EAST gains representation from Mexico

Banorte IXE - MexicoBanorte IXE has just joined the European ATM Security Team (EAST) as the National Member for Mexico.  While EAST is focussed on the Single Euro Payments Area (SEPA), Banorte IXE will participate as a non-SEPA member.  Banorte IXE has 1,269 branches nationwide and deploys over 7,000 ATMs.  It can also receive deposits through more than 5,200 commercial establishments, such as drug stores, convenience stores, and supermarkets.

Grupo Financiero Banorte, S.A.B. de C.V., is a Mexican banking and financial services holding company with headquarters in Monterrey and Mexico City.  It is one of the four largest commercial banks of Mexico by assets and loans, and the largest retirement fund administrator.  It operates its commercial bank under the brands ‘Banorte’ and ‘IXE’, offering savings accounts, credit cards, payday loans, mortgages, commercial loans and auto loans.  It also performs insurance, pension, leasing, and brokerage activities.

EAST has national representation from the following 26 European countries:  Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Liechtenstein, Luxembourg, Netherlands, Norway, Malta, Poland, Portugal, Romania, Slovakia, Spain, Sweden, Switzerland, United Kingdom.  EAST is still seeking national representative members from:  Estonia, Iceland, Latvia, Lithuania and Slovenia.

Brazil, Canada, Indonesia, Mexico, Russia, Serbia, South Africa, Turkey, Ukraine and the United States are represented at EAST as non-SEPA members and EAST is seeking to establish links with parties in any country, able to share national incident and loss statistics for ATM related fraud and physical attacks.  Interested parties should contact us through this website.

EPTF holds First Meeting

EPTFThe First Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 19th April 2017 at the Banking and Payments Federation Ireland (BPFI) in Dublin.

The purpose of the EPTF is to provide a specialist task force for discussion of security issues affecting payments and transactions and for the gathering,collation and dissemination of related information, trends and statistics.

The meeting was chaired by Mr Rui Carvalho and was attended by key representatives from card issuers and payment processors.

The EPTF will take the following actions covering payments:

  • Explore, inter alia, potential improvements in security and other issues affecting payments and transactions
  • Engage with payment and transaction stakeholders on the impact of regulations
  • Establish what payment industry information (trends / general statistics) is currently available and what gaps the EPTF can cover through the collection of data from EAST’s extensive membership network (National and Associate).
  • Through Payment Updates, share information on trends and issues affecting payments and transactions.

Mr Carvalho will give a presentation on the EPTF and where it is heading at this year’s EAST Financial Crime & Security Forum (EAST FCS 2017).

Have you secured your Hotel room for EAST FCS 2017? Only 30 rooms left

The EAST Financial Crime and Security Forum (EAST FCS 2017) will take place on 8th/9th June 2017 at the magnificent Grand Hotel Amrâth Kurhaus, one of the most important landmarks in The Hague.

Kurhaus Hotel EAST FCS 2017

The Hotel is located at the beating heart of The Hague and dates back almost 200 years, to the year 1818, when Jacob Pronk opened a bathing establishment. The modestly sized wooden building had four rooms, each fitted with a bath tub.  These tubs were filled with cold or heated seawater, bathing in these tubs was said to have a healing effect.  Those with a more adventurous spirit could also opt for a more direct treatment.  Pronk owned two carriages that were used to drive guests into the breakers.

The bathing resort was so successful, that in 1826 it was replaced by a stone building, this bathing house was owned by the local government. Here, guests could find hotel rooms, a library, a billiards room, dining rooms and bathing facilities.

EAST FCS 2017 has secured limited accommodation for those attending the event in June.  Only 30 rooms remain at the preferential conference rate.  If you are planning to attend sign up now to secure your room.

Who is attending?

The conference will have over 150 delegates, responsible for ATM security strategy, fraud prevention, security and generally anyone with an interest in improving their overall understanding of ATM and Payment Card fraud and countermeasures including:

  • EAST National Members
  • EAST Associate Members
  • Law Enforcement & Intelligence Services
  • Banks and ATM Deployers
  • Payment Service Providers, Transaction Processors, Card Brands
  • ATM & security equipment manufacturers and vendors
  • Other stakeholders

Benefits of Attending

  • A unique opportunity to hear about the latest threats and other intelligence from Europe, Russia, the United States, Latin America and Asia-Pacific.
  • An agenda set by ATM and terminal deployers.
  • A structured way to gain practical knowledge of what is being done to combat emerging threats. In addition to focus in the main plenary session on the key threats (for both ATM related fraud and ATM related physical attacks) identified by EAST there will be two concurrent breakout sessions:
  • This is the only event of its kind in Europe. A unique opportunity to network with peers and share experiences.

Book now to ensure you don’t miss this great opportunity to attend what has already been hailed as an “excellent event for helping to make a difference in the area of financial crime prevention”.

ATM Black Box Attacks spread across Europe

EAST ATM Crime Report 2016 - ATM black box attacks increaseIn a European ATM Crime Report covering 2016 EAST has reported that ATM black box attacks were up 287% when compared to 2015.

A total of 58 such attacks were reported by ten countries, up from 15 attacks during 2015.  ‘Black Box’ is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser in order to ‘cash-out’ the ATM.  Related losses were down 39%, from €0.74 million to €0.45 million.

EAST Executive Director Lachlan Gunn said, “While the rise in ATM black box attacks is a concern, we are pleased to note that many of these attacks were not successful.  In 2015, to help the industry counter such attacks, our EAST Expert Group on ATM Fraud (EGAF) worked with Europol to produce a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’.  At our third global Financial Crime & Security (FCS) Forum, which will be held in The Hague on 8th/9th June 2017, EAST EGAF will lead a proactive breakout session during which black box attacks will be discussed.”

ATM related fraud attacks increased by 26%, up from 18,738 in 2015 to 23,588 in 2016.  This rise was mainly driven by a 147% increase in Transaction Reversal Fraud (up from 5,104 to 12,581 incidents).  The downward trend for card skimming continues with 3,315 card skimming incidents reported, down 20% from 4,131 in 2015.  This is the lowest number of skimming incidents reported since 2005.

Losses due to ATM related fraud attacks were up 2% when compared with 2015 (up from €327 million to €332 million).  The Asia-Pacific region and the USA are where the majority of such losses were reported.  Domestic skimming losses rose 24% over the same period (up from €44 million to €53 million).

ATM related physical attacks rose 12% when compared with 2015 (up from 2,657 to 2,974 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were up 47% from the previous year (up from 673 to 988 incidents).  Losses due to ATM related physical attacks were €49 million, unchanged from the previous year.

The average cash loss for a ram raid or burglary attack is estimated at €14,890, the average cash loss per explosive attack is €17,403 and the average cash loss for a robbery is €20,293.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below:

European ATM Crime Statistics Summary

The full Crime Report is available to EAST Members (National and Associate).

The Evolution of ATM Explosive Attacks (Gas and Solid Explosive)

ATM Explosive attacksExplosive attacks on ATMs are a rising problem in Europe and in many other parts of the world.  In a report covering the first six months of 2016 EAST reported a total of 492 explosive attacks in Europe, a rise of 80 percent compared to the same period in 2015.  Such attacks do not just present a financial risk due to stolen cash, but also are the cause of significant collateral damage to equipment and buildings.  Of most concern is the fact that lives can also be put in danger, particularly by the usage of solid explosives.  Over the past few years the Netherlands has been particularly hard hit by such attacks.

At the upcoming EAST Financial Crime & Security Forum (EAST FCS 2017) Job Galesloot, Security Officer ING Domestic Banking, will share the Dutch experience and also how neighbouring countries have been impacted.

About Job Galesloot

Job is a specialist in physical crimes against ING Bank branches. His main concerns are explosive gas attacks on ATMs, physical attacks on the bank’s branches and physical or verbal aggression against branch staff.  Since 2015 he is the Physical Security Officer for ING Domestic Banking. Responsible for threat analysis, trend monitoring and development of countermeasures. In 2016 Job chaired the Dutch Banking Association Expert Pool IBNS which tested several IBNS systems. IBNS stands for Intelligent Banknote Neutralisation Systems.

Who Is Attending?

Over 150 delegates will attend from ATM networks, banks, law enforcement, vendors, and EAST national and associate members.

Book soon to ensure you don’t miss this great opportunity to attend what has been described as an “excellent event for helping to make a difference in the area of financial crime prevention”.

There are some sponsor and exhibitor slots still available so, if you are in the business of ATM crime prevention and wish to take a space alongside a key audience, see our Sponsorship Brochure for details.

EAST Publishes European Fraud Update 1-2017

European Fraud Update 1-2017EAST has just published its first European Fraud Update for 2017.  This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 41st EAST meeting held in Oslo, Norway on 8th February 2017.

Card skimming at ATMs was reported by eighteen countries.  The usage of M3 – Card Reader Internal Skimming devices continues.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Five countries reported such attacks and EAST has recently published four related ATM Fraud Alerts.

International skimming related losses were reported in 45 countries and territories outside of the SEPA and in 9 within SEPA.  The top three locations where such losses were reported remain the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and four countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.  One country reported the use of an M3 – Card Reader Internal Skimming Device at a public transport ticket machine, the first time this has been seen.

One country reported a new form of crime, ‘Cash-in’ or ‘Cash Deposit’ fraud.  The criminals deposit fake banknotes into ATMs (where the cash deposit function is available) and then credit their cards or other accounts.

ATM malware and logical security attacks were reported by eight countries all involving the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  EAST has recently published seven related ATM Fraud Alerts.  To help counter such attacks Europol has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  This is available in four languages: English, German, Italian and Spanish.

Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks.  The use of solid explosives continues to spread and seven countries reported such attacks.

Payment fraud issues were reported by five countries.  One country reported an increase in both vishing and phishing attacks and another reported criminal abuse of the chargeback system.

The full Fraud Update is available to EAST Members (National and Associate).

EAST EGAP holds 7th Meeting at Europol

The EAST Expert Group on ATM Physical Attacks (EGAP) - LogoThe seventh meeting of the EAST Expert Group on ATM Physical Attacks (EGAP) took place on Wednesday 8th March 2016 at Europol in The Hague.

EAST EGAP is a European specialist expert forum for discussion of ATM related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.

The meeting was chaired by Mr Graham Mott and was attended by key representatives from ATM Deployers, ATM Networks, Security Equipment Vendors and Law Enforcement.

EAST EGAP, which meets twice each year, enables in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

The focus of the group is on topics and issues raised by EAST National Members, which represent 35 countries with an installed base of 1,411,870 ATMs. Outputs from EAST EGAP are presented to meetings of EAST National Members.

There will be an EAST EGAP workshop at this year’s EAST Financial Crime & Security Forum (EAST FCS 2017). On Day One of the event Graham Mott will cover ‘Traditional Attacks’, ‘Current Physical Attack Types’, ‘Counter-measures’ and ‘Banknote Degradation’.  The workshop is open to all those attending the Forum. On Day Two of the event there will be a presentation on the ‘Evolution of Explosive Attacks (Gas and Solid Explosives)’ from the Netherlands and a ‘Case Study on Countering Explosive Attacks’ from a Regional Intelligence Unit of the UK Police.

What’s new at EAST FCS 2017?

EAST FCS 2017

This year’s EAST Financial Crime & Security Forum (EAST FCS 2017) offers a new format, to facilitate better discussion with peers and a greater number of networking opportunities.  There is an exciting and targeted agenda this year which includes some of the world’s best experts in ATM operations and crime prevention.  In addition to the plenary sessions on the main stage, two workshops on key topics relating to ATM physical attacks and general ATM fraud have been added.

One workshop will be led by Otto de Jong, Chairman of the EAST Expert Group on ATM Fraud (EGAF), which includes round table discussions and expert speakers on subjects such as ‘Cash out Attacks’ (including Black Box attacks) and ‘ATM Fraud The Next Stage’. The other workshop will be led by Graham Mott, Chairman of the EAST Expert Group on ATM Physical Attacks (EGAP), and will cover ‘Traditional Attacks’, ‘Current Physical Attack Types’, ‘Counter-measures’ and ‘Banknote Degradation’.  Running concurrently, the workshops will be interactive and participation is encouraged.

EAST FCS NetworkingA key part to any specialist event is networking. For the EAST FCS Forum in June, we have organised welcome cocktails (Wednesday 7th June) and a ‘BBQ by the Beach’ (Thursday 8th June) at the Grand Hotel Amrâth Kurhaus.  There will also be more networking breaks throughout the event to ensure the best opportunities to meet with industry peers and to discuss specific goals and needs.

Book soon to ensure you don’t miss your opportunity to attend the event.

41st EAST Meeting hosted by Bits AS in Norway

EAST National Members - badgeThe 41st Meeting of EAST National Members was hosted by Bits AS in Oslo, Norway on 8th February 2017.  National country crime updates were provided by 24 countries, and a global update by HSBC. Europol, the Norwegian Police and the Bundeskriminalamt (BKA) attended the meeting.

EAST Fraud Update 1-2017 will be produced later this month, based on the updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

The 42nd Meeting of EAST National Members will be held on 7th June 2017 in The Hague.  This will be immediately followed by the 3rd EAST Financial Crime & Security (FCS) Forum on 8th/9th June 2017, also in The Hague.  While this is an open event, places are limited.  Interested? Check out the Agenda and register now to secure your place.

CDC Device Location Terminology and ATM Fraud Definitions

Terminology for locations of CDC Devices at ATMs and ATM Fraud DefinitionsThe EAST Expert Group on ATM Fraud (EGAF) has updated its guidelines on standardising terminology for locations of Card Data Compromise (CDC) devices at ATMs and also the definitions used to report and classify ATM fraud.  The new information can be found on the EAST website on the pages Terminology for locations of CDC Devices at ATMs and ATM Crime Definitions.  EAST has made this information publicly available to promote the usage of both the location terminology and the ATM fraud definitions worldwide, in order to assist the industry and law enforcement agencies to consistently classify all CDC devices, and to standardise definitions used when reporting ATM crime.

The document ‘Standardisation of Terminology for locations of Card Data Compromise devices at ATMs’ has been updated; a  new location has been added – D3. Card Reader Internal Skimming Device – and several other minor amendments have also been made.  This terminology is used in all EAST ATM Fraud Alerts and Fraud Updates and anyone in the industry or law enforcement finding a CDC device at an ATM is encouraged to use the terminology when making a report.  The document is available for download on the EAST Intranet to EAST members (National and Associate),

EAST EGAF will host a breakout session on Day One of the EAST Financial Crime and Security (FCS) Forum which will be held in The Hague on 8th/9th June 2017.