EAST has just published its first European Fraud Update for 2017. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 41st EAST meeting held in Oslo, Norway on 8th February 2017.
Card skimming at ATMs was reported by eighteen countries. The usage of M3 – Card Reader Internal Skimming devices continues. This type of device is placed at various locations inside the motorised card reader behind the shutter. Five countries reported such attacks and EAST has recently published four related ATM Fraud Alerts.
International skimming related losses were reported in 45 countries and territories outside of the SEPA and in 9 within SEPA. The top three locations where such losses were reported remain the USA, Indonesia and India.
Skimming attacks on other terminal types were reported by eight countries and four countries reported such attacks on unattended payment terminals (UPTs) at petrol stations. One country reported the use of an M3 – Card Reader Internal Skimming Device at a public transport ticket machine, the first time this has been seen.
One country reported a new form of crime, ‘Cash-in’ or ‘Cash Deposit’ fraud. The criminals deposit fake banknotes into ATMs (where the cash deposit function is available) and then credit their cards or other accounts.
ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. EAST has recently published seven related ATM Fraud Alerts. To help counter such attacks Europol has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’. This is available in four languages: English, German, Italian and Spanish.
Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks. The use of solid explosives continues to spread and seven countries reported such attacks.
Payment fraud issues were reported by five countries. One country reported an increase in both vishing and phishing attacks and another reported criminal abuse of the chargeback system.
The full Fraud Update is available to EAST Members (National and Associate).