EAST Publishes European Fraud Update 3-2014

EDINBURGH, Scotland - Nov. 25, 2014 - PRLog -- This is based on country crime updates given by representatives of 17 countries in the Single Euro Payments Area (SEPA), and 2 non-SEPA countries, at the 34th EAST meeting held at Sistema 4B in Madrid on 8th October 2014.

Card skimming at ATMs was reported by sixteen countries, with increases reported by two countries and decreases by seven countries.  One country reported the reappearance of skimmers at ATMs with DIP card readers and two countries reported card data compromise through wire-tapping or ‘Eavesdropping’.   The use of side bars to conceal cameras for PIN compromise appears to be becoming more prevalent.

European fraud counter-measures such as Geo-blocking, fraud monitoring capabilities and fraud detection continue to improve and most ATM related card skimming losses occur outside Europe and are migrating away from EMV* Chip liability shift areas.  In 2014 such losses have been reported in 46 countries and territories outside of the Single Euro Payments Area (SEPA) and in 7 within SEPA.  The USA remains the top location for such losses, followed by Indonesia and Thailand.

Skimming attacks on other terminal types were reported by nine countries.  Attacks on unattended payment terminals (UPTs) at petrol stations were seen in six countries, while three countries saw attacks at point-of-sale (POS) terminals.  In an action day (Operation Imperium) on 30th September 2014 Bulgarian and Spanish judicial and law enforcement authorities, working in close cooperation with Europol’s European Cybercrime Centre (EC3) in The Hague, dismantled another significant Bulgarian organised crime network suspected of a variety of crimes including large scale ATM skimming, electronic payment fraud and forgery of documents.

Cash trapping incidents appear to be on the increase and were reported by fourteen countries.  One country reported the emergence of a new type - trapping cash deposited at ATMs with a banknote recycling function.
Five countries reported transaction reversal fraud (TRF) incidents and card trapping incidents were also reported by five countries.

ATM malware incidents were reported by three countries.  These were related to ‘cash out’ or ‘jackpotting’ and in two of the countries the malware was recognised as the Backdoor.Padpin Trojan.  On 16th July 2014 an international organised cybercrime network was successfully taken down in Romania and France with the support of EC3 at Europol.  The network was suspected of electronic payment crimes including intrusions into international non-cash payment systems (through malware attacks), illegal worldwide financial transactions and money transfers, card data compromising (via skimming attacks), money laundering and drug trafficking.

Ram raids and ATM burglary were reported by eight countries, with one of them reporting increases in this type of attack.  Eight countries reported explosive gas attacks and one of them also reported attacks on ATMs using solid explosives.  Criminal groups are sharing information across borders and are exploiting the opportunities created by national borders.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers and details of how to join or subscribe to EAST can be found at https://www.european-atm-security.eu

*EMV (also known as ‘chip and PIN’) is an industry standard for Smart Cards and card readers, supported by the European Payments Council and the major payment schemes

ENDS

EUROPEAN ATM FRAUD UPDATE 3-2014
The above release is based on a European Fraud Update prepared three times a year by EAST, based on country crime updates given at its meetings.  These Updates are prepared by EAST to provide interested parties with an overview of the European ATM crime situation.  They are produced for EAST National Members, EAST Associate Members (including Law Enforcement officers), and EAST Subscribers.  The following countries supplied full or partial information for this Update:

Austria, Czech Republic; Finland; France; Germany; Hungary; Ireland; Italy; Liechtenstein; the Netherlands; Norway; Portugal; Romania; Russia; Spain; Sweden; Switzerland; the United Kingdom, Ukraine.

EAST has taken reasonable measures to develop this Update in a fair, reasonable, open, and objective manner.  However, EAST makes no claims, promises, or guarantees about the completeness of the Update.  In addition, as the information in the Update has been passed to EAST by other parties, errors or mistakes may exist or be discovered.  Neither EAST nor its members, authors, or agents shall be liable for any loss, damage, or claim with respect to any such information being provided.  All such liabilities, including direct, special, indirect, or consequential damages, are expressly disclaimed and excluded.

ABOUT EAST
Founded in February 2004, EAST celebrated its 10th Anniversary at the 32nd Meeting of National Members held in Brussels on 12th February 2014.
EAST is a ‘non-profit’ organisation whose National Members are committed to gathering information from, and disseminating EAST reports to ATM deployers and networks within their countries/regions.  While the main focus of EAST is on ATMs, the group also focuses on all payment terminals that have a direct impact on crime perpetrated at ATM locations.

Our mission is to gather and provide information to the European ATM industry and to facilitate effective representation of ATM related security issues at relevant European central institutions, through a pan-European co-ordination of ATM security resources.

EAST has set up a framework network structure to improve co-operation with industry, law enforcement, and in particular Europol, in order to achieve awareness and better results in the fight against organised cross-border crime.  EAST National Members represent 29 countries with a total deployment of 639,379 ATMs.

The EAST Expert Group on ATM Fraud (EGAF), formed in May 2013, provides a European specialist expert forum for discussion of ATM related fraud trends, fraud methodologies and counter-measures, and for the provision of regularly updated  lists of known devices used for card or PIN or data compromise, for cash trapping, and for lists of known counter-measures. Through a system of ATM Fraud Alerts EAST is able to communicate important and timely information to its National and Associate Members.

The EAST Expert Group on ATM Physical Attacks (EGAP), formed in May 2014, provides a European specialist expert forum for discussion of ATM related physical attack trends, attack methodologies and counter-measures.

More information can be found at https://www.european-atm-security.eu  An upgraded version of the EAST website was launched on 4th November 2014.