ATM Black Box Attacks spread across Europe

EAST ATM Crime Report 2016 - ATM black box attacks increaseIn a European ATM Crime Report covering 2016 EAST has reported that ATM black box attacks were up 287% when compared to 2015.

A total of 58 such attacks were reported by ten countries, up from 15 attacks during 2015.  ‘Black Box’ is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser in order to ‘cash-out’ the ATM.  Related losses were down 39%, from €0.74 million to €0.45 million.

EAST Executive Director Lachlan Gunn said, “While the rise in ATM black box attacks is a concern, we are pleased to note that many of these attacks were not successful.  In 2015, to help the industry counter such attacks, our EAST Expert Group on ATM Fraud (EGAF) worked with Europol to produce a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’.  At our third global Financial Crime & Security (FCS) Forum, which will be held in The Hague on 8th/9th June 2017, EAST EGAF will lead a proactive breakout session during which black box attacks will be discussed.”

ATM related fraud attacks increased by 26%, up from 18,738 in 2015 to 23,588 in 2016.  This rise was mainly driven by a 147% increase in Transaction Reversal Fraud (up from 5,104 to 12,581 incidents).  The downward trend for card skimming continues with 3,315 card skimming incidents reported, down 20% from 4,131 in 2015.  This is the lowest number of skimming incidents reported since 2005.

Losses due to ATM related fraud attacks were up 2% when compared with 2015 (up from €327 million to €332 million).  The Asia-Pacific region and the USA are where the majority of such losses were reported.  Domestic skimming losses rose 24% over the same period (up from €44 million to €53 million).

ATM related physical attacks rose 12% when compared with 2015 (up from 2,657 to 2,974 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were up 47% from the previous year (up from 673 to 988 incidents).  Losses due to ATM related physical attacks were €49 million, unchanged from the previous year.

The average cash loss for a ram raid or burglary attack is estimated at €14,890, the average cash loss per explosive attack is €17,403 and the average cash loss for a robbery is €20,293.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below:

European ATM Crime Statistics Summary

The full Crime Report is available to EAST Members (National and Associate).

CDC Device Location Terminology and ATM Fraud Definitions

Terminology for locations of CDC Devices at ATMs and ATM Fraud DefinitionsThe EAST Expert Group on ATM Fraud (EGAF) has updated its guidelines on standardising terminology for locations of Card Data Compromise (CDC) devices at ATMs and also the definitions used to report and classify ATM fraud.  The new information can be found on the EAST website on the pages Terminology for locations of CDC Devices at ATMs and ATM Crime Definitions.  EAST has made this information publicly available to promote the usage of both the location terminology and the ATM fraud definitions worldwide, in order to assist the industry and law enforcement agencies to consistently classify all CDC devices, and to standardise definitions used when reporting ATM crime.

The document ‘Standardisation of Terminology for locations of Card Data Compromise devices at ATMs’ has been updated; a  new location has been added – D3. Card Reader Internal Skimming Device – and several other minor amendments have also been made.  This terminology is used in all EAST ATM Fraud Alerts and Fraud Updates and anyone in the industry or law enforcement finding a CDC device at an ATM is encouraged to use the terminology when making a report.  The document is available for download on the EAST Intranet to EAST members (National and Associate),

EAST EGAF will host a breakout session on Day One of the EAST Financial Crime and Security (FCS) Forum which will be held in The Hague on 8th/9th June 2017.

EAST EGAF holds 12th Meeting

The EAST Expert Group on ATM FraudThe Twelfth Meeting of the EAST Expert Group on ATM Fraud (EAST EGAF) took place on Wednesday 18th January 2017 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global ATM crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from ATM Deployers, ATM Networks, ATM Vendors, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on ATM Skimming, ATM Card Trapping, ATM Cash Trapping, ATM Reversal Fraud and ATM Logical Fraud.

The focus of the Group is on topics and issues raised by EAST National Members, which represent 34 countries with a total deployment of 1,332,228 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST ATM Fraud Alerts for all EAST Members (National and Associate). In total 127 EAST ATM Fraud Alerts have been issued, 3 to date in 2017.

EAST Expert Group on ATM Fraud holds 11th Meeting

The EAST Expert Group on ATM Fraud - LogoThe Eleventh Meeting of the EAST Expert Group on ATM Fraud (EAST EGAF) took place on Wednesday 28th September 2016 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global ATM crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from ATM Deployers, ATM Networks, ATM Vendors, Security Equipment Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on ATM Skimming, ATM Card Trapping, ATM Cash Trapping, ATM Reversal Fraud and ATM Logical Fraud.

The focus of EAST EGAF is on topics and issues raised by EAST National Members, which represent 34 countries with a total deployment of 1,332,228 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST ATM Fraud Alerts for all EAST Members (National and Associate). In total 115 EAST ATM Fraud Alerts have been issued, 40 to date in 2016.

Europol publishes Italian version of guidance and recommendations to help counter logical attacks on ATMs

ATM Malware Guidelines - ItalianEuropol has just published an Italian language version of the guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.  The English version of the document was officially launched in June 2015 at the EAST Financial Crime & Security (FCS) Forum – EAST FCS 2015 – and versions have also been published in German and Spanish.

The production of this document was coordinated by the EAST Expert Group on ATM Fraud (EGAF), and it is a first of its kind.

The document is a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Europol has published a Spanish version of guidance and recommendations to help counter logical attacks on ATMs

ATM Malware Guidelines - SpanishEuropol has just published a Spanish language version of the guidelines to help industry and law enforcement counter the threat presented by ATM logical and malware attacks.  The English version of the document was officially launched in June 2015 at the EAST Financial Crime & Security (FCS) Forum – EAST FCS 2015 – and the German version was published in January 2016..

The production of this document was coordinated by the EAST Expert Group on ATM Fraud (EGAF), and it is a first of its kind.

The document is a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Terminology for the standardisation of locations of CDC Devices at ATMs

Standardisation of Terminology for Locations of Card Data Compromise Devices at ATMsIn June 2015 EAST published a document entitled ‘Standardisation of Terminology for locations of Card Data Compromise devices at ATMs’ to assist with the reporting and analysis of such devices, and to set a common standard for describing the placement of skimming (and shimming) devices.

In order to further promote the usage of the terminology worldwide, the EAST Expert Group on ATM Fraud (EGAF) has agreed that the key descriptions should be openly available on this website.  They can be found on the page Terminology for locations of CDC Devices at ATMs.

This terminology is used in all EAST ATM Fraud Alerts and Fraud Updates and anyone in the industry or law enforcement finding a card data compromise (CDC) device at an ATM is encouraged to use the terminology when making a report.

The full Guidelines are available for download on the EAST Intranet to EAST members (National and Associate),  EAST Associate Membership is free for Law Enforcement Officers.

EAST Expert Group on ATM Fraud holds 10th Meeting

The EAST Expert Group on ATM Fraud - LogoThe Tenth Meeting of the EAST Expert Group on ATM Fraud (EAST EGAF) took place on Wednesday 11th May 2016 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global ATM crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from ATM Deployers, ATM Networks, ATM Vendors, Security Equipment Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on ATM Skimming, ATM Card Trapping, ATM Cash Trapping, ATM Reversal Fraud and ATM Logical Fraud.

The focus of EAST EGAF is on topics and issues raised by EAST National Members, which represent 34 countries with a total deployment of 1,332,228 ATMs. Outputs from the group are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST ATM Fraud Alerts for all EAST Members (National and Associate). In total 93 EAST ATM Fraud Alerts have been issued, 18 to date in 2016.

ATM Malware Report issued by Europol and Trend Micro

ec3_logo_17Europol’s European Cybercrime Centre (EC3) and Trend Micro have announced the release of a new joint report, “ATM Malware on the Rise”, which offers a comprehensive overview of the ATM malware threat and the specific malware types in circulation.

With more than three million ATMs across the globe and the total number of cash withdrawals averaging around EUR 8.6 billion per year, ATMs are an attractive target for criminal attacks. Through the use of specially designed malware, attackers no longer need to use traditional safe cracking methods to empty an ATM’s money safe.

In this report, the first of its kind to offer such a comprehensive overview on the topic, Trend Micro and Europol highlight the increasing sophistication of cyber criminals in terms of how attacks are planned and orchestrated, using both new methods and techniques in conjunction with well-known attack vectors.

More information can be found on the Europol website.  To counter the ATM Malware threat Europol and the EAST Expert Group on ATM Fraud (EGAF) produced ‘Guidance & recommendations regarding logical attacks on ATMs’ in June 2015.  EAST EGAF continues to focus on the latest ATM malware and logical threats and what can be done to counter them.

This new and restricted report has been released to a closed audience consisting of law enforcement authorities, financial institutions and the IT security industry.  It has also been authorised for release to EAST Members (National and Associate).

EAST Expert Group on ATM Fraud holds Ninth Meeting

The EAST Expert Group on ATM Fraud - LogoThe Ninth Meeting of the EAST Expert Group on ATM Fraud (EGAF) took place on Wednesday 20th January 2016 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global ATM crime and fraud related issues, threats and counter-measures.

The EAST EGAF meeting was chaired by Mr Otto de Jong and was attended by key representatives from ATM Deployers, ATM Networks, ATM Vendors, Security Equipment Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on ATM Skimming, ATM Card Trapping, ATM Cash Trapping, ATM Reversal Fraud and ATM Logical Fraud.

The focus of EAST EGAF is on topics and issues raised by EAST National Members, which represent 33 countries with a total deployment of 1,319,000 ATMs. Outputs from EAST EGAF are presented to all meetings of EAST National Members.

In addition EAST EGAF generates EAST ATM Fraud Alerts for all EAST Members (National and Associate). In total 78 EAST ATM Fraud Alerts have been issued, 3 to date in 2016.