The European Association for Secure Transactions (EAST) has just published its third European Fraud Update for 2017.
This is based on country crime updates given by representatives of 15 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 43rd EAST meeting held in Edinburgh on 4th October 2017.
Payment fraud issues were reported by eleven countries. One country reported that a fake P2P website was used to get funds illegally, which are then transferred to genuine cards for cash withdrawal. Card-Not-Present (CNP) fraud shows a significant increase in fake websites, such as ticketing sites. Data acquired through social engineering is used immediately by criminals to make fund transfers to money mule accounts. The EAST Payments Task Force (EPTF) is looking at security issues affecting payments with a view to the gathering, collation and dissemination of related information, trends and general statistics.
ATM malware and logical security attacks were reported by seven countries. To date in 2017 EAST has published fourteen related Fraud Alerts. Two of the countries reported ATM related malware and all seven reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To help counter these threats Europol, supported by the EAST Expert Group on All Terminal Fraud (EGAF), has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’. It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks. This is available in four languages: English, German, Italian and Spanish.
Card skimming at ATMs was reported by thirteen countries. The usage of M3 - Card Reader Internal Skimming devices is most prevalent. This type of device is placed at various locations inside the motorised card reader behind the shutter. Four countries reported such attacks and, to date in 2017, EAST has published ten related Fraud Alerts.
Year to date International skimming related losses were reported in 53 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. The top three locations where such losses were reported are the USA, Indonesia and India.
Skimming attacks on other terminal types were reported by eight countries and four countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.
Six countries reported incidents of Transaction Reversal Fraud (TRF). One country reported a continued increase in such attacks and two countries reported a new modus-operandi.
Ram raids and ATM burglary were reported by ten countries and eight countries reported explosive gas attacks. To date in 2017 EAST has published eleven related ATM physical attack alerts. The use of solid explosives continues to spread and six countries reported such attacks. This is of increasing concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.