security and asks those who have had a payment card compromised for information on where the compromise took place.  To take it, and to see all past results, visit the ATM Research Page on this website.

Viewpoint: Are mobile phone payments safe?

The EAST Payments Task Force (EPTF) is currently focusing on payment research. In a website research poll on mobile phone payments that ran from May to August 2016 the question ‘Are you satisfied your payment details are safe when buying goods or services using your mobile phone?’ was asked.  58% of respondents were not satisfied, 28% were satisfied and 14% were completely satisfied.  The poll results can be seen in the chart below.

There are currently more than 7.8 billion mobile phones in use around the world. With the number of phones in operation now exceeding the number of people on the planet, banks and stores are using this facility to reach their customers and see the saturation of mobile phones as an opportunity to make the consumer payment experience a convenient and seamless one.

Consumers can now use NFC technology on their smart phone to make contactless payments in stores and to pay for goods and services using in-app payment tools or directly using the internet browser on the phone.

In making payments easier to manage and more accessible for consumers, there is an underlying risk that access to that information is also made easier for the criminal element, aiming to capture the payment data used by unsuspecting consumers.

While the industry continues to build solutions and barriers to this criminal activity the EPTF is examining consumer behaviour and this poll result is an indication of how consumers view the safety of their payment details when using mobile phones to pay for goods and services.

The current website research poll, which closes at the end of April, is also on payment security and asks those who have had a payment card compromised for information on where the compromise took place.  To take it, and to see all past results, visit the ATM Research Page on this website.