Today, Europol's European Cybercrime Centre (EC3) signed a Memorandum of Understanding (MoU) with EAST*, the European ATM Security Team, in order to further strengthen the cooperation in combating all types of payment crime, including card-not-present fraud, card present fraud, hi-technology crime, as well as ATM malware and physical attacks.
Europol's Deputy Director of Operations, Wil van Gemert, said: "Europol's EC3 is pleased to further increase the cooperation with EAST, creating further capacity to combat the threats of payment crime. We look forward to a continued engagement and cooperation with EAST and its stakeholders combating new payment industry threats"
"Europol attended our inaugural meeting in February 2004 and we have been working closely together since then," said Lachlan Gunn, EAST Executive Director. "The signing of this agreement further strengthens this relationship. Over the past 11 years ATM related payment card fraud has been the major fraud issue faced by many of our National Members, but logical and malware attacks are now recognised as an increasing threat. Our National Members represent 31 countries, with a total of 655,398 ATMs, and our working relationship with the European Cybercrime Centre is of great strategic importance to both the public and private sector."
The MoU allows Europol and EAST to exchange strategic data and other non-operational information. One of EAST’s National Member meetings (out of 3 each year) is organised and hosted by Europol. The 36th EAST Meeting took place today at Europol's headquarters in The Hague.
Europol recognises the severity of the threat presented by ATM logical and malware attacks and has prepared guidelines regarding this threat to ATMs. The production of this document has been coordinated by the EAST Expert Group on ATM Fraud (EGAF), and is a first of its kind. “The Guidance and recommendations regarding logical attacks on ATMs” which covers also ATM malware attacks, will be officially released tomorrow at the 2nd EAST Financial Crime & Security (FCS) Forum on 11-12 June 2015, at which Europol will be delivering a keynote presentation. It is also a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised. The first ATM malware incidents were reported in Western Europe in 2014. According to EAST statistics, these were ‘cash out’ or ‘jackpotting’ attacks. In 2014, 51 such incidents were reported, with significant related losses. The release of this document will be restricted to Law Enforcement and the payment/banking industry only.
*Founded in February 2004, EAST is a ‘not-for-profit’ organisation whose members are committed to gathering information from, and disseminating EAST outputs to, ATM deployers and networks within their countries/regions.