ATM Explosive Attacks surge in Europe

european-atm-crime-report-h1-2016In a European ATM Crime Report covering the first six months of 2016 EAST has reported that ATM explosive attacks were up 80% when compared to the same period in 2015.

A total of 492 explosive attacks were reported, up from 273 during the same period in 2015.  While the majority were explosive gas attacks, 110 were solid explosive attacks.  EAST Executive Director Lachlan Gunn said, “This rise in explosive attacks is of great concern to the industry in Europe as such attacks create a significant amount of collateral damage to equipment and buildings as well as a risk to life.  The EAST Expert Group on Physical Attacks (EGAP) is working to analyse the attacks and to share intelligence best practice information across the industry and law enforcement that can help to mitigate the threat.”

Overall ATM related physical attacks rose 30% when compared with H1 2015 (up from 1,232 to 1,604 incidents).  Losses due to ATM related physical attacks rose 3% to €27 million (up from €26.3 million in 2015).  The average cash loss for a ram raid or burglary attack is estimated at €17,327, the average cash loss per explosive attack is €16,631 and the average cash loss for a robbery is €20,017.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

EAST also reported a 28% increase in ATM related fraud attacks, up from 8,421 in H1 2015 to 10,820 in H1 2016.  This rise was mainly driven by a 281% increase in Transaction Reversal Fraud (up from 1,270 to 4,840 incidents).  The downward trend for card skimming continues with 1,573 card skimming incidents reported, down 21% from 1,986 in H1 2015.

Losses due to ATM related fraud attacks were up 12% when compared with H1 2015 (up from €156 million to €174 million).  This rise was largely driven by an 8% rise in international skimming losses (up from €131 million to €142 million).  The Asia-Pacific region (particularly Indonesia) and the USA are where the majority of such losses were reported.  Domestic skimming losses rose 24% over the same period.

The number of ATM logical attacks reported continues to rise.  28 incidents were reported (all ‘cash out’ or ‘jackpotting’ attacks), up from just 5 during the same period in 2015.  Related losses were €0.4 million.

A summary of the report statistics under the main headings is in the table below:

h1-2016-crime-report-summary-stats

The full Crime Report is available to EAST Members (National and Associate).

European ATM Fraud Incidents up 15%, driven by low tech crime

EAST ATM Crime Report H1 2015In a European ATM Crime Report covering the first six months of 2015 EAST has reported that ATM fraud incidents were up 15% when compared to the same period in 2014.

ATM related fraud attacks were up from 7,345 in H1 2014 to 8,421 in H1 2015. This rise was mainly driven by an 18% increase in card trapping attacks (up from 2,579 to 3,043 incidents) and a 985% increase in Transaction Reversal Fraud (TRF) attacks (up from 117 to 1,270 incidents). Trapped cards can be used in the EMV environment (if the PIN has also been compromised). 1,986 card skimming incidents were reported, down 18% from 2,425 in H1 2014.

Losses due to ATM related fraud attacks were up 18% when compared with H1 2014 (up from €132 million to €156 million). This rise was largely driven by an 18% rise in international skimming losses (up from €111 million to €131 million). The Asia-Pacific region (particularly Indonesia) and the USA are where the majority of such losses were reported. Domestic skimming losses rose 11% over the same period.

EAST Executive Director Lachlan Gunn said, “International skimming losses have risen for the past four reporting periods and EAST is working closely with Europol to raise awareness of this issue in Asia-Pacific and the Americas.”

ATM related physical attacks rose by 19% when compared with H1 2014 (up from 1,032 to 1,232 incidents).  This is explained by a 1,013% increase in reported robberies, due to the fact that one country has been able to report on this for the first time.  423 such attacks were reported, up from 38 in 2014.

Losses due to ATM related physical attacks rose 100% to €26 million (up from €13 million in 2014), again mainly due to the fact that one country has reported losses due to robbery for the first time. Losses due to robbery rose from €0.4 million to €10.5 million. The average cash loss for robberies was €24,799 per incident, for ram raids/ATM burglary €22,604 per incident, and for explosive attacks €19,737.

In H1 2015 5 ATM malware incidents were reported (‘cash out’ or ‘jackpotting’ attacks), with related losses of €0.14 million. To counter the malware threat, the EAST Expert Group on ATM Fraud (EGAF) worked with Europol to create ‘Guidance & recommendations regarding logical attacks on ATMs’, a document published by Europol in June 2015.

A summary of the report statistics under the main headings is in the table below.

EAST H1 2015 Crime Report Summary Stats

The full Crime Report is available to EAST Members (National and Associate) and Subscribers.

VIEWPOINT: ATM Fraud

ATM Security2In an EAST website research poll that ran from September to December 2014 respondents were asked the question ‘What do you feel is the biggest fraud risk to the ATM channel over the next few years?’

52% chose malware, 37% voted for card skimming, 4% for cash trapping, 3% for card trapping and 3% for social engineering.

EAST Poll Sep to Dec 14

Malware is an emerging fraud trend for the ATM channel. EAST has been reporting European ATM fraud statistics since 2004. Over the past decade we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced. Most recently we have seen a shift from hi-tech skimming to lo-tech card and cash trapping. Our next European ATM Crime report, covering the full year 2014, is scheduled for publication in April 2015.

You can see some of our ATM Fraud definitions on this website. We define ATM Malware as either ‘cash out/jackpotting’ or ‘card and Pin compromise’ and a definition for social engineering is ‘the clever manipulation of the human tendency to trust’.

The current website research poll is on cardholder awareness and asks the question – ‘How often do you see fraud warnings and fraud prevention messages displayed on ATMs in your country?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.