Europol takes down card fraud network

Europol takes down card fraud network

Europol and Romanian police have arrested 44 alleged members of a global fraud ring believed to have tampered with payment terminals throughout Europe, stealing the details of tens of thousands of cards.

The Pandora-Storm operation saw more than 400 police officers search 82 houses in Romania and the UK, arresting 44 and seizing illegal electronic equipment, financial data, cloned cards, and cash.

Europol's European Cybercrime Centre (EC3) says that the gang has been implanting card reading devices and malicious software on POS terminals in big shopping centres throughout Europe.

The crooks were then able to steal the card numbers and PINs of around 36,000 people in 16 European countries before making counterfeits and carrying out transactions in Argentina, Colombia, the Dominican Republic, Japan, Mexico, South Korea, Sri Lanka, Thailand and USA.

The members of the group are also accused of setting up a "sophisticated criminal network for online fraud".

Troels Oerting, head, EC3, Europol, says: "This case is another example of excellent police work and flawless cooperation and a proof of the fact that EU law enforcement cooperation continues to improve. This is a good sign for the future when increased cybercrime will become a great challenge for the LE community."

Comments: (2)

Nick Collin
Nick Collin - Collin Consulting Ltd - London 28 March, 2013, 16:52Be the first to give this comment the thumbs up 0 likes

Note the countries where the fraudulent transactions took place - the sooner we have 100% EMV chip and PIN worldwide the better.

A Finextra member
A Finextra member 28 March, 2013, 17:09Be the first to give this comment the thumbs up 0 likes

I'm not convinced in chip-and-pin as a strong authentication mechanism anyway. Any 'secure' token approach in my view is inherently insecure - particularly when you put the all authentication information on the device itself (PIN, CV1, CV2, card number and in most cases the account number and sort code). The death of chip-and-pin? Probably not coming soon, but I'd like to see someone take a serious review of it as it's just another hoop that fraudsters have now figured out how to jump through. Coincidently, today I've written an article voicing my concerns on this very subject (it actually takes a wider view on all token-based auth's):