EPTF holds Fourth Meeting

EPTFThe Fourth Meeting of the EAST Payments Task Force (EPTF) took place on Thursday 22nd November 2018 at the Banking & Payments Federation Ireland (BPFI) in Dublin.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.  The EPTF has recently published Payment Fraud Terminology and Payment Fraud Definitions.  The aim is for the payment fraud terminology, and related payment fraud definitions, to be adopted globally when describing or reporting payment and transaction fraud.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and was attended by key representatives from Card Issuers, Law Enforcement, Payment Processors, Payment Providers and Solution Providers.

Presentations or updates were given by BANCOMAT S.p.A, BPFI, Diebold Nixdorf,  EURO Kartensysteme GmbHEuropol, INTERPOL, PayLife, PayPal, Trend Micro, Visa Europe.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 202 EAST Associate Member Organisations from 52 countries and territories.

ATM Physical Attacks Seminar Update

An EAST FCS ATM Physical Attacks Seminar was held on 10th October 2018 in London, co-located with RBRs ATM & Cyber Security 2018 Conference.  The interactive and successful event followed the basic structure of work group meetings held by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP).  This group, which meets twice a year, provides a platform for law enforcement and the private sector to come together and share attack information, trends and statistics in a structured manner.

An introduction to EGAP by the Chair, Graham Mott, was followed by a presentation by EAST Development Director Rui Carvalho, covering the latest EAST physical attack statistics from the H1 2018 European Payment Terminal Crime Report.  This highlighted that ATM related physical attacks were up 21% (from 1,696 to 2,046 incidents).  Attacks due to ram raids and ATM burglary were up 26% (from 470 to 590 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 2% (from 481 to 490 incidents).  Losses due to ATM related physical attacks were €15.1 million, a 24% increase from the €12.2 million reported during the same period in 2017.

Gertjan Kaijen of Europol then gave a high level view of the ATM Physical attack situation across Europe which was followed by national law enforcement updates from the following countries:

  • France – by Gilles Weintz of the Gendarmerie Nationale
  • Netherlands – by Niels Uljee of the Dutch Police
  • Portugal – by Bruno Sergio Nobre Viegas of the Policia de Seguranca Publica
  • Spain – by Daniel Zorzo Lopez of the Guardia Civil
  • UK – by Neil Smyth of the Metropolitan Police Service

These were followed by a talk from Marco Spoldi of MIB on the Italian experience of ATM Physical attacks, sharing what has been done in Italy to counter them.

ATM physical attacksThe Seminar concluded with a Question and Answer session chaired by Graham Mott and with Rui Carvalho, Gertjan Kaijen, Bruno Ricardo (Feerica), Daniel Zorzo Lopez and Adrian Roberts (West Midlands Police) on the Panel.

Attendance at the regular EAST EGAP work group meetings is limited and this event enabled active participation and input from a much wider pool of expertise.  Due to the positive response received from delegates, this ATM Physical Attacks Seminar is expected to be repeated in 2019.

More information on the event, which was sponsored by Feerica and Lockpoint, can be found on the EAST Events Website

2018 EAST FCS ATM Physical Attack Seminar Sponsors


EAST joins Europol’s Advisory Group on Financial Services

EAST Development Director Rui Carvalho will represent EAST at Europol’s Advisory Group on Financial Services, an advisory group to the Programme Board of the European Cybercrime Centre (EC3).  In the context of the cross-border fight against cybercrime the purpose of the advisory group is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services.

EAST has worked closely with Europol since 2004 and in 2015 Europol and EAST signed a Memorandum of Understanding to further strengthen the partnership.

EAST Executive Director Lachlan Gunn said: “I am delighted that EAST can support Europol in the Advisory Group on Financial Services, a further development of our strategic partnership.  Since 2015, and in addition to the normal operation of our National Member and Expert Group meetings, EAST has supported Europol at five strategic payment card fraud meetings in Asia, most recently in May in Vietnam, and also at similar meetings in The Hague and in Colombia.  We have also presented at three Europol Trainings on Payment Card Fraud Forensics, most recently in June at the Spanish National Police Academy.” 

EAST EGAP holds 10th Meeting in The Hague

The tenth meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Tuesday 4th September 2018 in The Hague.

EAST EGAP is a European specialist expert forum for discussion of ATM and ATS related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The meeting was chaired by Mr Graham Mott of the LINK Scheme and was attended by key representatives from Terminal Deployers, ATM Networks, Security Equipment Vendors and Law Enforcement.  Europol gave a central assessment of the ATM physical attack situation in Europe and National Threat Assessments were shared by representatives from twelve countries.

EAST EGAP, which meets twice each year, enables in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

EAST EGAP meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 10th October 2018.  Registration for this is now open and more information can be found on the EAST Events website.

ATEFI signs Strategic Agreement with AMERIPOL

The Latin American Association of Operators Electronic Funds Transfer and Information Services (ATEFI) has signed an Agreement of Understanding and Mutual Cooperation with The Police Community of the Americas (AMERIPOL). This public-private sector Agreement, signed in in Buenos Aires (Argentina), enables ATEFI and AMERIPOL, through collaboration and mutual professional training, to carry out preventive and investigative actions through forensic analysis of fraud and cybercrime cases.

In May 2016 EAST and ATEFI joined forces to to further strengthen inter-regional cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks and in October 2015 EAST participated in a two-day meeting  in Bogota (Colombia) to discuss payment card fraud overseas and money withdrawals in Latin America.  This meeting, attended by AMERIPOL, was organised by Europol in cooperation with the Colombian authorities (Policia Nacional and its Liaison Bureau at Europol) with the financial support of the Romanian authorities.

This new public-private sector initiative in Latin America is welcomed by the industry in Europe as another step forward in global efforts to tackle transnational payment fraud and financial crime.  EAST has worked with Europol since 2004, a partnership that was strengthened in June 2015 by the signing of a Memorandum of Understanding (MoU), and in June 2017 EAST and ASEANAPOL formalised collaboration.  ASEANAPOL is the National Police organisation for the Association of Southeast Asian Nations (ASEAN).

EAST presents at Europol Training on Payment Card Fraud Forensics

card fraud forensics trainingOn 26 June 2018 EAST Development Director Rui Carvalho presented at the fourth edition of the Europol Training Course on Payment Card Fraud Forensics and Investigations at the Spanish National Police Academy in Ávila, Spain. His talk gave an overview of EAST and covered terminal and payment fraud in Europe from the perspective of the private sector.

The Europol training, which ran from 25 to 29 June 2018, covered a wide range of topics including cryptocurrencies, ATM malware, forensic tools for the examination of skimming equipment, Near Field Communication (NFC) technology, EU regulation in non-cash payment, and data breaches or cyber attacks.

The training course was attended by 74 Investigators, forensic experts, and future police officers from 27 countries in the European Union, as well as from Iceland, Gibraltar, Montenegro, Moldova, Canada, Ukraine and South Korea.  Presentations were given by 33 speakers from different law enforcement agencies, the European Commission, Europol and bodies from the private sector (including EAST) and academia.  Since the first training in 2015 over 200 international students have benefited from the training programme, which has been supported by EAST.

Airline Fraud Action Day leads to 141 Arrests

As part of a global action against airline fraud Europol coordinated raids at European airports, targeting criminals trying to travel using fraudulently bought tickets. Last week (from 18-22 June) over 141 individuals were arrested around the world during a law enforcement swoop which took place at over 226 airports.

61 countries, 69 airlines and 6 online travel agencies were involved in the 11th edition of the Global Airport Action Days (GAAD) targeting criminals suspected of travelling with airline tickets bought using stolen, compromised or fake credit card details. Some 334 suspicious transactions were reported, and a number of investigations have been subsequently opened.

The GAAD which was organised through coordination centres at Europol in The Hague, at the INTERPOL Global Complex for Innovation in Singapore and at Ameripol in Bogota, was supported by Canadian and US law enforcement authorities through the NCFTA in Pittsburgh.

During the action week, representatives from airlines, online travel agencies, payment card companies, Perseuss and IATA worked together with experts from Europol’s European Cybercrime Centre (EC3) to identify suspicious airline ticket transactions.

More information can be found on Europol’s website

Information on the GAAD held in June 2017 can be found here



Cross-border e-Commerce Police action leads to 95 arrests

Police forces across Europe have arrested 95 professional fraudsters and members of internet-based criminal networks in a successful cross-border e-Commerce Action (eComm 2018).

The joint law enforcement operation, coordinated by the European Cybercrime Centre (EC3) from Europol’s headquarters in The Hague, was supported by 28 countries and ran from 4 to 15 June 2018. It received the direct assistance from merchants, logistic companies, and banks and payment card schemes. Europol also supported national authorities on-the-spot by providing analytical services in their investigations.

The main goal was to target online fraud through a coordinated law enforcement action within the European Union (EU) and beyond, followed by an awareness-raising campaign. This action also marks the start of several investigations with more arrests expected in the next few months. The activity was inspired by a similar UK pilot conducted in collaboration with Visa.

The suspects arrested during the operation were responsible for more than 20 000 fraudulent transactions with compromised credit cards, with an estimated value exceeding EUR 8 million.

The e-commerce action focused on combating card-not-present (CNP) fraud, to help create a safer online environment for customers worldwide by sharing information and developing best practices between law enforcement and the private sector. It promotes the hashtag  #BuySafePaySafe: tips to avoid becoming a fraud victim.

For more information visit Europol’s website.

Rui Carvalho, Chair of the EAST Payments Task Force (EPTF), represents EAST at Europol’s e-Commerce actions.


45th EAST Meeting hosted by EC3 at Europol

EC3The 45th Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol on 6th June 2018. National country crime updates were provided by 21 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

EC3 presented on the latest initiatives and events relating to e-commerce fraud prevention, global airport actions (GAAD) to combat online fraud involving stolen or fake credit card data to purchase plane tickets, actions relating to virtual currencies, the Europol-ASEAN Strategic Payment Card Fraud Meeting, and provided updates on Advisory Group activities relating to Internet Security, Communication Providers and Financial Services.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).  An update was given by the EAST Expert Group on All Terminal Fraud (EGAF).

EAST Fraud Update 2-2018 will be produced later this month, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

The 46th EAST Meeting will be held in London on 9th October 2018 and will be followed by EAST FCS Seminars on 10th October 2018 at the same venue.

EAST assists Europol-ASEAN Strategic Payment Card Fraud Meeting

Payment Card Fraud - 5th Strategic MeetingEAST presented at the 5th Strategic Meeting on Payment Card Fraud held in Hanoi, Vietnam on 29-30 May 2018.  EAST Executive Director Lachlan Gunn gave an overview on Terminal Fraud and Payment Fraud as seen by the industry in Europe and highlighted the issue of related fraud migration to China and the ASEAN region.

The growing presence of chip cards in the European Union (EU) has seen an increase in fraudulent payments with European cards at ATMs in Asian countries. Organised crime groups from Europe set up cells in Asia, creating an illegal network, which resulted not only in a higher number of fraud cases, but also in an increase of violence and serious incidents where members of criminal organisations were killed.

The Payment Card Fraud Meeting was aimed at consolidating and strengthening cooperation under the EURASEAN Investigative Network on Payment Card Fraud to provide an adequate and effective answer to this criminal phenomenon. This network, led by Europol, is supported by both ASEANAPOL and INTERPOL, law enforcement officers from EU Member States and 10 ASEAN countries (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) with the assistance of EAST representing the private sector.

The EURASEAN network, established last year, has been increasingly efficient and boosted several investigations that led to arrests between Bulgaria and Vietnam, France and Thailand and Romania and Indonesia. International cooperation, based on the exchange of information, technical support and strategies, whereby organised criminal groups active in Asia and Europe were disrupted, fugitives detected, false ID documents seized and criminal assets recovered.

In the fight against fraudulent payments and cybercrime, law enforcement agencies are not the only ones involved: a fundamental role is also played by the private sector. Stopping cyber fraud in the financial sector requires dealing directly with the private sector.  EAST has been closely working with Europol since 2004 and has had working relationships with ASEANAPOL and INTERPOL since 2015.

The trusted relationships established between Europol, ASEANAPOL and INTERPOL are a crucial factor in strengthening security and, ultimately, protecting EU citizens.

The meeting was financed by EMPACT (European multidisciplinary platform against criminal threats) and led by Romania. Bulgarian authorities led the action on cooperation with Asian countries.

EAST has supported all five of the Strategic Meetings on Payment Card Fraud held to date in the ASEAN region, as well as related meetings held in Europe and Latin America.