Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

European ATM Security Team Faud Report – ATM Card Scimming

EAST [European ATM Security Team] has just published its second European Fraud Update for 2014. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 33rd EAST meeting held at the European Cybercrime Centre (EC3) at Europol in The Hague on 11th June 2014. Card skimming at ATMs was reported by 18 countries, with increases reported by 6 countries and decreases by 4 countries. A new form of mini-skimmer was seen in one country and another reported that skimming devices are being left in place for longer periods (4-5 days on average) European fraud counter-measures such as Geo-blocking, fraud monitoring capabilities and fraud detection continue to improve and most ATM related card skimming losses occur outside Europe and are migrating away from EMV Chip liability shift areas. In 2014 such losses have been reported in 43 countries and territories outside of the Single Euro Payments Area (SEPA) and in 4 within SEPA. The USA is the top location for such losses, followed by Thailand and Indonesia.  Skimming attacks on other terminal types were reported by 12 countries. Attacks on unattended payment terminals (UPTs) at petrol stations were seen in 8 countries, while 6 countries saw attacks at point-of-sale (POS) terminals. One of them has seen the usage of ghost terminals, genuine terminals that are stolen, and then have their internal workings removed and rebuilt by the criminals.  From March to May 2014 the European Cybercrime Centre (EC3) at Europol has supported 4 major cross-border police operations which have taken down criminal groups engaged in online auction fraud, online airline fraud, skimming fraud and electronic payment and document fraud. In many cases the criminals transferred stolen funds to unregistered pre-paid cards for cash withdrawal at ATMs. Cash trapping incidents were reported by 12 countries, with one of them reporting related arrests, and 8 countries reported transaction reversal fraud (TRF) incidents. The usage of the cash claw continues for both types of attack and a variant wrapped in tape has been seen for the first time. Seven countries reported card trapping incidents and the usage of mobile phones for PIN compromise seems to be becoming more widespread. ATM malware incidents were reported by 4 countries. These were related to ‘cash out’ or ‘jackpotting’ as well as to the internal compromise of card and PIN data. Such attacks are new to Western Europe. Ram raids and ATM burglary were reported by 10 countries and in one of them three gangs involved with such attacks were broken up. Eight countries reported explosive gas attacks and two of them reported attacks on ATMs using solid explosives. The overall rise in explosive attacks in Europe appears to be continuing and EAST will publish updated statistics in its H1 2014 European ATM Crime Report, due for publication in October 2014.”

Sorry, comments are closed for this post.