The European Cybercrime Centre (EC3) at Europol, in close cooperation with the French Gendarmerie (IRCGN) and the German Bundeskriminalamt (BKA), jointly organised the Forensic Meeting on Examination of Payment Card Data Compromise Devices at Europol on 23-27 June 2014.
The meeting was hosted by EC3 at the Digital Forensic Lab and was attended by experts from France, Germany, Sweden, and Finland as well as a South African expert (on-line).
The main aim of the event was to present and share knowledge on proactive techniques developed to examine equipment used by cyber criminal groups. Latest developments and techniques regarding manipulations of payment devices and terminals through physical and, more recently, new types of software attacks (such as malware) were presented. Experts also shared their knowledge on retrieving and decoding stolen payment data through practical exercises on forensic examination of retrieved data. Finally, Europol's experts explored some possibilities on exchanging intelligence between technical and operational law enforcement cyber experts on a global level, to properly tackle the phenomenon of compromised electronic payment data.
Criminals are using ever more sophisticated cyber techniques affecting payment networks, devices are becoming smaller and smaller, and card data is being misused outside of the European Union (EU) borders and on other continents. Cooperation on a global level and the exchange of modern cyber forensic techniques between experts is therefore, crucial to effectively tackling this serious cybercrime phenomenon.
The Head of the European Cybercrime Centre (EC3), Troels Oerting, said: "This is another great example of an effective alliance between EU Member States and EC3 to better protect customers and their electronic payments across the European Union (EU) and beyond. It also shows that police authorities in the EU are effectively utilising Europol's unique forensic and operational capabilities to make electronic payments safer."
According to card fraud statistics published in February 2014 by the European Central Bank, the total value of fraudulent transactions conducted using cards issued within the Single Euro Payments Area (SEPA), and acquired worldwide, amounted to EUR 1.33 billion in 2012, which represented an increase of 14.8% from 2011. The total value of fraud increased for all transaction channels in 2012 (ATMs, point-of-sale (POS) terminals and card-not-present (CNP) transactions). CNP fraud grew fastest (up by 21%), accounting for 60% of all fraud losses on cards issued inside SEPA, and driven mainly by the growing use of CNP transactions. As further growth in CNP transactions can be expected, and as such there is a strong case for the swift adoption of more effective security protection measures. The higher ATM and POS fraud were mainly a result of higher counterfeit fraud committed outside SEPA, which is largely due to lower levels of security in many countries outside SEPA. The situation should improve as more countries migrate to the EMV security standard. However, where magnetic strip use in such countries cannot be completely avoided, card schemes and issuers may wish to adopt further fraud prevention measures.
*1 – the French Gendarmerie (IRCGN) and the National Police (DCPJ SDLPTS)