A joint law enforcement operation supported by 19 countriesi led to the arrest of 60 people suspected of fraud. The main aim of the 2019 e-Commerce Action (eComm 2019) is to target criminal networks suspected of online fraud through coordinated law enforcement action within the European Union, followed by an awareness-raising campaign.
The operation, carried out nationally, was coordinated by Europol’s European Cybercrime Centre (EC3) and received direct assistance from national law enforcement authorities and the private sector.
E-commerce fraud (electronic commerce fraud) includes illegal or false transactions made on online platforms, apps and services or over the internet: fraudsters simply use stolen card information to purchase goods on webshops.
The suspects arrested during the operation – which ran from 23 September to 4 October 2019 – were responsible for almost 6 500 fraudulent transactions with compromised credit cards, with an estimated value exceeding €5 million.
Europol supported national competent authorities during the operations in their respective countries with analytical support and information exchange. In order to protect customers from fraudulent payments and assure a safe online environment, Europol also collaborated with banks, payment card schemes European retailers and logistics companies. The private sector supported the action cooperating with national law enforcement authorities, by reporting fraudulent activity. This collaboration between law enforcement and the private sector has proven beneficial and led to the development of best practices.
eComm 2019 led to:
- more than 40 house searched;
- around 6 500 fraudulent transactions discovered;
- €5 million in losses reported;
- €93 000 in losses prevented;
- a number of surveillance teams deployed;
- electronic devices, card data and cash confiscated.
Investigations leading to real results
The investigative measures revealed that individual fraudsters are connected to organised crime groups and have been involved in other forms of crime, such as phishing, malware attacks, using stolen passports, money laundering, creating fake websites and using social media platforms to carry out fraud.
This year, an increase was reported in the number of fraudulent purchases of services online instead of physical goods: this makes it very complex to investigate due to the virtual dimension of this crime. Fraudulent purchases of entrance or concert tickets, subscriptions and rentals are all done online, including through apps (i.e. non-card purchase, non-physical).
Some investigations showed fraudulently booked railway tickets (with compromised credit card data) are sold onwards to third parties who might then use them to commit other crimes and offences. In this case, more than 1 000 fraudulent bookings were noted, with a financial loss of around €70 000. Another modus operandi is to buy vouchers with compromised credit cards and get them reimbursed with a different payment method afterwards.
Many cross-border cases followed the ‘advance fee fraud’ modus operandi: often when a fraudulent purchase is made, bank accounts receiving the funds are located in different EU countries or overseas. Where banks were located outside the EU, international card schemes supported the investigations.
Many websites and social media accounts were used to create online shops fraudulently or purchase electronic goods. The turnover for the suspects can be up to billions of euros worldwide every year. The fraudsters use stolen credit card data, obtained on the darknet or through malware or phishing attacks, to buy products. Consumers sometimes do not realise that their card data is also being stolen or compromised when they make purchases. Industries, banks and the merchants are the ones to be penalised and the ones that registered the higher losses.
To protect consumers and provide them with more information, the Payment Service Directive 2 (PSD 2) came into effect in September 2019. One important aspect of the PSD 2 is described as Secure Customer Authentication (SCA), a secure process for customers when paying online.
It is always better to prevent a crime, rather than solve a crime. This operational action has been followed by a prevention and awareness-raising campaign, #BuySafePaySafe. There are a number of guidance measures you can follow to avoid becoming a victim of fraud:
- make sure the device you are using to make online purchases is properly configured and the internet connection is safe;
- using a card is a safe method of payment online as long as you exercise the same care as in other shopping;
- there are simple warning signs that can help you identify scams. If you are a victim of online fraud, report it to the police. If you bought the product with a credit or debit card, report it to your bank as well;
- check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.
Read more about safe online shopping on e-Commerce: tips and advice to avoid becoming a fraud victim.
eComm 2019 is an operation created as a part of EMPACT Payment Card Fraud led by Austria. This operation is a practical continuation of the work of the e-Commerce working group, a public-private partnership established in 2014 with key stakeholders, including the Merchant Risk Council, a network of 535 e-merchants worldwide.
iAustria (in the lead), Belgium, Colombia, Croatia, Denmark, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Poland, Portugal, Romania, Spain, Sweden, Switzerland, and the United Kingdom.
In 2010 the European Union set up a four-year Policy Cycle to ensure greater continuity in the fight against serious international and organised crime. In 2017 the Council of the EU decided to continue the EU Policy Cycle for the 2018 - 2021 period. It aims to tackle the most significant threats posed by organised and serious international crime to the EU. This is achieved by improving and strengthening cooperation between the relevant services of EU Member States, institutions and agencies, as well as non-EU countries and organisations, including the private sector where relevant. Cyber crime is one of the priorities for the Policy Cycle.