95 professional fraudsters and members of internet-based criminal networks suspected of online fraud activities were arrested during the 2018 e-Commerce Action (eComm 2018), a joint law enforcement operation supported by 28 countries1 from 4 to 15 June 2018. The main goal was to target online fraud through a coordinated law enforcement action within the European Union (EU) and beyond, followed by an awareness-raising campaign. This action also marks the start of several investigations with more arrests expected in the next few months. The activity was inspired by a similar UK pilot conducted in collaboration with Visa.
The suspects arrested during the operation were responsible for more than 20 000 fraudulent transactions with compromised credit cards, with an estimated value exceeding EUR 8 million. The action was coordinated by the European Cybercrime Centre (EC3) from Europol’s headquarters in The Hague. It received the direct assistance from merchants, logistic companies, and banks and payment card schemes. Europol also supported national authorities on-the-spot by providing analytical services in their investigations.
The e-commerce action combats card-not-present fraud, aiming for a safer online environment for customers worldwide by sharing information and developing best practices between law enforcement and the private sector. Police officers in their respective countries team up with merchants, logistics firms, financial institutions and analytical companies to find evidence of professional fraudsters. This year almost 200 private partners joined law enforcement during this action.
After several months of preparation, over 11 days police carried out house searches, arrests, interviews, confiscation of fraudulently purchased goods like mobile phones or expensive clothes, financial instruments, etc. Evidence was built to support the cases all the way to prosecuting the suspects. International card schemes support the investigations when card data is from a bank overseas. Often when a fraudulent purchase is made in the EU, the card number is from a different continent.
- More than 200 house searches
- Around 20 000 fraudulent transactions
- Surveillance teams deployed
- More than 200 private sector partners
- Confiscated electronical devices, card data, cash and drugs
Investigative measures are very complex due to the virtual and international dimension of this crime. They revealed that not only individual fraudsters but organised crime groups are involved in this phenomenon. There are indications of professionalism and links to other forms of crime like phishing, malware attacks, creating websites and using social media platforms for frauds.
Today roughly 80% of card fraud is conducted online. Social media is used to create selling profiles (shops), advertising everything at half price. When you order something with them, the fraudsters conduct the – often very expensive – purchases with compromised credit card data. The data stolen card data is often purchased from the dark web, originally leaked by a data breach after a malware or phishing attack. When making these purchases on their websites, victims may not realise that their card data is also being stolen, to then be resold by the vendor on another fraud forum. The so-called vendors often have tens of thousands of happy customers and receive great reviews. In the end, the banks and the merchants are the ones suffering the losses of this fraudulent activity, which is up to billions of euros worldwide very year.
It is always better to prevent a crime from happening. That is why this operational action is followed by a prevention and awareness-raising campaign, #BuySafePaySafe. There are a number of safety rules that can be followed in order to avoid becoming a victim of fraud:
- make sure the device you are using to make online purchases is properly configured and the internet connection is safe;
- using a card is a safe method of payment in online shopping as long as you exercise the same care as in other shopping;
- there are simple warning signs that can help you identify the scam. If you are a victim of online fraud, report it to the police. If you bought the product with a credit or debit card, report it to your bank as well;
- check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.
Read more about safe online shopping on our dedicated page: E-Commerce: tips and advice to avoid becoming a fraud victim.
The eComm 2018 is an operation created as a part of EMPACT Payment Card Fraud (PCF) led by Austria. This operation is a practical continuation of the work of the E-Commerce Working Group, a private-public partnership network established in 2014 with key stakeholders, including the Merchant Risk Council (MRC), a network of 535 e-merchants worldwide.
1 Austria, Belgium, Bulgaria, Canada, Colombia, Croatia, Denmark, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Spain, Sweden, the United Kingdom and the United States.
In 2010 the European Union set up a four-year Policy Cycle to ensure greater continuity in the fight against serious international and organised crime. In 2017 the Council of the EU decided to continue the EU Policy Cycle for the 2018 - 2021 period. It aims to tackle the most significant threats posed by organised and serious international crime to the EU. This is achieved by improving and strengthening cooperation between the relevant services of EU Member States, institutions and agencies, as well as non-EU countries and organisations, including the private sector where relevant. Payment card fraud is one of the priorities of the Policy Cycle.