European ATM Security Team's Second European Fraud Update For 2015

The update is based on country crime updates given by representatives of 19 countries in SEPA and 2 non-SEPA countries

The European ATM Security Team (EAST) has just published its second European Fraud Update for 2015. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 2 non-SEPA countries, at the 36th EAST meeting held at Europol in the Hague on 10th June 2015.

Card skimming at ATMs was reported by seventeen countries, with decreases reported by seven countries and increases by two. Six countries reported card data compromise through wire-tapping or ‘Eavesdropping’ - the criminals cut a hole in the fascia near to the card reader, insert a device which is connected internally to the card reader and then cover the hole with a fake decal.

The trend of losses due to skimming occurring outside of EMV* Chip liability shift areas continues. Such losses were reported in 49 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA. For the first time Indonesia is the top location for such losses, followed by the USA and the Philippines.

Skimming attacks on other terminal types were reported by eight countries and overall the number of attacks appears to be decreasing.

Fourteen countries reported cash trapping attacks and seven countries incidents of transaction reversal fraud (TRF).

ATM malware incidents were reported by four countries. These were ATM ‘cash out’ or ‘jackpotting’ attacks. Two of the countries reported such attacks for the first time. To help counter this threat Europol has recently published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.

Ram raids and ATM burglary were reported by nine countries, with one of them reporting increases in this type of attack and another, a new method for accessing the ATM from below. Eleven countries reported explosive gas attacks, and two of them also reported attacks on ATMs using solid explosives.

* EMV (also known as ‘chip and PIN’) is an industry standard for Smart Cards and card readers, supported by the European Payments Council and the major payment schemes.