The report is based on country crime updates given by representatives of 17 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 47th EAST meeting held this year in Lisbon.
Payment fraud issues were reported by 20 countries, according to the report. Three countries reported phishing attacks. One of them reported that the fraudsters are managing to obtain online banking credentials and one time passwords (OTPs) for cash withdrawals at ATMs, as well as managing to make minor purchases through digital payment apps.
Another country reported criminals taking remote control of people’s computers and then gaining access to their bank account(s). This has led to a consumer awareness campaign highlighting that, in addition to never asking for a customer’s PIN, banks will also never ask for remote PC access to be allowed.
One country reported that, since mobile operators started to implement new services, there has been a growing trend of SIM card duplication. The SIM cards of phones used for financial transaction authorisation are duplicated, ensuring that the original phone does not work. This means that the OTPs are sent to the duplicate phone, not the genuine one.
ATM malware and logical attacks were reported by 8 countries. Three of the countries reported ATM related malware and one of them advised that a new malware variant ‘HelloWorld’ was found. Eight countries reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2019 the EAST Expert Group on All Terminal Fraud (EGAF) has published two related Fraud Alerts.
Card skimming at ATMs was reported by fourteen countries. One country reported the first use of a mini M2 – Throat Inlay Skimming Device. Two countries reported skimming related arrests. Skimming attacks on other terminal types were reported by 5 countries, three of which reported such attacks on unattended payment terminals (UPTs) at petrol stations and two reported attacks using POS terminals. To date in 2019 EAST EGAF has published three related Fraud Alerts.
Six countries reported cash trapping attacks, one of them reporting that criminals continue to switch their focus from transaction reversal fraud (TRF) attacks to cash trapping.
Ram raids and ATM burglary were reported by 8 countries and 9 countries reported explosive gas attacks. Nine countries also reported solid explosive attacks, and this type of attack continues to spread with 4 countries reporting such attacks for the first time.
„The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.”, according to EAST.
To date in 2019 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts. EAST EGAP has also just published new Terminal Physical Attack Definitions and Terminology to help industry and law enforcement when reporting attacks against ATMs and other terminals.
„Tendinţele pe care le-am remarcat înainte de începerea pandemiei s-au accelerat pe perioada stării de urgenţă. Am văzut acest lucru ca o oportunitate, un tipping point pentru bancă. Post-pandemie nu avem cum sa ne întoarcem la comportamentul financiar pe care îl aveam până în februarie a.c. Relaţia românilor cu online-ul s-a schimbat. In plus, cardul fizic se va dematerializa. Vom asista la o scădere a cererii pentru cardurile fizice, respectiv la o creştere a preferinţei pentru componenta digitală a acestora.”