ATM / POS Fraud , Card Not Present Fraud , Fraud Management & Cybercrime

Euro Cops Cuff Suspected Payment Card Fraudsters

31 Arrested in Spain and Bulgaria; Skimmers and Card-Forging Equipment Seized
Euro Cops Cuff Suspected Payment Card Fraudsters
Spanish police dismantle a micro camera installed in an ATM. (Source: Spanish National Police)

Police in Europe say they have dismantled a cross-border gang devoted to perpetrating payment card fraud that stole at least €500,000 ($560,000) from at least 3,000 individuals.

See Also: Better Defense Against Identity Theft and Application Fraud

The gang has been operating since 2014, installing card-skimming devices on about 400 ATMs per year to copy and clone data on payment cards, according to Europe's law enforcement intelligence agency, Europol.

"The forged cards were then used to make illegal transactions in 200 ATMs outside the European Union, mainly in the USA, the Dominican Republic, Malaysia, Indonesia, Vietnam, Peru the Philippines and Costa Rica," Europol says, noting that at least 3,000 EU citizens were affected by the criminal network.

In an effort to break up the criminal operation, Europol says 31 suspects have been arrested - 21 in Spain, nine in Bulgaria and one in the Czech Republic. "The suspects were in possession of equipment used to forge payment cards, payment card data readers-recorders, skimmers, micro cameras, devices to manipulate ATMs, as well as cash and numerous counterfeit cards," Europol says (see Why Skimming Will Grow in 2017).

Police also conducted 48 house searches - 14 in Spain and 34 in Bulgaria.

Micro camera ATM modification uncovered by Spanish police as part of their investigation. (Source: Europol)

The effort involved a joint investigation team that included prosecuting and investigating authorities in Spain and Bulgaria, supported by criminal intelligence from Europol, as well as support from Eurojust, the EU agency that handles cross-border judicial cooperation relating to criminal matters.

"An entire criminal network was taken down and, as a result, is no longer able to defraud innocent victims, thanks to the joint efforts of the Spanish and Bulgarian prosecuting authorities, and the valuable support provided by their national desks at Eurojust," says Francisco Jiménez-Villarejo, the national member for Spain at Eurojust.

A Spanish National Police agent dismantles an attacker-modified ATM.

Europol referred requests for more information about when the arrests and searches were carried out to relevant national authorities. They could not be immediately reached for comment.

But Steven Wilson, who heads Europol's European Cybercrime Center - EC3 - says that operations of this nature are thanks to continuing investments in EU law enforcement intelligence sharing as well as buy-in from EU member states. "Police forces in the EU are utilizing Europol's unique tools to ensure that electronic payment transactions are made safer," he says. "We are continuously investing more resources into this vital support platform, and now we are seeing the results of this essential work."

Card Skimming Attacks Decline

The overall volume of skimming attacks in Europe has continued to decline. "The downward trend for card skimming continues with 3,315 card skimming incidents reported, down 20 percent from 4,131 in 2015," the European Association for Secure Transactions says in an April report. "This is the lowest number of skimming incidents reported since 2005."

Based on data collected by EAST in February from 19 European countries and five other countries that participate in the group - including Brazil, Canada, Russia and the United States - 18 of those countries reported seeing card skimming attacks.

Alert: Deep Insert Skimmers

Various types of skimmers recovered by authorities. (Source: NCR)

Five countries have also reported seeing continued use of internal skimming devices. "The read head on this type of device is placed at various locations inside the motorized card reader behind the shutter," according to a teardown of card data compromise devices published by EAST. "This type of device is also sometimes referred to as a 'deep insert' skimming device."

It's not clear if the suspects arrested in Spain and Bulgaria have been accused of using deep-insert skimmers. But the devices were the focus of a February alert issued by ATM manufacturer NCR, which said it received reports of attacks utilizing such devices in the United States against ATMs built by multiple manufacturers, including NCR.

"A deep insert skimmer is different from a typical insert skimmer. This is a skimmer that is placed inside the card reader by insertion through the card slot," NCR says. "Once in place, it is hidden from view to the consumer using the ATM. Use of deep insert skimmers has emerged because they cannot be detected or jammed by anti-skimming equipment designed to prevent fraud through skimmers attached on the ATM fascia."

NCR recommends frequent manual checks of ATMs by trained personnel to try and spot these types of skimmers, and the manufacturer has published a guide.

Various third-party products are also available that purport to help block the use of these skimmers, but NCR says it does not endorse their use. "There are third-party hardware products available which can be fitted inside the card reader and are designed to inhibit placement of the deep insert skimmer," it says. "NCR does not endorse any particular product."

Instead, NCR says it plans to issue a hardware update this month for motorized card readers that it manufactures that's designed to block deep insert skimmers from being used.

Skimming: Beyond ATMs

Most skimming attacks target ATMs. But EAST says eight countries in February reported that they had recently seen skimmers being used against other devices. In particular, four countries reported that unattended payment terminals - UPTs - at petrol stations had been targeted with skimmers. One country also reported seeing an internal skimming device used on a public transport ticket machine, EAST says.

As seen in the alleged payment card fraud operation disrupted by authorities in Bulgaria and Spain, criminals who successfully obtain card data via skimming devices often attempt to use that data outside Europe. As of February, financial institutions in 45 countries that work with EAST, as well as 9 countries inside the Single Euro Payments Area, reported seeing losses due to skimming. The greatest skimming-related losses were seen in the United States, Indonesia and India, EAST reports.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.