EAST EPTF holds 14th Meeting

The 14th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 9th November 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 14 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol and provided the law enforcement perspective, and presentations were also made by Cartes Bancaires, Diebold NixdorfDutch Banking Association, Group-IB, PAN-Nordic Card AssociationPayment Services Austra (PSA), PLUSCARD, SIBs, TietoEVRY and Worldline.  Social engineering remains a key concern, as does Card Not Present (CNP) fraud outside Europe.  Contactless fraud is a rising issue, as is mobile wallet fraud.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 34 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 216 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 3-2022

EAST has published its third Fraud Update for 2022.  This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 7 non-SEPA countries, at the 2nd EAST Global Congress held on 5th October 2022.

The following countries supplied full or partial information for this Update:

Algeria; Armenia; Canada; Finland; France; Germany; Greece; Ireland; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Morocco; Netherlands; Norway; Poland; Portugal; Romania; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published five related Fraud Alerts.

Fraud Update

To date in 2022 the EAST EGAF has published three related Fraud Alerts.

FRAUD ORIGIN

Fraud Update

To date in 2022 the EAST EGAF has published one related Fraud Alert.

Fraud Update

To date in 2022 the EAST EGAF has published one related Fraud Alert.

DUE DILIGENCE

Fraud Update

PHYSICAL ATTACKS

To date in 2022 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts.

The full EAST European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

Investment fraud scammer arrested

A cross border Police operation, supported by Europol, led to the arrest of a Croatian national believed to have been running a large-scale, multi-layered investment fraud scheme which cost unsuspecting victims a total of at least €5 million. Over 70 German victims have been identified so far.

On 6 October, the 50-year old man was arrested in Tenerife, Spain, by the National Police, as a result of a complex investigation involving four countries (Germany, the Netherlands, Spain and Hungary).  This arrest follows a complex investigation initiated in December 2019 by the German Police Headquarters Ludwigsburg, with the support of Europol’s European Financial and Economic Crime Centre (EFECC).

On the action day 37 property searches were carried out: Germany (18), the Netherlands (12), Spain (4) and Hungary (3).

How The Investment Fraud Scam worked

  • The criminal pretended to be an employee of a real, Geneva-based investment company, reaching out to unsuspecting victims to persuade them to part with their savings, and promising lucrative investment companies.
  • To appear legitimate, he set up a fake (spoof) website which looked almost identical to the real company’s website.
  • To trick his victims he provided fake investment documents that appeared to come from legitimate banks and insurance companies.
  • The victims were instructed to send funds, via wire transfer, to bank accounts he controlled.
  • Once the payments had been made, he disappeared with the money, moving the stolen funds from one jurisdiction to the other to conceal their illegal origin. (The investigators were able to track the stolen funds to Türkiye).

European Coordination

International police cooperation was central in bringing the perpetrator to justice as the criminal had set up a sophisticated infrastructure spread across multiple countries to hamper law enforcement’s abilities to track him down.

Europol’s EFECC supported the investigation by bringing together the national investigators to establish a joint strategy and to organising the intensive exchange of evidence needed to prepare for final phase of the investigation.  Europol experts from its European Financial and Economic Crime Centre were also deployed to Spain to assist the Spanish national authorities with the action day.

Stay Safe!

Europol’s advice to prospective investors to avoid investment fraud:

  • Don’t rely on unsolicited marketing material/calls/emails or social media direct contact: Do an internet search for the company name and verify the contact information with the financial institution or firm directly.
  • Compare and confirm websites: Check for misspellings in the website, the complete website name (URL) and email address. Also, many consumer protection and financial market supervisory authorities publish lists of abused websites and warnings on current frauds.
  • Avoid unusual payment methods: Be cautious if you are instructed to send funds via wire transfer to an off-shore location, or if you are instructed to pay using cryptocurrency or other unusual payment method.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including investment fraud. The 13th EAST EPTF meeting took place on 29 June 2022.

National & Global Fraud Intelligence sharing – 2nd EAST Global Congress

The 2nd EAST Global Congress took place on Wednesday 5th October 2022 in London as a hybrid meeting, with some delegates participating online. The event was hosted by the LINK Scheme.

The meeting was chaired by Veronica Borgogna from Worldline and the key focus was on the sharing of payment and terminal fraud intelligence (global, regional, national).

Law enforcement overviews were provided by Europol’s European Cybercrime Centre (EC3) on various fraud types, and the Gulf Cooperation Council Police (GCCPOL) on technological and non-technological fraud trends.

Private sector fraud intelligence updates were received from 25 countries, either directly or via regional/global updates by HSBC and Worldline.  Regional Updates were also provided for ASP, LATAM, and MENA.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains the key issue, and discussions also took place on a new fraud modus operandi now affecting four countries.

Updates were also given by the Chairs of the three EAST Expert Groups:

EAST Fraud Update 3-2022 will be produced early next month, based on the country updates provided at the EAST Global Congress.  EAST Fraud, Payment, and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The 3rd EAST Global Congress, scheduled for 8th February 2023, will also be held as a Hybrid Meeting.

EAST Publishes Fraud Update 2-2022

EAST has published its second Fraud Update for 2022.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 1st EAST Global Congress held on 16th June 2022.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Canada; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Poland; Romania; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update 1

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published two related Fraud Alerts.

EAST Fraud Update 2

To date in 2022 the EAST EGAF has published three related Fraud Alerts.

FRAUD ORIGIN

To date in 2022 EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2022 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full EAST European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

 

EAST EPTF holds 13th Meeting

The 13th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 29th June 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 13 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol and the DCPCU provided the law enforcement perspective, and presentations were also made by Cartes Bancaires, Diebold NixdorfHSBCPAN-Nordic Card Association, Payment Services Austra (PSA), SIBsSTMP, TietoEVRY and Trend Micro.  Social engineering linked to authorised push payment (APP) or impersonation fraud is a key area of concern, as is ransomware.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

National & Global Fraud Intelligence sharing – 1st EAST Global Congress

The 1st EAST Global Congress took place on Thursday 16th June 2022 at Europol’s HQ in the Hague as a hybrid meeting, with some delegates participating online. This was the first in-person meeting of EAST Global and National Members since February 2020.  Six virtual interim meetings were held between that meeting and the Global Congress.

The meeting was chaired by Graham Mott from the LINK Scheme and the key focus was on the sharing of payment and terminal fraud intelligence (global, regional, national).  A special welcome was given to Olesya Danylchenko from the Ukrainian Interbank Payment Systems Member Association (EMA).

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), and the United States Secret Service (USSS).  An update was provided from Europol’s European Cybercrime Centre (EC3) on various fraud types and an updated version of the document Guidance and Recommendations Regarding Logical Attacks Against ATMs‘  was officially launched.  A presentation from Europol’s Organised Property Crime Unit covered recent Physical ATM attacks across Europe. The USSS update covered recent reports from the FBI’s Internet Crime Complaint Centre (IC3), as well the latest fraud trends seen.

Private sector fraud intelligence updates were received from 25 countries, either directly or via regional/global updates by HSBC and Worldline.  Regional Updates were also provided for ASP, and MENA.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

Updates were also given by the Chairs of the three EAST Expert Groups:

EAST Fraud Update 2-2022 will be produced early next month, based on the country updates provided at the EAST Global Congress.  EAST Fraud, Payment, and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The 2nd EAST Global Congress, scheduled for 5th October 2022, will also be held as a Hybrid Meeting.

EAST EPTF holds 12th Meeting

The 12th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 13th April 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 17 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol, INTERPOL and the DCPCU provided the law enforcement perspective, and the Ukrainian Interbank Payment Systems Member Association “EMA” gave a keynote presentation on the payments and fraud situation in Ukraine.

Short presentations were also made by Barclays, Cartes Bancaires, Diebold Nixdorf, HSBCING BankPAN-Nordic Card AssociationSIBs, STMP, TietoEVRY and Worldline.  Social engineering linked to non-banking fraud continues to be of concern and Investment Fraud is a rising issue.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 1-2022

EAST has published its first Fraud Update for 2022.  This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 6th (virtual) EAST Interim Meeting held on 9th February 2022.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Canada; Cyprus; Czech Republic; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

EAST Update

EAST Update

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published one related Fraud Alert.

FRAUD ORIGIN

DUE DILIGENCE

PHYSICAL ATTACKS

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

National & Global Fraud Intelligence sharing – 6th Interim EAST Meeting

The sixth Interim Meeting of EAST National and Global Members took place on Wednesday 9th February 2022 as a virtual meeting. The meeting was chaired by Thomas Von der Gathen from Payment Services Austria (PSA).  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), and the United States Secret Service (USSS).  An update was provided from Europol’s European Cybercrime Centre (EC3) on various fraud types and a presentation from Europol’s Organised Property Crime Unit covered recent Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim). The USSS update covered card fraud and recent man-in-the-middle black box attacks.

Private sector fraud intelligence updates were received from 28 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Regional Updates were also provided for ASP, MENA and LATAM. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue, particularly for elderly people.

EAST Fraud Update 1-2022 will be produced early next month, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 16th June 2022, will hopefully be the 1st EAST Global Congress, which is planned as Hybrid Meeting.  This is dependant on the prevailing travel situation at that time, and the meeting will revert to a virtual Interim Meeting if required.