French police (OCLCTIC)1 supported by Europol's European Cybercrime Centre (EC3) have arrested 18 members of a criminal gang who were illegally using modified, ’ghost’ point-of-sale (POS) terminals. The terminals were used to copy and store magnetic strip card data and confidential PIN codes, and then to steal at least EUR 3 million from victims’ accounts. Of the 18 arrestees, 12 were imprisoned after the final raids last week.
The ghost POS terminals were modified by the criminal gang who skimmed and then cloned the cards of unsuspecting customers. The customers handed over their cards, thinking that they were making payments; however the fake devices were off-line and had never been connected to a bank payment network. Instead, the devices copied the customers’ card data, printed fake receipts for them and their cards were then cloned. Alternatively, the customers were not given a fake receipt but informed of a ‘connection error’. Their card was still skimmed and they were then asked for another means of payment.
Forensic analysis of the devices has revealed a highly sophisticated crime. French investigators have disclosed the technical manipulation of the hardware and POS software which actually enables the use of POS as a ghost terminal and for data compromising.
The fake terminals were used in taxi cabs and discount stores to skim card data, and then fraudulent money withdrawals were later made using cloned cards in the Miami area of the United States, Dubai, and in Thailand.
Head of Operations of the European Cybercrime Centre, Paul Gillen, said: “Criminals will continue to develop new methods for stealing our identities, money and ideas online, and we have to continue developing international operations such as this. The organised crime gang involved in this sophisticated electronic payment crime has been dismantled and brought to justice as a result of many months of hard work by police officers and prosecutors in France and in Europol’s EC3. Thanks to these actions, payment transactions in Europe and beyond are safer. We will continue to prioritise the fight against this type of technology-facilitated crime.”
EC3 at Europol provided analytical support including on-the-spot assistance during the final arrests in France. Europol initiated the case at the end of 2013 and also organised a forensic experts’ coordination meeting and training session at its headquarters in The Hague inJune 2014. EC3’s aim at this June session was to share knowledge and make Member States’ experts aware of, amongst others, the phenomenon of POS ‘ghost’ terminals.Experts learned about proactive techniques developed to examine equipment used by cybercriminal groups as well as the latest developments in the manipulation of payment devices and terminals.
In addition, Europol’s information and analysis systems were used to exchange and cross-check intelligence received from EU Member States and non-EU countries that have operational agreements with Europol. This operation demonstrates the crucial role of the exchange of information and intelligence through Europol’s channels and the importance of international operational coordination.
To reduce the risk of becoming a victim of this type of electronic crime, check your banking transactions regularly and immediately inform your bank of anything suspicious, which could also include a transaction not being debited from your account after you have used your card.
1 Office central de lutte contre la criminalité liée aux technologies de l'information et de la communication (OCLCTIC) (Central office in the fight against IT and communication crime).
For further information about Europol, please contact:
Lisanne Kosters, Europol Corporate Communications, +31 70 302 5001