EAST publishes 1st ATM crime update of 2018
The European Association for Secure Transactions has published its first European Fraud Update for 2018, based on country crime updates provided by representatives of 18 countries in the Single Euro Payments Area, and four non-SEPA countries, an EAST press release said.
Fifteen countries reported payment fraud issues. Seven countries reported increased card-not-present fraud related to e-commerce merchants in China. Phishing activity was reported by four countries, one of which reported phishing attacks through ads on social media sites.
The EAST Payments Task Force issued its first Payment Alert in January 2018. The alert covered a phishing email sent to employees of banking and financial institutions. The email contained malware intended to exploit the local network and gain access to Swift services.
Ten countries reported ATM malware and logical security attacks. Five of the countries reported ATM-related malware, one of which reported the first successful "Cutlet Maker" malware cash-out attack in Western Europe. So far this year, the EAST Expert Group on All Terminal Fraud has published two related fraud alerts.
Seven countries reported the use of black-box devices to allow unauthorized dispensing of cash. To help counter these threats, Europol, supported by EAST EGAF, published "Guidance and recommendations regarding logical attacks on ATMs."
The document discusses risk mitigation for these types of attacks, and is available in four languages: English; German; Italian; and Spanish.
Sixteen countries reported card skimming at ATMs; the most prevalent method was M3 — card reader internal skimming. In this attack, the device is placed inside the motorized card reader behind the shutter. Five countries reported such attacks.
Five countries reported skimming attacks on non-ATM terminals — in this case, unattended payment terminals at fuel stations. One country also reported the use of card shimming devices at POS terminals. So far in 2018, EAST EGAF has issued three related fraud alerts.
International skimming related losses were reported in 40 countries and territories outside of SEPA, and by seven countries within SEPA. The U.S., Indonesia and India remain the top three locations for such losses.
Five countries reported transaction reversal fraud. Two countries reported a continued increase in such attacks, and two reported new methods used in attacks. To date in 2018, EAST EGAF has published two related fraud alerts.
Ten countries reported ram raids and ATM burglaries. To date in 2018, the EAST Expert Group on ATM and ATS Physical Attacks has published one related ATM physical attack alert.
Eight countries reported explosive gas attacks and six countries reported solid explosive attacks. The spread of this type of attacks is a cause for particular concern due to the risk to life and the significant amount of collateral damage to equipment and buildings.
The full fraud update is available to EAST members at the association's website.