EAST assists Europol-ASEAN Strategic Payment Card Fraud Meeting

Payment Card Fraud - 5th Strategic MeetingEAST presented at the 5th Strategic Meeting on Payment Card Fraud held in Hanoi, Vietnam on 29-30 May 2018.  EAST Executive Director Lachlan Gunn gave an overview on Terminal Fraud and Payment Fraud as seen by the industry in Europe and highlighted the issue of related fraud migration to China and the ASEAN region.

The growing presence of chip cards in the European Union (EU) has seen an increase in fraudulent payments with European cards at ATMs in Asian countries. Organised crime groups from Europe set up cells in Asia, creating an illegal network, which resulted not only in a higher number of fraud cases, but also in an increase of violence and serious incidents where members of criminal organisations were killed.

The Payment Card Fraud Meeting was aimed at consolidating and strengthening cooperation under the EURASEAN Investigative Network on Payment Card Fraud to provide an adequate and effective answer to this criminal phenomenon. This network, led by Europol, is supported by both ASEANAPOL and INTERPOL, law enforcement officers from EU Member States and 10 ASEAN countries (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) with the assistance of EAST representing the private sector.

The EURASEAN network, established last year, has been increasingly efficient and boosted several investigations that led to arrests between Bulgaria and Vietnam, France and Thailand and Romania and Indonesia. International cooperation, based on the exchange of information, technical support and strategies, whereby organised criminal groups active in Asia and Europe were disrupted, fugitives detected, false ID documents seized and criminal assets recovered.

In the fight against fraudulent payments and cybercrime, law enforcement agencies are not the only ones involved: a fundamental role is also played by the private sector. Stopping cyber fraud in the financial sector requires dealing directly with the private sector.  EAST has been closely working with Europol since 2004 and has had working relationships with ASEANAPOL and INTERPOL since 2015.

The trusted relationships established between Europol, ASEANAPOL and INTERPOL are a crucial factor in strengthening security and, ultimately, protecting EU citizens.

The meeting was financed by EMPACT (European multidisciplinary platform against criminal threats) and led by Romania. Bulgarian authorities led the action on cooperation with Asian countries.

EAST has supported all five of the Strategic Meetings on Payment Card Fraud held to date in the ASEAN region, as well as related meetings held in Europe and Latin America.

EAST supports Europol Strategic Payment Card Fraud Meeting

On 20-21 November 2017, Europol’s European Cybercrime Centre (EC3), with the support of EAST, hosted an international meeting with a specific focus on combating payment card fraud across Europe and beyond.

In its sixth occurrence since it was first organised in Singapore in 2015, this meeting was held for the first time at Europol’s headquarters in The Hague, bringing together representatives from 3 regions of the world: 8 EU Member States (Portugal, Greece, France, Denmark, Spain, Romania, Bulgaria and Italy), Latin America (Argentina, Dominican Republic, Chile, Colombia and AMERIPOL) and Asia (Malaysia, Philippines, Thailand and ASEANAPOL).

The EAST presentation focused on combating payment card fraud from the perspective of the private sector – EAST Executive Director Lachlan Gunn gave an overview of EAST and presented the latest threats, criminal methodologies and crime and fraud statistics.  EAST Development Director Rui Carvalho, who chairs the EAST Payments Task Force (EPTF), covered the latest payment crime trends as reported at the 43rd EAST Meeting.

The latest European Central Bank Report estimates €1.44 billion losses in Payment card fraud in 2013 The overall losses were up 8%. Card Not Present (CNP) fraud has experienced significant increases in Europe in the last years and although Card Present Fraud (CP) within the EU decreased during the last years still remain significant as the EMV (chip and pin) protection has not yet been fully implemented. In fact, organised crime groups set up permanent bases in overseas locations where Chip is not implemented cashing out compromised European cards.

EAST has supported all the Europol Strategic Meetings on Payment Card Fraud held in the ASEAN and LATAM regions.

 

EAST presents at NCR Fraud & Security Summit

Fraud & Security SummitEAST Executive Director Lachlan Gunn presented at the 5th Annual NCR Fraud & Security Summit, held in London on 9th October 2017.  The event allowed security experts from around the world to share experiences and information on a wide array of security topics such as emerging threats, trends, solutions and innovations.

Lachlan Gunn (pictured on the right with NCR’s Charlie Harrow) gave an overview of EAST and its new structure, before delivering an update on the payment fraud and crime situation in Europe.  He referred to statistics from EAST’s recently published European Payment Terminal Crime Report which highlighted a significant increase in logical (black box) attacks.

The Agenda included presentations that covered NCR’s Security Startegy, expanding logical protection to the Network, contactless and new technologies, protecting ATMs from physical attacks, ATM attack trends and an update on the new NCR 80 Series ATMs.

3rd EAST FCS Forum – the most successful yet!

EAST FCS ForumThe sun has set on another successful EAST Financial Crime & Security (FCS) Forum which was held for the second time at the Grand Hotel Amrâth Kurhaus, in Scheveningen, The Hague. Feedback from delegates has been hugely positive.  This year marked a new format which included plenary sessions covering expert information from global regions: Asia-Pacific (ASEAN), Latin America, USA, Russia and Europe. 19 expert speakers travelled from 14 countries around the world to share their knowledge of ATM crime prevention.

In addition an afternoon of breakout sessions was held covering topics related to ATM and payment terminal fraud, and to ATM physical attacks.

Networking opportunities were abundant – a welcome cocktail the evening before the event, ensured all delegates were comfortable to kick off the Forum having met with their peers in a relaxed environment. Exhibitors enjoyed increased traffic through the exhibition hall, giving demos to attendees during coffee breaks, lunch and demonstration sessions.

 

Day One of the EAST FCS Forum opened with keynote speaker Steven Wilson, Head of the Europol Cyber Crime Centre (EC3) who spoke about the multi-faceted approach to countering cybercrime and the success of public private partnerships, especially the cooperation between EC3, non-EU States and EAST members.

Lachlan Gunn, Executive Director EAST, provided relevant statistics from the EAST European ATM Crime Report. He also announced a name change for EAST which is now the European Association for Secure Transactions. A milestone for EAST which has mainly focused on issues facing the ATM industry thus far, but which will now look at all threats against payment terminals (ATM, SST and POS), as well the security of payments and transactions.

Lachlan was followed by presenters from ASEANAPOL, the US Secret Service, the Russian Mastercard Members Association, and from the Latin American Association of Operators Electronic Funds Transfer and Information Services (ATEFI), who all gave the audience the most current information on activity in their regions.

In the afternoon breakout sessions Otto de Jong, EAST EGAF Chair, led discussions which covered R&D by fraudsters on EMV and old school ATM Fraud, and Graham Mott, EAST EGAP Chair, facilitated discussions on banknote degradation, physical attack types and countermeasures and traditional attacks.

The day closed out nicely with a BBQ by the beach!

Day Two kicked off with Group-IB providing an overview on the evolution of logical attacks on financial institutions. This was followed by a case study on Black Box attacks from NCR Czech Republic and an update from ING Netherlands on the evolution of gas and solid explosive attacks. There was a case study on countering such explosive attacks from the UK’s West Midlands Regional Organised Crime Unit, and the final talk of the day came from Rui Carvalho, Development Director EAST, who is building the EAST Payments Task Force and provided an overview on current and future activities for EAST.

In her closing address, conference Chairman Úna Dillon, Development Director of EAST, summarised the two-day conference by noting the importance of cross-border public-private sector cooperation in the fight against financial crime – stressing the need for private sector industry stakeholders to collaborate with law-enforcement agencies. She added that whilst EAST delivered the conference, the people charged with building the event are also deeply involved in the collaborative work already going on. Their ‘on-the-ground’ involvement means the EAST FCS Forum agenda will always be relevant and current.

This 3rd EAST FCS Forum has proven to be a successful platform in bringing together the perfect mix of banking representatives, security experts, law enforcement, payments associations, government agencies and many other stakeholders in the ATM and payment crime prevention sector  –  the dialogue and learning from  across Europe, the USA, Latin America, Russia and Asia-Pacific will no doubt help all participants to better detect and prevent current and future financial crime threats.

The event could not have taken place without the support of sponsors, exhibitors, speakers and delegates. EAST hugely appreciates the participation of all who took part and thanks everyone for their contribution to making the event a success.

Overall sponsor of the EAST FCS Forum 2017 was 3SI Security Systems.

Other sponsors and exhibitors included, the ATM Security Association, ACG, BVK, GMV, MIB, Startech Ltd. and TMD Security.

EAST changes name

EAST

 

 

EAST is changing its name to the European Association for Secure Transactions (EAST).  The announcement was made by EAST Executive Director Lachlan Gunn at the EAST Financial Crime and Security (FCS) Forum in The Hague.  The name change is in line with a new strategic direction for EAST.

EASTEAST was formed in 2004 to focus on ATM security when card skimming was a rising issue in Europe.  Since then there have been significant changes in the payment landscape, which continues to evolve at great speed.  EAST will continue to report on ATM crime issues as part of a wider reporting structure, which will be broadly split into Terminal Security and Payment Security.  The core strength of EAST is the National Member platform, backed up by interaction with Associate Members, and this change will enable EAST to keep serving all its members as their needs change.

The EAST Expert Group on All Terminal Fraud (EGAF) will continue to focus on fraud at all terminal types, and the EAST Payments Task Force (EPTF) is focussed on the security of payments and transactions.  The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) will continue to be mainly ATM focussed, to help counter the growing threat of solid explosive and explosive gas attacks.

EAST has national representation from the following 26 European countries:  Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Liechtenstein, Luxembourg, Netherlands, Norway, Malta, Poland, Portugal, Romania, Slovakia, Spain, Sweden, Switzerland, United Kingdom.  EAST is still seeking national representative members from:  Estonia, Iceland, Latvia, Lithuania and Slovenia.

Brazil, Canada, Indonesia, Mexico, Russia, Serbia, South Africa, Turkey, Ukraine and the United States are represented at EAST as non-SEPA members and EAST is seeking to establish links with parties in any country, able to share national incident and loss statistics for terminal related fraud and physical attacks.  For more information contact us.

Third Strategic Meeting on Payment Card Fraud

3rd Strategic Meeting on Payment Card Fraud

EAST presented at the Third Strategic Meeting on Payment Card Fraud (PCF) at the Electronic Transactions Development Agency (ETDA) in Bangkok, Thailand.

This event, which was organised by Europol’s European Cybercrime Centre (EC3) on 13-14 December 2016, provided the law enforcement community with a comprehensive overview of payment card issues such as compromising payment card data, skimming, ATM cashing out, e-commerce and airline frauds. The event, which was co-organised with ASEANAPOL and INTERPOL with the support of the Romanian National Police and the Royal Thai Police, was hosted by the ETDA (public organisation), and the Ministry of Digital Economy and Society.

Thirty law enforcement officers from four EU Member States (Austria, France, Greece, and Romania) and their ASEAN counterparts (Brunei, Cambodia, Indonesia, Malaysia, Myanmar, Philippines, Singapore, and Thailand) participated in the two-day meeting. The private sector was represented by EAST, the Bank of Thailand, representatives from the Thai commercial banks and LiquidNexxus. The ThaiCERT – ETDA facilitated cooperation between the law enforcement community and the Computer Emergency Response Teams (CERTs).

EAST Executive Director Lachlan Gunn gave an overview of the European ATM Fraud situation and highlighted the issue of losses in the ASEAN region faced by European card issuers.

3rd Strategic PCF MeetingThe aim of the event was to discuss operational achievements in the area of combating cyber fraud and to agree on the steps to follow with regard to security of non-cash means of payment. It focused on the exchange of expertise in the area of prevention and combating ATM/POS fraud, data compromising, ATM malware, and eCommerce fraud. A specific action plan concerning further cross-regional cooperation between European and Asian law enforcement was devised, following recent successful operations between the two parties.

As a result of discussions at the event, and to strengthen inter-regional industry communication to combat terminal and payment security, EAST is in follow up communication with the banking sectors in Indonesia and Thailand.

In March 2016 EAST supported the Second Strategic Meeting on Payment Card Fraud which was held at the Royal Malaysian Police College in Kuala Lumpur, Malaysia.  The meeting was hosted by Europol, INTERPOL and ASEANOPOL with the financial support of the Romanian authorities.

In November 2015 EAST supported the First Strategic Meeting on Payment Card Fraud which was held in the INTERPOL Global Complex for Innovation (IGCI) and was co-hosted by Europol and INTERPOL with the financial support of the Romanian authorities.

In October 2015 EAST participated in a two-day meeting in Bogota (Colombia) to discuss payment card fraud overseas and money withdrawals in Latin America.

ATM Explosive Attacks surge in Europe

european-atm-crime-report-h1-2016In a European ATM Crime Report covering the first six months of 2016 EAST has reported that ATM explosive attacks were up 80% when compared to the same period in 2015.

A total of 492 explosive attacks were reported, up from 273 during the same period in 2015.  While the majority were explosive gas attacks, 110 were solid explosive attacks.  EAST Executive Director Lachlan Gunn said, “This rise in explosive attacks is of great concern to the industry in Europe as such attacks create a significant amount of collateral damage to equipment and buildings as well as a risk to life.  The EAST Expert Group on Physical Attacks (EGAP) is working to analyse the attacks and to share intelligence best practice information across the industry and law enforcement that can help to mitigate the threat.”

Overall ATM related physical attacks rose 30% when compared with H1 2015 (up from 1,232 to 1,604 incidents).  Losses due to ATM related physical attacks rose 3% to €27 million (up from €26.3 million in 2015).  The average cash loss for a ram raid or burglary attack is estimated at €17,327, the average cash loss per explosive attack is €16,631 and the average cash loss for a robbery is €20,017.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

EAST also reported a 28% increase in ATM related fraud attacks, up from 8,421 in H1 2015 to 10,820 in H1 2016.  This rise was mainly driven by a 281% increase in Transaction Reversal Fraud (up from 1,270 to 4,840 incidents).  The downward trend for card skimming continues with 1,573 card skimming incidents reported, down 21% from 1,986 in H1 2015.

Losses due to ATM related fraud attacks were up 12% when compared with H1 2015 (up from €156 million to €174 million).  This rise was largely driven by an 8% rise in international skimming losses (up from €131 million to €142 million).  The Asia-Pacific region (particularly Indonesia) and the USA are where the majority of such losses were reported.  Domestic skimming losses rose 24% over the same period.

The number of ATM logical attacks reported continues to rise.  28 incidents were reported (all ‘cash out’ or ‘jackpotting’ attacks), up from just 5 during the same period in 2015.  Related losses were €0.4 million.

A summary of the report statistics under the main headings is in the table below:

h1-2016-crime-report-summary-stats

The full Crime Report is available to EAST Members (National and Associate).

EAST and ATEFI Join Forces in the Global Fight against Payment Crime

ATEFI LogoEAST has joined forces with the Latin American Association of Operators Electronic Funds Transfer and Information Services (ATEFI) in order to further strengthen cross border cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks.

The groups first engaged when ATEFI presented at the inaugural EAST Financial Crime and Security Forum (EAST FCS) in The Hague in June 2013 where ATEFI representatives Orlando Garcia, Executive Director, ATEFI (Panama) and Pablo Carretino, Head of Risk & Security, Banelco (Argentina) presented the ‘Fraud Situation in Latin America’.

EAST reciprocated by presenting at the first annual Latin American Forum on Security in Payment Systems in Paraguay last November, hosted by Oscar Castellano, ATEFI. Úna Dillon, EAST Development Director, shared information and data on payment crime activities affecting EAST members in Europe and around the world. The two organisations have been working together since then.

EAST Associate Members - badgeEAST Executive Director, Lachlan Gunn, said: “EAST is pleased to increase its global reach through cooperation with ATEFI, creating a greater network for combating the threats of payment crime. Today, to further strengthen the relationship, the two organisations agreed to mutual Associate Membership in order to facilitate the sharing of information on crimes affecting the payments industry and to help identify global threats…”

Mutual Associate Membership allows EAST and ATEFI to exchange strategic data and other non-operational information.

Second Strategic Meeting on Payment Card Fraud

Second Strategic Meeting on Payment Card FraudEAST represented the private sector at the Second Strategic Meeting on Payment Card Fraud (PCF) in Kuala Lumpur, Malaysia.

This event which was organised by Europol’s European Cybercrime Centre (EC3) on 22-23 March 2016, provided the law enforcement community with a comprehensive overview of the ATM fraud and its migration to Asia.  The event was co-organised with ASEANAPOL, with the cooperation of INTERPOL and the support of the Romanian National Police and the Royal Malaysian Police.

This two-day meeting brought together 25 law enforcement officers from EU Member States (Bulgaria, Germany, Greece, Romania and the UK) with their counterparts from the ASEANAPOL community (including Brunei, Cambodia, Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) to discuss cooperation in preventing and combating this type of crime.

Opening Ceremony 2EAST Executive Director Lachlan Gunn gave an overview of the European ATM Fraud situation and the problem caused by increasing losses in the ASEAN region.

The aim of the event was to increase awareness among experts about all types of non-cash means of payment, including card skimming, ATM malware, internet fraud and eCommerce fraud.  New and unreported modus operandi recently detected by different investigative units were shared between experts and cases involving European criminals active in Asia were discussed,  resulting in the elaboration of operational plans for coordinated actions in a close future.  

In November 2015 EAST supported the First Strategic Meeting on Payment Card Fraud which was held in the INTERPOL Global Complex for Innovation (IGCI) and was co-hosted by Europol and INTERPOL with the financial support of the Romanian authorities.

In October 2015 EAST participated in a two-day meeting in Bogota (Colombia) to discuss payment card fraud overseas and money withdrawals in Latin America.

 

 

EAST participates in International Payment Card Fraud Meeting in Singapore

Europol-Interpol- Event 1EAST Executive Director Lachlan Gunn participated in a two-day meeting in Singapore to discuss payment card fraud overseas and money withdrawals in the extended South East Asia region.

The meeting, which took place on 11th and 12th November 2015, was held in the INTERPOL Global Complex for Innovation (IGCI) and was co-hosted by Europol and INTERPOL in cooperation with the newly appointed Europol Liaison Officer to IGCI, the assistance of the EU Delegation in Singapore and the financial support of the Romanian authorities.

The meeting participants were 18 experts from EU Member States (Bulgaria, France, Germany and Romania) and Asian partners including Indonesia, Philippines, Thailand and Vietnam as well as ASEANAPOL.  EAST provided the law enforcement community with a comprehensive overview of the situation as perceived by the Industry.

The aim of this event was to increase awareness among experts about card skimming and overseas money withdrawals modi operandi and good practices, and identify new logical attacks and ATM and point-of-sales terminals malware. The final objective is to tackle organised crime groups with a view to maintaining a high level of security in Europe as well as all over the world.

More information can be found on the Europol website.

Europol-Interpol-Event 2