EAST Publishes Fraud Update 2-2022

EAST has published its second Fraud Update for 2022.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 1st EAST Global Congress held on 16th June 2022.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Canada; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Poland; Romania; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update 1

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published two related Fraud Alerts.

EAST Fraud Update 2

To date in 2022 the EAST EGAF has published three related Fraud Alerts.

FRAUD ORIGIN

To date in 2022 EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2022 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full EAST European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

 

EAST EPTF holds 13th Meeting

The 13th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 29th June 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 13 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol and the DCPCU provided the law enforcement perspective, and presentations were also made by Cartes Bancaires, Diebold NixdorfHSBCPAN-Nordic Card Association, Payment Services Austra (PSA), SIBsSTMP, TietoEVRY and Trend Micro.  Social engineering linked to authorised push payment (APP) or impersonation fraud is a key area of concern, as is ransomware.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

National & Global Fraud Intelligence sharing – 1st EAST Global Congress

The 1st EAST Global Congress took place on Thursday 16th June 2022 at Europol’s HQ in the Hague as a hybrid meeting, with some delegates participating online. This was the first in-person meeting of EAST Global and National Members since February 2020.  Six virtual interim meetings were held between that meeting and the Global Congress.

The meeting was chaired by Graham Mott from the LINK Scheme and the key focus was on the sharing of payment and terminal fraud intelligence (global, regional, national).  A special welcome was given to Olesya Danylchenko from the Ukrainian Interbank Payment Systems Member Association (EMA).

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), and the United States Secret Service (USSS).  An update was provided from Europol’s European Cybercrime Centre (EC3) on various fraud types and an updated version of the document Guidance and Recommendations Regarding Logical Attacks Against ATMs‘  was officially launched.  A presentation from Europol’s Organised Property Crime Unit covered recent Physical ATM attacks across Europe. The USSS update covered recent reports from the FBI’s Internet Crime Complaint Centre (IC3), as well the latest fraud trends seen.

Private sector fraud intelligence updates were received from 25 countries, either directly or via regional/global updates by HSBC and Worldline.  Regional Updates were also provided for ASP, and MENA.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

Updates were also given by the Chairs of the three EAST Expert Groups:

EAST Fraud Update 2-2022 will be produced early next month, based on the country updates provided at the EAST Global Congress.  EAST Fraud, Payment, and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The 2nd EAST Global Congress, scheduled for 5th October 2022, will also be held as a Hybrid Meeting.

EAST EPTF holds 12th Meeting

The 12th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 13th April 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 17 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol, INTERPOL and the DCPCU provided the law enforcement perspective, and the Ukrainian Interbank Payment Systems Member Association “EMA” gave a keynote presentation on the payments and fraud situation in Ukraine.

Short presentations were also made by Barclays, Cartes Bancaires, Diebold Nixdorf, HSBCING BankPAN-Nordic Card AssociationSIBs, STMP, TietoEVRY and Worldline.  Social engineering linked to non-banking fraud continues to be of concern and Investment Fraud is a rising issue.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 1-2022

EAST has published its first Fraud Update for 2022.  This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 6th (virtual) EAST Interim Meeting held on 9th February 2022.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Canada; Cyprus; Czech Republic; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

EAST Update

EAST Update

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published one related Fraud Alert.

FRAUD ORIGIN

DUE DILIGENCE

PHYSICAL ATTACKS

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

National & Global Fraud Intelligence sharing – 6th Interim EAST Meeting

The sixth Interim Meeting of EAST National and Global Members took place on Wednesday 9th February 2022 as a virtual meeting. The meeting was chaired by Thomas Von der Gathen from Payment Services Austria (PSA).  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), and the United States Secret Service (USSS).  An update was provided from Europol’s European Cybercrime Centre (EC3) on various fraud types and a presentation from Europol’s Organised Property Crime Unit covered recent Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim). The USSS update covered card fraud and recent man-in-the-middle black box attacks.

Private sector fraud intelligence updates were received from 28 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Regional Updates were also provided for ASP, MENA and LATAM. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue, particularly for elderly people.

EAST Fraud Update 1-2022 will be produced early next month, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 16th June 2022, will hopefully be the 1st EAST Global Congress, which is planned as Hybrid Meeting.  This is dependant on the prevailing travel situation at that time, and the meeting will revert to a virtual Interim Meeting if required.

IOCTA 2021 Published by Europol

Europol has published its Internet Organised Crime Threat Assessment for 2021 (IOCTA 2021).  This highlights 5 Key Threats:

  • Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks.
  • Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication (2FA).
  • Online shopping has led to a steep increase in online fraud.
  • Explicit self-generated material is an increasing concern and is also distributed for profit.
  • Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and cryptocurrencies.

IOCTA 2021 looks into the (r)evolutionary development of these trends, catalysed by the expanded digitalisation of recent years.

  • Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals.
  • While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts.
  • The increase of online shopping in general has attracted more fraudsters.
  • With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly.
  • Grey infrastructure, including services offering end-to-end encryption, VPNs and cryptocurrencies continue to be abused for the facilitation and proliferation of a large range of criminal activities.

This has resulted in significant challenges for the investigation of criminal activities and the protection of victims of crime.

“Cybercrime is a reality and law enforcement worldwide needs to catch up,” said Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), ”…….Only by working together can we create innovative ideas and practical approaches that can put a halt to cybercrime acceleration. It is essential to establish the environment and resources required to do so,” he added.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including social engineering and online transactions.  The 11th EAST EPTF meeting took place on 10 November 2021.

EAST EPTF holds 11th Meeting

The 11th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 10th November 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 17 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers.

Europol, INTERPOL and the Swedish Police provided the law enforcement perspective, and Group-IB presented on the developing Classiscam fraud.

Short presentations were also made by Cartes Bancaires, HSBC, ING BankMasterCard Members’ AssociationPAN-Nordic Card AssociationSIBs, and Trend Micro.  Social engineering linked to non-banking fraud continues to be an issue of concern.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 3-2021

EAST has just published its third Fraud Update for 2021. This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 5th (virtual) EAST Interim Meeting held on 6th October 2021.

The following countries supplied full or partial information for this Update:

Armenia; Austria; Belgium; Canada; Cyprus; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2021 the EAST Expert Group on Payment and Transaction Fraud (EPTF) has published two related Payment Alerts and one related Security Alert, and the EAST Expert Group on All Terminal Fraud (EGAF) has published six related Fraud Alerts.

Fraud Update

To date in 2021 EAST EPTF has published one related Payment Alert.

FRAUD ORIGIN

 

To date in 2021 EAST EPTF has published one related Payment Alert and EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

 

To date in 2021 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

National & Global Fraud Intelligence sharing – 5th Interim EAST Meeting

The fifth Interim Meeting of EAST National and Global Members took place on Wednesday 6th October 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Veronica Borgogna from AXEPTA BNP Paribas.  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL.  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim). The USSS presentation covered Covid-19 pandemic relief fraud and the INTERPOL presentation covered recent issues relating to financial crimes in the LATAM region.

Private sector fraud intelligence updates were received from 28 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Regional Updates were also provided for ASP, MENA and LATAM. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

EAST Fraud Update 3-2021 will be produced early next month, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 9th February 2022, will hopefully be the 1st EAST Global Congress, which is planned as Hybrid Meeting.  This is dependant on the prevailing status of the Covid-19 pandemic and the meeting will revert to a virtual Interim Meeting if required.