International Criminal Network Behind Large-Scale Payment Fraud Dismantled

07 September 2016
Press Release
Press Release/News

On 6 September 2016, the Italian Polizia Postale e delle Comunicazioni in close cooperation with the Romanian DIICOT, the General Inspectorates of the Romanian Police and Gendarmerie and Europol, disrupted an international criminal group responsible for large-scale misuse of compromised payment card data, prostitution and money laundering. Composed mainly of Romanian nationals, the criminal network used sophisticated ATM skimming devices which allowed them to compromise ATMs and deceptive phishing techniques to perform a high volume of fraudulent transactions in the area of Milan and Monza (Italy). Estimated losses incurred by the criminals’ activities amount to several hundred thousands of euros.

This operation resulted in multiple house searches, the detention of 14 individuals of which 7 were arrested in Italy and Romania. Micro camera bars, card readers, magnetic strip readers and writers, computers, phones and flash drives, several vehicles, as well as thousands of plastic cards ready to be encoded were seized in several locations in Romania and Italy as part of this operation.

The primary modus operandi of the criminals was to harvest financial data from different attack vectors such as ATMs skimming and phishing. The compromised card data was used to create fake payment cards which were subsequently used to perform a high volume of fraudulent transactions in the area of Milan. To secure the exchange of sensitive information among the members of the criminal group, the associates used a digital version of the pizzino1 on encrypted internet based communication services.

Europol's European Cybercrime Centre (EC3) started supporting the case earlier this year and helped the involved law enforcement authorities in their efforts to identify the suspects. Operational meetings were held at Europol’s headquarters in The Hague and EC3 provided analytical support and expertise throughout the investigation including the deployment of a mobile office during the final action day to assist the Italian and Romanian authorities on-the-spot.

In addition, Europol information and analysis systems were used to exchange and cross-check intelligence received from EU Member States and non-EU countries with which Europol has an operational agreement.


ATM skimming refers to the use of highly advanced devices which target an ATM, thus allowing the attackers to copy and store magnetic strip card data and confidential PIN codes.

Phishing refers to the attempt of obtaining sensitive information such as username, password and payment card data by masquerading as a trustworthy entity in an electronic communication.