IOCTA 2021 Published by Europol

Europol has published its Internet Organised Crime Threat Assessment for 2021 (IOCTA 2021).  This highlights 5 Key Threats:

  • Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks.
  • Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication (2FA).
  • Online shopping has led to a steep increase in online fraud.
  • Explicit self-generated material is an increasing concern and is also distributed for profit.
  • Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and cryptocurrencies.

IOCTA 2021 looks into the (r)evolutionary development of these trends, catalysed by the expanded digitalisation of recent years.

  • Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals.
  • While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts.
  • The increase of online shopping in general has attracted more fraudsters.
  • With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly.
  • Grey infrastructure, including services offering end-to-end encryption, VPNs and cryptocurrencies continue to be abused for the facilitation and proliferation of a large range of criminal activities.

This has resulted in significant challenges for the investigation of criminal activities and the protection of victims of crime.

“Cybercrime is a reality and law enforcement worldwide needs to catch up,” said Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), ”…….Only by working together can we create innovative ideas and practical approaches that can put a halt to cybercrime acceleration. It is essential to establish the environment and resources required to do so,” he added.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including social engineering and online transactions.  The 11th EAST EPTF meeting took place on 10 November 2021.

EAST EPTF holds 11th Meeting

The 11th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 10th November 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 17 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers.

Europol, INTERPOL and the Swedish Police provided the law enforcement perspective, and Group-IB presented on the developing Classiscam fraud.

Short presentations were also made by Cartes Bancaires, HSBC, ING BankMasterCard Members’ AssociationPAN-Nordic Card AssociationSIBs, and Trend Micro.  Social engineering linked to non-banking fraud continues to be an issue of concern.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 212 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 3-2021

EAST has just published its third Fraud Update for 2021. This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 6 non-SEPA countries, at the 5th (virtual) EAST Interim Meeting held on 6th October 2021.

The following countries supplied full or partial information for this Update:

Armenia; Austria; Belgium; Canada; Cyprus; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2021 the EAST Expert Group on Payment and Transaction Fraud (EPTF) has published two related Payment Alerts and one related Security Alert, and the EAST Expert Group on All Terminal Fraud (EGAF) has published six related Fraud Alerts.

Fraud Update

To date in 2021 EAST EPTF has published one related Payment Alert.

FRAUD ORIGIN

 

To date in 2021 EAST EPTF has published one related Payment Alert and EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

 

To date in 2021 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

National & Global Fraud Intelligence sharing – 5th Interim EAST Meeting

The fifth Interim Meeting of EAST National and Global Members took place on Wednesday 6th October 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Veronica Borgogna from AXEPTA BNP Paribas.  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL.  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim). The USSS presentation covered Covid-19 pandemic relief fraud and the INTERPOL presentation covered recent issues relating to financial crimes in the LATAM region.

Private sector fraud intelligence updates were received from 28 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Regional Updates were also provided for ASP, MENA and LATAM. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

EAST Fraud Update 3-2021 will be produced early next month, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 9th February 2022, will hopefully be the 1st EAST Global Congress, which is planned as Hybrid Meeting.  This is dependant on the prevailing status of the Covid-19 pandemic and the meeting will revert to a virtual Interim Meeting if required.

EAST Payments Task Force (EPTF) holds Tenth Meeting

The Tenth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 7th July 2021.  Due to the Covid-19 situation it was conducted as a virtual meeting and 18 EPTF members participated.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers took part.

INTERPOL and Europol provided the law enforcement perspective, and short presentations were also made by Cartes Bancaires, Group-IB, ING Bank, JP Morgan Chase, LINK SchemeMasterCard Members’ AssociationPAN-Nordic Card AssociationPSAPLUSCARDSIBstietoEVRY, Trend Micro and Worldline.  Social engineering linked to non-banking fraud was reported as a rising issue.

The Group, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 210 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 2-2021

EAST has just published its second Fraud Update for 2021. This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 9 non-SEPA countries, at the 4th (virtual) EAST Interim Meeting held on 9th June 2021.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Brazil; Canada; Cyprus; Finland; France; Germany; Greece; Hungary; Ireland; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Arab Emirates; United Kingdom.

FRAUD TYPE

EAST

To date in 2021 the EAST Payments Task Force (EPTF) has published one related Payment Alert and the EAST Expert Group on All Terminal Fraud (EGAF) has published four related Fraud Alerts.

EAST

To date in 2021 the EPTF has published one related Payment Alert.

FRAUD ORIGIN

Social Engineering

Data Compromise

To date in 2021 the EPTF has published one related Payment Alert and EAST EGAF has published two related Fraud Alerts.

DUE DILIGENCE

EAST

PHYSICAL ATTACKS

Ram Raids

Robbery

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

National & Global Fraud Intelligence sharing – 4th Interim EAST Meeting

A fourth Interim Meeting of EAST National and Global Members took place on Wednesday 9th June 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Graham Mott from the LINK Scheme.  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL.  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim. The USSS presentation covered US Fraud Trends (2020/2021), along with prevention/detection techniques, and the INTERPOL presentation covered recent issues relating to financial crimes, money laundering, and asset tracing.

Private sector fraud intelligence updates were received from 31 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  A key issue, highlighted by most of the countries, continues to be the importance of raising consumer awareness to counter the rising threats related to social engineering.

EAST Fraud Update 2-2021 will be produced during July, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 6th October 2021, will also be a virtual Interim meeting.  The 1st EAST Global Congress is now scheduled to be held in February 2022, dependant on the prevailing status of the Covid-19 pandemic.

EAST Payments Task Force (EPTF) holds Ninth Meeting

The Ninth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 14th April 2021.  Due to the Covid-19 situation it was conducted as a virtual meeting and 24 EPTF members participated.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers took part.

INTERPOLEuropol, the US Secret Service and the DCPCU provided the law enforcement perspective, and Group-IB gave a presentation on e-skimming/JavaScript (JS) sniffers.

Short presentations were also made by Cartes Bancaires, Diebold NixdorfFiducia & GAD, HSBC, JP Morgan Chase, ING BankMasterCard Members’ AssociationPAN-Nordic Card AssociationPSAPLUSCARD, SIBs, STMPtietoEVRY and Trend Micro.  Investment scams and non-banking fraud were reported as rising issues.

The Group, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.

EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 207 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 1-2021

EAST has just published its first Fraud Update for 2021. This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 3rd (virtual) EAST Interim Meeting held on 10th February 2021.

The following countries supplied full or partial information for this Update:

Austria; Belgium; Cyprus; Denmark; Finland; France; Germany; Hungary; Ireland; Italy; Liechtenstein; Luxembourg; Netherlands; Norway; Poland; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update

To date in 2021 the EAST Expert Group on All Terminal Fraud (EGAF) has published one related Fraud Alert.

EAST Fraud Update

FRAUD ORIGIN

EAST Fraud Update

EAST Fraud Update

To date in 2021 the EAST Payments Task Force (EPTF) has published one related Payment Alert and EAST EGAF has published one related Fraud Alert.

DUE DILIGENCE

EAST Fraud Update

PHYSICAL ATTACKS

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

3rd Interim EAST Meeting – National and Global Members

A third Interim Meeting of EAST National and Global Members took place on Wednesday 10th February 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Martine Hemmerijckx from Worldline.

Law enforcement overviews were provided by Europol and the Gulf Cooperation Council Police (GCCPOL).  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries – it focussed on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim).

Updates were received from 26 countries, either directly or via a global update by Worldline.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  A key issue, highlighted by most of the countries, is the importance of raising consumer awareness to counter the rising threats related to social engineering.

EAST Fraud Update 1-2021 will be produced during March, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 9th June 2021, will also be a virtual Interim meeting.  The 1st EAST Global Congress is now scheduled to be held in October 2021, dependant on the prevailing status of the Covid-19 pandemic.