EAST has just published its third European Fraud Update for 2019. This is based on country crime updates given by representatives of 16 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 49th EAST Meeting held in London on 8th October 2019.
Payment fraud issues were reported by seventeen countries. Social engineering is a key concern. Seven countries reported phishing attacks. One of them stated that fraudsters are using phishing to get targets for fake web campaigns where consumers can win money, and another reported fake web surveys aimed at getting consumer data. In one country the quality of vishing calls is improving, where the people making the spoof calls are very believable and often have local accents from the customer’s home area. Impersonation fraud was reported by four countries – in one of them police officers are impersonated, and another reported spoof calls being received by customers from bank call centres.
Card Not Present (CNP) fraud was reported by six countries. One of them reported CNP fraud at digital media players. Contactless fraud was reported by two countries – in one of them it is related to lost and stolen cards, and in the other card present (CP) transactions are being made at small merchants up to the allowed limit. To date in 2019 the EAST Payments Task Force (EPTF) has issued five related Payment Alerts.
ATM malware and logical attacks were reported by five countries – one reported a new way of getting malware onto an ATM, that did not succeed, and four reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2019 the EAST Expert Group on All Terminal Fraud (EGAF) has published seven related Fraud Alerts.
Card skimming at ATMs was reported by thirteen countries. Overall skimming incidents in Europe continue to decline. Three countries reported the usage of ‘M3 – Card Reader Internal Skimming devices’, and the most recent variants continue to be made of transparent plastic. To date in 2019 EAST EGAF has published thirteen related Fraud Alerts. Year to date International skimming related losses were reported in 41 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.
Four countries reported card trapping attacks, one of them reporting such attacks at fake terminals, designed to resemble lobby door opening devices at bank branches.
Ram raids and ATM burglary were reported by nine countries and twelve countries reported explosive gas attacks. After one such attack collateral damage of over €200,000 was reported. Six countries reported solid explosive attacks. The usage of Triacetone Triperoxide (TATP) for solid explosive attacks is increasing across Europe. This explosive is also known as the ‘Mother of Satan’. Mixing TAPT is a complicated procedure that requires good knowledge of the chemicals, as there is a danger of setting off an unexpected explosion.
The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings. To date in 2019 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published nine related Physical Attack Alerts.
The full European Fraud Update is available to EAST Members (National and Associate).