Skimming at ATMs remains an issue with five countries reporting increases in incidents, and four countries decreases. Two countries have reported a new trend of European payment cards being skimmed at ATMs outside of national borders (and in some cases outside of Europe). An ‘all-in-one’ device (incorporating a micro camera for PIN capture and a skimming device for card data capture) is becoming more widely used. The increasing trend of the majority of losses due to skimming occurring outside of EMV liability shift areas continues. The main criminal groupings engaged in skimming at ATMs in Europe continue to be Romanian and Bulgarian nationals.
With regard to skimming attacks at other payment terminals, attacks on unattended petrol station terminals (UPTs) appear to be increasing, while attacks against attended point of sales (POS) terminals continue. Cross-border cooperation has resulted in the arrest of nine people involved in these attacks in two countries, as well as the closure of a factory producing skimming devices.
Card trapping attacks, often referred to as Lebanese Loop attacks due to one variant, continue to be reported, although a recent trend has been noted. Instead of trapping the card, the criminals observe the PIN being entered and then steal the card (using distraction of other techniques).
Transaction reversal fraud (TRF) continues in two countries and cash trapping attacks were reported in four countries.
Ram raids and ATM burglary were reported by seven countries, one reporting increases in such attacks and two decreases. Explosive and gas attacks were reported by three countries, primarily at remote site locations.
(Background data on the Fraud Update & EAST follow)
EUROPEAN ATM FRAUD UPDATE 2-2010
The above release is based on a European Fraud Update prepared three times a year by EAST, based on country crime updates given at its meetings. These Updates are prepared by EAST to provide interested parties with an overview of the European ATM crime situation. They are produced for EAST members, law enforcement officers and other EAST Associates, and EAST subscribers. The following countries supplied full or partial information for this Update:
Belgium; Bulgaria; Finland; France; Germany; Hungary; Ireland; Liechtenstein; the Netherlands; Norway; Poland; Portugal; Russia; Spain; Sweden; Switzerland; the United Kingdom.
EAST has taken reasonable measures to develop this Update in a fair, reasonable, open, and objective manner. However, EAST makes no claims, promises, or guarantees about the completeness of the Update. In addition, as the information in the Update has been passed to EAST by other parties, errors or mistakes may exist or be discovered. Neither EAST nor its members, authors, or agents shall be liable for any loss, damage, or claim with respect to any such information being provided. All such liabilities, including direct, special, indirect, or consequential damages, are expressly disclaimed and excluded.
Founded in 2004, EAST (european-atm-security.eu) is a ‘not-for-profit’ organisation whose members are committed to gathering information from, and disseminating EAST reports to ATM deployers and networks within their countries/regions. While the main focus of EAST is on ATMs, the group also focuses on all payment terminals that have a direct impact on crime perpetrated at ATM locations.
Our mission is to gather and provide information to the European ATM industry and to facilitate effective representation of ATM related security issues at relevant European central institutions, through a pan-European co-ordination of ATM security resources.
EAST has set up a framework network structure to improve co-operation with industry, law enforcement, and in particular Europol, in order to achieve awareness and better results in the fight against organised cross-border crime. Regular research polls are conducted through the EAST website.