Card skimming losses continue to rise outside Europe

EAST 2015 Crime ReportIn a European ATM Crime Report covering the full year 2015 EAST has reported that skimming losses relating to the usage of stolen European card data outside Europe have risen to the highest level seen since 2008.

There was a 19% increase in ATM related fraud attacks, up from 15,702 to 18,738 in 2015.  This increase was mainly driven by a significant rise in Transaction Reversal Fraud (TRF) attacks (up from 160 to 5,104) and a smaller rise in card trapping attacks (up from 5,298 to 6,352).  4,131 card skimming incidents were reported, down 27% from 5,631 in 2014.

Losses due to ATM related fraud attacks were up 17% when compared with 2014 (up from €280 million to €327million).  This rise was largely driven by a 15% rise in international skimming losses (up from €238 million to €274 million).  The USA and the Asia-Pacific region are where the majority of such losses were reported.  Domestic skimming losses rose 19% over the same period (up from €37 million to €44 million).

EAST Executive Director Lachlan Gunn said, “While regional card blocking, often known as geo-blocking, is effective at minimising international skimming losses when implemented, the continued rise of such losses is of concern to Europe.  EAST is now working closely with Europol to increase awareness among experts in Asia-Pacific and the Americas about all types of non-cash means of payment, including card skimming, ATM malware, internet fraud and eCommerce fraud.  Most recently we supported the Second Strategic Meeting on Payment Card Fraud.  This event, which was organised by Europol’s European Cybercrime Centre (EC3) in Kuala Lumpur on 22-23 March 2016, provided the regional law enforcement community with a comprehensive overview of the ATM fraud and its migration to Asia, and the focus is now to establish a cross-regional network to assist international investigations.”

ATM related physical attacks rose by 34% when compared with 2014 (up from 1,980 to 2,657 incidents).  This is partly explained by a 9% increase in reported solid explosive and explosive gas attacks.  673 such attacks were reported, up from 619 in 2014.  Nine countries reported such attacks, four of them countries with more than 40,000 ATMs installed.  The number of reported robberies also increased, up from 60 in 2014 to 838 in 2015.  This rise is partly due to the fact that more countries are now apply to provide such data.

Losses due to ATM related physical attacks rose 81% to €49 million (up from €27 million in 2014).  The average cash loss for ram raids/ATM burglary was €17,830 per incident, and the average cash loss for an explosive or gas attack is €15,602 per incident.  While around 40% of such attacks do not result in cash loss, collateral damage to equipment and buildings can be significant.

In 2014 EAST began to collect statistics for ATM Malware after the first incidents were reported in Western Europe.  15 incidents were reported in 2015, down from 51 in 2014.  These were all ‘cash out’ or ‘jackpotting’ attacks.  Related losses of €743,000 were reported, down from €1.23 million in 2014.

To counter the malware threat, the EAST Expert Group on ATM Fraud (EGAF) worked with the European Cybercrime Centre (EC3) at Europol to create ‘Guidance & recommendations regarding logical attacks on ATMs’, a document published by Europol in June 2015.

 A summary of the report statistics under the main headings is in the table below.

EAST 2015 Crime Report Summary Stats

The full Crime Report is available to EAST Members (National and Associate).

Second Strategic Meeting on Payment Card Fraud

Second Strategic Meeting on Payment Card FraudEAST represented the private sector at the Second Strategic Meeting on Payment Card Fraud (PCF) in Kuala Lumpur, Malaysia.

This event which was organised by Europol’s European Cybercrime Centre (EC3) on 22-23 March 2016, provided the law enforcement community with a comprehensive overview of the ATM fraud and its migration to Asia.  The event was co-organised with ASEANAPOL, with the cooperation of INTERPOL and the support of the Romanian National Police and the Royal Malaysian Police.

This two-day meeting brought together 25 law enforcement officers from EU Member States (Bulgaria, Germany, Greece, Romania and the UK) with their counterparts from the ASEANAPOL community (including Brunei, Cambodia, Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) to discuss cooperation in preventing and combating this type of crime.

Opening Ceremony 2EAST Executive Director Lachlan Gunn gave an overview of the European ATM Fraud situation and the problem caused by increasing losses in the ASEAN region.

The aim of the event was to increase awareness among experts about all types of non-cash means of payment, including card skimming, ATM malware, internet fraud and eCommerce fraud.  New and unreported modus operandi recently detected by different investigative units were shared between experts and cases involving European criminals active in Asia were discussed,  resulting in the elaboration of operational plans for coordinated actions in a close future.  

In November 2015 EAST supported the First Strategic Meeting on Payment Card Fraud which was held in the INTERPOL Global Complex for Innovation (IGCI) and was co-hosted by Europol and INTERPOL with the financial support of the Romanian authorities.

In October 2015 EAST participated in a two-day meeting in Bogota (Colombia) to discuss payment card fraud overseas and money withdrawals in Latin America.

 

 

ECB reports an overall increase in Card Fraud, although fraud at ATMs is down

ECB_EN_RGBThe European Central Bank (ECB) has just published its 4th Report on Card Fraud, covering 2013.  The report analyses developments in fraud related to card payment schemes (CPSs) in the Single Euro Payments Area (SEPA) and covers almost the entire card market.

The total value of fraudulent transactions conducted using cards issued within SEPA and acquired worldwide amounted to €1.44 billion in 2013, which represented an increase of 8% from 2012. In relative terms (i.e. as a share of the total value of transactions) fraud rose by 0.001 percentage point to 0.039% in 2013, up from 0.038% in 2012.  66% of the value of fraud resulted from card-not-present (CNP) payments (i.e. payments via the internet, post or telephone), 20% from transactions at POS terminals and 14% from transactions at ATMs.

The increase was due to CNP fraud, which saw €958 million in fraud losses in 2013. ATM and POS fraud fell –  card fraud committed at ATMs was down 13.7% when compared to 2012, the first time in four years that ATM fraud fell, while fraud committed at POS terminals was down by 7.9%.

The lower level of ATM fraud was due mainly to a substantial decrease in card-not-received and counterfeit fraud for this category. Counterfeit fraud accounted for 45% of the value of fraud at ATMs and POS terminals, while fraud using lost or stolen cards made up 43%. As observed in previous years, counterfeit fraud was predominant for transactions acquired in countries outside SEPA.

The full report can be downloaded from the ECB website.

“Project Sandpiper”, an EU Project to fight Payment Card Fraud, will be presented at EAST FCS 2015

DCPCU LogoA Case Study on “Project Sandpiper” will be presented at the EAST Financial Crime and Security Forum (EAST FCS 2015). The successful project, an exercise in Private Sector & Law Enforcement cooperation, was initiated by UK authorities and headed by the Dedicated Card and Payment Crime Unit (DCPCU).

The DCPCU is a special police unit comprising police officers appointed from the City of London Police and Metropolitan Police Services who operate together with industry fraud investigators. The DCPCU secured European Commission funding in 2013 in order to finance the project specifically focused on tackling Romanian criminality affecting the UK payment industry at the time.

The project involved connecting the DCPCU with the UK payments industry as well as law enforcement officers in Romania, involved in tackling the country’s organised crime gangs.

The Case Study, which will be jointly presented by Ben Birtwistle from the Royal Bank of Scotland (RBS) and Russell Chinn from the DCPCU, will  explain how to effectively coordinate efforts to combat card fraud and ATM fraud through cooperation and information sharing.

Speaker Spotlight

Ben Birtwistle RBSBen Birtwistle is Manager – Customer Outcomes & Fraud – ATM Operations, at RBS Group. He heads the Customer Outcomes & Fraud unit in RBS ATM Operations, overseeing all deliverables designed to ensure customers are served correctly and securely at any RBS, NatWest, Ulster Bank or Tesco Bank ATM. Previous roles include Manager ATM Fraud Control, Intelligence & Co-Ordination Analyst and Customer Contact Training Manager. Ben started in the bank in 2003 after completing a Fine Arts degree and taking time out to travel.

Book soon to ensure you don’t miss your opportunity to attend the event. Places are limited and registration priority will be given to EAST Members, National and Associate.