EAST EPTF holds 11th Meeting

The 11th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 10th November 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 17 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers.

Europol, INTERPOL and the Swedish Police provided the law enforcement perspective, and Group-IB presented on the developing Classiscam fraud.

Short presentations were also made by Cartes Bancaires, HSBC, ING BankMasterCard Members’ AssociationPAN-Nordic Card AssociationSIBs, and Trend Micro.  Social engineering linked to non-banking fraud continues to be an issue of concern.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

#SellSafe – Safety Awareness for Online Shopping

EuropolEFECC launched the #SellSafe awareness campaign on 3 November as part of their 2021 eCommerce Action.

Organised crime groups are continuously adapting online fraud methods to exploit both online shoppers and e-commerce companies.  Their opportunities are growing!  Since the start of the pandemic the number of businesses selling online has increased, and the average shopper is using online services several times each week.  New technologies such as Secure Customer Authentication (SCA) or Two-Factor Authentication (2FA) have made online purchasing more secure, but cybercriminals are still finding ways to steal cash from online shoppers.

Europol launched the #SellSafe awareness campaign along with the Merchant Risk Council and participating countries.  This follows a successful campaign last year which highlighted the top tactics for fighting online fraud. The aim of the new campaign is to make e-commerce more secure by promoting safe online purchasing methods and by helping new merchants to open their first online shop without the risk of cyberattacks.

From 1 to 31 October 2021 law enforcement authorities from participating countries, supported by Europol and the Merchant Risk Council, joined forces in a coordinated action against online fraud as part of the 2021 eCommerce Action.  This resulted in 46 arrests linked to fraudulent transactions.  The criminal modus operandi involved the use of certain mobile apps associated with banks in order to make transfers and purchases illegally.  In 2019 an operation by Europol’s European Cybercrime Centre (EC3) led to 60 arrests as part of their #BuySafePaySafe action.

The 2021 #SellSafe participating countries include: Albania, Austria, Belgium, Colombia, Croatia, Greece, Hungary, Ireland, Italy, Georgia, the Netherlands, North Macedonia, Poland, Portugal, Slovenia, Slovakia, Spain, Switzerland and the United States.

The participating countries will promote the campaign through their social media channels using the #SellSafe hashtag to help online shoppers understand the risks of e-commerce fraud.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including social engineering and online transactions.  The next EPTF meeting will take place on 10 November 2021.

STAY SAFE ONLINE

To protect online shoppers and merchants, Europol has provided a number of helpful tips to stay one step ahead of the scammers and to prevent financial loss.

Tips to protect your e-business:

  • Ensure all employees are aware of the fraud issues affecting online stores
  • Stay up to date on the types of payment fraud affecting businesses and have the tools in place to prevent them. Your national payments organisation will have details on payment fraud types
  • Get to know your customers in order to be able to verify their payments

Tips for online shoppers:

Never send your card number, PIN or any other card information to anyone by e-mail

  • Never send money to anyone you don’t know
  • Always save all documents related to your online purchases
  • If you are not buying anything, don’t submit your card details

Find more tips on how to protect yourself and your business from e-fraudsters here.

More general advice on how to shop safely online is available here.

Investment Fraud network dismantled by cross-border operation

On 11 May 2021, a large criminal network involved in investment fraud and money laundering was dismantled as a result of a cross border operation supported by Europol and Eurojust.  This was a large-scale online investment fraud network with hundreds of victims across Europe.

LAW ENFORCEMENT ACTION

The investigation, led by Germany, involved law enforcement and judicial authorities from Bulgaria, Israel, Latvia, North-Macedonia, Poland, Spain and Sweden. The final results were:

  • 11 arrests (5 in Bulgaria and 1 in Israel on the action day and 5 previously in Spain)
  • 12 locations were searched in Bulgaria, Israel, Poland, North Macedonia and Sweden
  • Seizures included numerous electronic devices, real estate, jewellery, high-end vehicles and approximately €2 million in cash
  • Bank accounts have also been frozen

Europol supported the operation by facilitating information exchange and providing analytical support and operational coordination. During the action day, Europol experts cross-checked operational information in real-time against Europol’s databases to provide leads to investigators in the field.

HOW THE INVESTMENT FRAUD WORKED

The criminal network, organised mainly by Israeli nationals, created different, professional looking, online trading platforms advertising substantial profits from investments in high-risk options and cryptocurrencies. The victims were targeted through advertisements in social media and search engines. The criminals posed as experienced brokers when contacting the victims via the call centres they had set-up, operating from Bulgaria and North Macedonia. They used manipulated software to show the gains from the investments and to encourage the victims to keep investing.

Victims across Europe are estimated to have lost at least €30 million to the fraud. Victims in Germany suffered at least €7 million of these losses, while 300 complaints were filed in Spain. The suspects laundered the illegal profits through bank accounts controlled or owned by shell companies based in different EU countries.

FRAUD DEFINITIONS

The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment fraud.  It has provided fraud definitions to be adopted globally when describing or reporting payment or terminal fraud.  Investment Fraud is classified as a form of Technological Fraud (Attacks against Technology).

EAST presents at the ATEFI Security Committee 2021

EAST Development Director Rui Carvalho presented at the ATEFI Security Committee on 30th April 2021, a virtual event.  The impact of the Covid-19 pandemic has made it more important than ever for the sharing of threat intelligence to strengthen security strategies in Electronic Payments.  The event focussed on both physical and cyber security.  Rui shared key information and statistics from the latest EAST Payment Terminal Crime Report, as well as insights from the 9th Meeting of the EAST Payments Task Force (EPTF) held on 14th April 2021.  He covered:

  • ATM Malware & Logical Attacks
  • Terminal Related Fraud
  • ATM Physical Attacks
  • Payment Fraud (social engineering, ransomware, e-skimming)

The event was attended by public officials, law enforcement agencies, regulatory entities, representatives of international organisations, Managers and Network Security Officials, ATEFI Members from the entire LATAM region and Spain, as well as bank officials, representatives of the Latin American Bank Associations, Credit and Debit Card executives, and specialised media.

ATEFI is the Latin American Association of Operators Electronic Funds Transfer and Information Services and represents 20 ATM networks in 14 countries throughout Latin America.

In May 2016 EAST and ATEFI joined forces in order to further strengthen cross border cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks.

Europol supports hit on Investment Fraud Network

Insignia of the Lithuanian PoliceOn 4 March 2021, Europol supported a hit on a large investment fraud network operating in several EU Member States. The investigation, led by the Lithuanian Police (Lietuvos Policija), and involving law enforcement authorities from Germany, Sweden and the United Kingdom, was also assisted by Eurojust.  By offering fake Retirement Plans, the network defrauded its German victims of a total of €1.5 million.

HOW THE SCAM WORKED 

The criminal network specifically targeted academics in Germany, offering  fake accounts that in reality belonged to Lithuanian companies that were behind the investment fraud scam. The victims wanted to invest their funds in saving accounts hosted on foreign online deposit platforms. The victims found the offers themselves, and then applied for the services. They also sent deposits to individual accounts opened under their names. The criminals offered them fake savings accounts, where the funds had to be deposited for a significant time period, usually between six months and three years.  This gave them time to escape with the funds and hide their traces.  On receipt the criminals transferred the funds to accounts in other EU Member States, and part of them were cashed out at ATMs in Sweden.  A total of €1.5 million was stolen in this way.

LAW ENFORCEMENT ACTION

EFECCThe action day in Lithuania led to:

  • 26 house searches (18 in Lithuania and 8 in Sweden)
  • 5 arrests (4 in Lithuania and 1 in Sweden)
  • 38 victims identified
  • Accounts worth more than €1.2 million frozen (€500,000 in Lithuania and €700,000 in other countries)
  • Seizures include electronic equipment and various documents

Europol supported the operation by facilitating information exchange and providing analytical support. During the action days, Europol cross-checked operational information in real-time against Europol’s databases to provide leads to investigators in the field.

FRAUD DEFINITIONS

The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment fraud.  It has provided fraud definitions to be adopted globally when describing or reporting payment or terminal fraud.  Investment Fraud is classified as a form of Technological Fraud (Attacks against Technology).

Carding Action by Police prevents €40 million in losses

EFECCCarding Action 2020, an operation led by law enforcement agencies from Italy and Hungary and supported by the UK and Europol, targeted fraudsters selling and purchasing compromised card details on websites selling stolen credit card data, known as ‘card shops’, and ‘dark web marketplaces’.

The operation sought to mitigate and prevent losses for financial institutions and cardholders. Group-IB and card schemes worked in close cooperation with police authorities from the countries involved. During the three-month operation, 90,000 pieces of card data were analysed and prevented approximately €40 million in losses.

Europol facilitated the coordination and the information exchange between law enforcement authorities and partners from the private sector. Europol’s experts provided operational analysis on large volumes of data and supported with expertise in the field of payment card fraud.

“Cybercrime can affect all aspects of our daily life, from paying in the supermarket, transferring money to our friends to using online communication tools or Internet of Things devices at home. Cybercriminals can attack us in different ways and this requires a robust response not only from law enforcement, but also from the private sector,” said Edvardas Sileris, Head of Europol’s European Cybercrime Centre (EC3). “With more than €40 million in losses prevented, Carding Action 2020 is a great example of how sharing information between private industries and law enforcement authorities is a key in combating the rising trend of e-skimming and preventing criminals from profiting on the back of EU citizens…..” he added.

The expansion of e-skimming attacks targeting merchant point of sale systems and e-commerce merchants also influenced the significant increase of prevented losses. As reported in Europol’s iOCTA 2020, card-not-present (CNP) fraud is a criminal threat in constant evolution, generating millions of euros of losses and affecting thousands of victims from across the EU.

The EAST Payments Task Force (EPTF) is a public-private sector platform that focusses on tackling the issues of e-skimming and payment fraud.

COVID-19 impact on Non-Cash Payment Fraud

EAST Executive Director Lachlan Gunn presented at a webinar organised by the European Union Agency for Law Enforcement Training (CEPOL) that focussed on the impact of the COVID-19 pandemic on Non-Cash Payment Fraud.  The webinar took place on Thursday 29 October and was attended by over 80 representatives from European Law Enforcement Agencies and Judicial Authorities specialised in electronic payment fraud investigations.

The objective of the webinar was to raise awareness of:

  • different trends and typologies of electronic payment frauds (Card Present Fraud and Card Not Present Fraud);
  • public-private cooperation and role of the private sector in combatting non-cash payment fraud.

The EAST presentation highlighted the role played by EAST in combatting financial crime, how its public/private sector platforms operate, and the impact of the COVID-19 pandemic.  The key topics covered by EAST were:

2nd Interim EAST Meeting – National and Global Members

A second Interim Meeting of EAST National and Global Members took place on Wednesday 7th October 2020. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Rui Carvalho, EAST Development Director.  The 1st EAST Global Congress is now scheduled to be held in February 2021, dependant on the prevailing status of the pandemic.

Law enforcement overviews were provided by EuropolINTERPOL and the Gulf Cooperation Council Police (GCCPOL).  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered the recent publication of their Internet Organised Crime Threat Assessment (IOCTA 2020), focussed on criminal trends relating to Covid-19, and prevention and awareness; the other covered Physical ATM attacks across Europe.  The INTERPOL presentation covered the impact of Covid-19 on Financial crimes from the global perspective and the GCCPOL presentation covered payment and fraud issues seen by their 6 member countries.

Updates were received from 28 countries, either directly or via a global update by HSBC. As with the previous meeting, the key focus remained on the impact of the coronavirus crisis and each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).

EAST Fraud Update 3-2020 will be produced during October, based on the country updates provided at the Interim EAST Meeting. EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

IOCTA 2020 Published by Europol

IOCTA 2020Europol has published its Internet Organised Crime Threat Assessment for 2020 (IOCTA 2020).   This highlights the dynamic and evolving threats from cybercrime and provides a unique law enforcement focused assessment of emerging challenges and key developments in the space.  The data collection for the IOCTA 2020 took place during the lockdown implemented as a result of the COVID-19 pandemic.  Indeed, the pandemic prompted significant change and criminal innovation in the area of cybercrime.  Criminals devised both new modi operandi and adapted existing ones to exploit the situation, new attack vectors and new groups of victims.

So much has changed since Europol published last year’s IOCTA. The global  pandemic forced the reimagination of our societies and the reinvention of the way we work and live.  During the lockdown, people turned to the Internet for a sense of normality: shopping, working and learning online at a scale never seen before.  The IOCTA 2020 seeks to map the evolving cybercrime threat landscape and understand how law enforcement responds to it.  Although the COVID-19 crisis has shown how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems, some of which are shown below:

CROSS-CUTTING CRIME

  • Social engineering and phishing remain an effective threat to enable other types of cybercrime.  Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service.  Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.
  • Encryption continues to be a clear feature of an increasing number of services and tools.  One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations.  The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

MALWARE REIGNS SUPREME

  • Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance.  While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom.  Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.

PAYMENT FRAUD: SIM SWAPPING A NEW TREND

  • SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in IOCTA 2020.  As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts.  Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.

CRIMINAL ABUSE OF THE DARK WEB

  • In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.

EPTF holds Seventh Meeting

EPTFThe Seventh Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 15th April 2020.  Due to the Covid-19 situation it was conducted as a virtual meeting and 16 EPTF members participated.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers took part.

There was a detailed discussion on the impact of Covid-19 on fraud and updates were provided from Austria, France, Germany, the Netherlands, Norway, Portugal, Spain and the United Kingdom  Updates were also given by Europol, Group-IB and Trend Micro.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 213 EAST Associate Member Organisations from 53 countries and territories.