Showing posts with label card skimming. Show all posts
Showing posts with label card skimming. Show all posts
Tuesday, 18 November 2014
ATM Malware reaches Western Europe
Wednesday, 9 April 2014
Card skimming at European ATMs hits a six year low - but explosive attacks are rising
The European ATM Security Team (EAST) has reported another fall in ATM related card skimming incidents, while card trapping incidents and ATM explosive attacks continue to rise. A summary of the statistics can be seen in the image below.
Thursday, 20 February 2014
ACCA USA publishes Report on Skimmer Fraud
The report’s author, Dr Darren R. Hayes of Pace University, attended the first global conference of the European ATM Security Team (EAST), the EAST Financial Crime and Security (FCS) Forum, in June 2013.and EAST and its members subsequently assisted with research.
Thursday, 30 January 2014
EC3 helps to dismantle an international network of payment card fraudsters
During a raid on 17 January 2014, 11 suspects were arrested as they planned to travel to Italy to commit skimming attacks. Among them was the leader of the criminal group as well as the financiers.
In addition, 26 premises were searched and illegal equipment seized. Police also dismantled two factories producing skimming devices, including sophisticated miniaturised versions. This activity followed an earlier week-long surveillance exercise carried out by French and Romanian law enforcement officers.
For more information read the related Press Release on the Europol website.
Tuesday, 28 January 2014
Five Bulgarians arrested for international payment card fraud
Complete equipment to produce counterfeit bank cards was seized and included mag-stripe readers and writers, computers, phones and flash drives. Police officers also confiscated dozens of forged payment cards with records of PIN numbers, ready to be used at other ATMs, and a vehicle worth over 25,000 euros.
During the investigation, EC3 supported the case by providing tailored intelligence analysis and expertise to the investigators. It was identified that the compromised data came mainly from the United Kingdom. The investigation is still on-going and further arrests in the case are expected as suspects were working with gang members from Eastern Europe.
For more information read the related Press Release on the Europol website. A video of the equipment seized can be seen on the website of the Polish Police.
Monday, 14 October 2013
ATM explosive attacks and low tech fraud incidents increase in Europe
The overall increase in low tech fraud incidents is due to a surge in the number of cash trapping and transaction reversal fraud incidents. 7,885 such incidents were reported, up 77% from the 4,464 incidents reported in H1 2012. While both these attack types can succeed in the EMV environment, as normal transactions take place on EMV cards, criminals get less from them than from high tech skimming attacks. The chart below shows an analysis of the overall figures since 2005.
Tuesday, 9 October 2012
ATM related skimming losses rise again - mainly outside Europe
To download the full press release visit the EAST Website.
Tuesday, 10 April 2012
Cash trapping drives European ATM Fraud incidents up 63%
According to the European ATM Security Team (EAST), cash trapping incidents significantly increased during 2011, while skimming incidents and ATM related fraud losses fell. Total ATM related fraud incidents increased 63% from 12,383 in 2010, to 20,244 in 2011. Cash trapping accounted for 10,808 incidents, up from just 240 in 2010. During a cash trapping attack criminals prevent cash from a genuine transaction being dispensed – and then remove it when the cardholder has left the ATM. Incidences of card skimming fell by 26% to the lowest level since 2008.The good news is that losses due to ATM related fraud attacks fell by 13% from €268 million to €234million, driven by a continued reduction in losses due to card skimming attacks, which fell 13% from €267million to €232 million.
Wednesday, 16 November 2011
Cash trapping continues in Europe, while skimming attacks decrease
The European ATM Security Team (EAST) has just published another Fraud Update (3/2011). According to this most of the reporting countries continue to see an increase in cash trapping incidents, a trend reported by EAST in its European ATM Crime Report covering the period January to June 2011, something that I covered in a related post last month, which also gives some background information on the crime.
Attacks are most prevalent against one type of ATM and upgrades to its cash dispenser are still being reported as 100% effective in preventing such attacks. The upgrade is visible, however, and this has led to displacement with attacks shifting to ATMs that have not been upgraded.
Attacks are most prevalent against one type of ATM and upgrades to its cash dispenser are still being reported as 100% effective in preventing such attacks. The upgrade is visible, however, and this has led to displacement with attacks shifting to ATMs that have not been upgraded.
Thursday, 25 August 2011
Covering your PIN may not protect it from cameras?
The industry is already aware that covering a PIN when entering it may not be 100% effective as, if the criminals use a PIN pad overlay, the PIN will be compromised regardless. It is still recommended as cardholder 'best practice', however, as the risk of visual compromise is significantly mitigated. For cardholder security tips, and a criminal video showing actual PIN compromise, visit the website of the European ATM Security Team.
Now, according to Security News on msnbc.com, new research in the U.S. has indicated that thermal cameras can be used for PIN compromise, even if the cardholder covers their hand when the PIN is entered. How? Apparently the keys touched by a human hand still retain some residual heat and this can be detected be a thermal camera once the hand has been removed. Researchers from the University of California have carried out a series of proof-of-concept attacks using a thermal camera mounted above a traditional ATM pinpad.
Now, according to Security News on msnbc.com, new research in the U.S. has indicated that thermal cameras can be used for PIN compromise, even if the cardholder covers their hand when the PIN is entered. How? Apparently the keys touched by a human hand still retain some residual heat and this can be detected be a thermal camera once the hand has been removed. Researchers from the University of California have carried out a series of proof-of-concept attacks using a thermal camera mounted above a traditional ATM pinpad.
Friday, 12 August 2011
The U.S. moves towards EMV! Visa announces plans....
Visa has just announced its plans to accelerate chip migration and adoption of mobile payments. This is great news as there is now a roadmap for (partial) EMV implementation in the U.S. Visa will bring in a U.S. liability shift for domestic and cross-border counterfeit card-present POS transactions, with effect from 1st October 2015. Merchants selling fuel will have an additional two years, until 1st October 2017. Unfortunately there is no mention of ATMs - the preferred channel for fraudsters to obtain cash!
I have commented in the past about the fact that the U.S. is lagging behind the rest of the world due its reluctance to adopt EMV or Chip and PIN technology. The gap that is opening up as a result can be separated into two main parts:
I have commented in the past about the fact that the U.S. is lagging behind the rest of the world due its reluctance to adopt EMV or Chip and PIN technology. The gap that is opening up as a result can be separated into two main parts:
Monday, 18 July 2011
Europol busts international cross border skimming operation
Europol has just had a resounding success in the fight against organised criminals conducting international card skimming operations. An operation code-named Operation Night Clone has resulted in 61 arrests in 5 countries - including 2 in the USA. It is estimated that the criminal group targeted caused losses of €50 million as a result of card skimming in the EU, with the majority of these losses occurring outside the EU. Both Europol and the European ATM Security Team (EAST) have been bringing focus onto the fact that as long as magnetic stripes remain on EU payment cards, these cards will remain vulnerable to skimming. Both organisations have also noted that an increasing number of skimming related losses from compromised EU cards are now occurring outside the EU, with a growing percentage being seen in the USA.
Wednesday, 1 June 2011
Will US actions to counter card skimming be too little, too late?
Cindy Merrit, Assistant Director of the Retail Payment Risks Forum of the of the Federal Reserve Bank of Atlanta in the US, has just published an article in the blog 'Portals and Rails' headed 'Stemming the rising tide of card breach incidents: PCI compliance or chip-and-pin? It is a well written blog and is part of an increasing amount of coverage being given to the topic of chip and PIN (EMV) in the US.
Friday, 27 May 2011
Eastern European fraudsters target US......despite penalties
Have just seen two US press articles put out on the same day (26th May 2011) about Bulgarian fraudsters. As the United States is not moving to EMV (Chip and PIN) it will increasingly be seen as an attractive market for experienced card fraudsters, although I have not yet seen any incident and loss statistics to support this. The European ATM Security Team (EAST) recently reported that skimming losses due to ATM related fraud attacks fell nearly 50% from 2008 to 2010, down from €485 million to €268 million. This must mean that the bad guys are experiencing a big drop in their illicit takings in Europe - hence the attractiveness of the US and other markets where EMV is not being adopted.
It is interesting to note that penalties for such crimes in the US seem to be significantly higher than in Europe - in the US the bank fraud conspiracy charge carries a maximum penalty of 30 years in prison and $1 million fine. In Europe equivalent sentences can range from as little as a few months to just a few years. I talked about the penalties in China at the beginning of the year when a convicted fraudster got 10.5 years and a fine of 50,0000 Yuan ($71,429 approx). Despite the relative severity of penalties, the US market seems to be an increasingly powerful magnet for financial fraudsters...............time to introduce EMV?
You can find links to the two press articles below:
Hoover police arrest two Bulgarian natives linked to electronic skimming operation
Bulgarian pleads guilty to Nutley, Belleville bank fraud
It is interesting to note that penalties for such crimes in the US seem to be significantly higher than in Europe - in the US the bank fraud conspiracy charge carries a maximum penalty of 30 years in prison and $1 million fine. In Europe equivalent sentences can range from as little as a few months to just a few years. I talked about the penalties in China at the beginning of the year when a convicted fraudster got 10.5 years and a fine of 50,0000 Yuan ($71,429 approx). Despite the relative severity of penalties, the US market seems to be an increasingly powerful magnet for financial fraudsters...............time to introduce EMV?
You can find links to the two press articles below:
Hoover police arrest two Bulgarian natives linked to electronic skimming operation
Bulgarian pleads guilty to Nutley, Belleville bank fraud
Wednesday, 16 March 2011
From leader to laggard...the USA and the death of magnetic stripe card technology
For a long time now many of us in Europe have been aware that magnetic stripe card technology is becoming increasingly archaic in a world of smart cards (Chip and PIN or EMV) - yet it seems that those countries that have made a significant investment into this technology have had to grit their teeth and, for various reasons, continue to put up with magnetic stripes on their payment cards. Belgium recently hit the headlines when the Belgian banks publicly stated that from 17 Jan 2011 Belgian Maestro cards can no longer be used outside of continental Europe.
There is a sense of frustration that just because the USA is not moving towards EMV, the world is being held back in this particular battle against fraudsters - magnetic stripes are relatively easily compromised and the data then used to create cloned or counterfeit cards.
There is a sense of frustration that just because the USA is not moving towards EMV, the world is being held back in this particular battle against fraudsters - magnetic stripes are relatively easily compromised and the data then used to create cloned or counterfeit cards.
Thursday, 3 March 2011
Skimming at railway ticket machines migrates?
OK this is not about ATMs, but it is related as counterfeits of skimmed EMV cards (with a magstripe) can still be used for cash withdrawals at ATMs that are not EMV compliant. Dutch Railways had a big problem with card skimming at their self service ticket machines and decided to develop their own anti-skimming solution - the Secure Card Feeder. I believe that since the introduction of this device at all their ticket machines in late 2009, there has been no card skimming at all at these machines. Not a bad statistic. If you want more information on the Secure Card Feeder visit http://www.csptec.nl/
On Tuesday 1st March a story broke in the UK press that this form of skimming has now been seen in the UK and that Police are advising people to be vigilant when buying railway tickets (underground and overground) in London. For more on the story and for a publicly released image of one of the skimming devices see http://www.aboutmyarea.co.uk/East-London/Dagenham/RM8/News/Local-News/189040-Beware-when-buying-tickets-to-ride
On Tuesday 1st March a story broke in the UK press that this form of skimming has now been seen in the UK and that Police are advising people to be vigilant when buying railway tickets (underground and overground) in London. For more on the story and for a publicly released image of one of the skimming devices see http://www.aboutmyarea.co.uk/East-London/Dagenham/RM8/News/Local-News/189040-Beware-when-buying-tickets-to-ride
Tuesday, 1 March 2011
Ever wondered how skimming at an ATM works?
A lot is heard about card skimming at ATMs. Most people have a vague understanding of what happens, and how the criminals involved cash out. But do you really understand what they do, both to get your card data and your PIN, and also how they are subsequently used to create counterfeit cards for illegal cash withdrawals and other financial transactions?
If you can bear the Bond theme musical introduction, there is a video produced by 'The Real Hustle' that explains quite well how the whole skimming thing works - from initial preparation of a skimming device to the final usage of the cloned cards. It finishes with two bits of advice.
Blog view: Its fine to be suspicious of anything fixed to or sticking our from an ATM card reader throat, but bear in mind that such devices can also be genuine anti-skimming devices. Best to be suspicious though. Shielding your PIN, however should be routine. While there are other ways to get your PIN (such as PIN pad overlays), covering your PIN does protect it from most visual compromise. For more cardholder security tips and to see seized criminal video footage of PIN compromise, visit the website of the European ATM Security Team (EAST).
If you can bear the Bond theme musical introduction, there is a video produced by 'The Real Hustle' that explains quite well how the whole skimming thing works - from initial preparation of a skimming device to the final usage of the cloned cards. It finishes with two bits of advice.
1) If you see anything that has been fixed to or sticking out from the card reader of an ATM, do not use the machine.
2) Always shield your PINBlog view: Its fine to be suspicious of anything fixed to or sticking our from an ATM card reader throat, but bear in mind that such devices can also be genuine anti-skimming devices. Best to be suspicious though. Shielding your PIN, however should be routine. While there are other ways to get your PIN (such as PIN pad overlays), covering your PIN does protect it from most visual compromise. For more cardholder security tips and to see seized criminal video footage of PIN compromise, visit the website of the European ATM Security Team (EAST).
Sunday, 30 January 2011
Chinese ATM criminal using Fake ATM jailed for 10.5 years..
Ten and half years for a financial crime, now that is indeed a penalty! In Western Europe sentences for similar crimes are typically less, often a lot less ............ and according to the Shanghai Daily the man in question, a Mr Huang, was also convicted of forging financial bills and fined 50,000 Yuan ($7,143 approx).
It seems he used the internet to teach himself how to obtain card and PIN data, and then how to make counterfeit cards. He started in 2007 after losing his job. His initial modus operandi appeared to be the installation of skimmers into modified lobby door opening devices leading to ATMs (the door opening devices were modified by having the PIN shield removed - thereby making visual PIN compromise easier).
More recently he seems to have acquired a fake ATM machine and installed it in Beijing. This time the skimmer would no doubt have been fixed at the card reader, and the PIN compromised by micro camera. Apparently people trying to use the ATM got an 'out-of-service' message on the screen. Mr Huang is stated to have used the fraudulently acquired data to make 31 counterfeit cards, thereby netting himself 127,600 Yuan ($18,229 approx). According to a plan found by Police on his computer, his target was to make 500,000 Yuan ($71,429 approx) over a 10 day period.
This form of scam is well known in the USA, and has occured in Europe - what is noteworthy of this one is that a self-taught individual perpetrated the crime......seemingly in isolation. While the total sums involved may not seem a lot to those hardened to published financial crime loss information in the West, in China the sums represent an awful lot of money to the average person.
Mr Huang has been sent to jail for over 10 years and also fined just under half the amount he stole - which possibly means that he will leave jail with debt (although he is appealing against the fine). For those frustrated by the apparent leniency of penalties for similar crimes in Europe, it may be of interest to monitor China more closely to see if related crime levels remain lower...............read the full story in the Shanghai Daily here
It seems he used the internet to teach himself how to obtain card and PIN data, and then how to make counterfeit cards. He started in 2007 after losing his job. His initial modus operandi appeared to be the installation of skimmers into modified lobby door opening devices leading to ATMs (the door opening devices were modified by having the PIN shield removed - thereby making visual PIN compromise easier).
More recently he seems to have acquired a fake ATM machine and installed it in Beijing. This time the skimmer would no doubt have been fixed at the card reader, and the PIN compromised by micro camera. Apparently people trying to use the ATM got an 'out-of-service' message on the screen. Mr Huang is stated to have used the fraudulently acquired data to make 31 counterfeit cards, thereby netting himself 127,600 Yuan ($18,229 approx). According to a plan found by Police on his computer, his target was to make 500,000 Yuan ($71,429 approx) over a 10 day period.
This form of scam is well known in the USA, and has occured in Europe - what is noteworthy of this one is that a self-taught individual perpetrated the crime......seemingly in isolation. While the total sums involved may not seem a lot to those hardened to published financial crime loss information in the West, in China the sums represent an awful lot of money to the average person.
Mr Huang has been sent to jail for over 10 years and also fined just under half the amount he stole - which possibly means that he will leave jail with debt (although he is appealing against the fine). For those frustrated by the apparent leniency of penalties for similar crimes in Europe, it may be of interest to monitor China more closely to see if related crime levels remain lower...............read the full story in the Shanghai Daily here
Subscribe to:
Posts (Atom)