Data on ATM fraud in 23 countries has been released in the second European ATM Security Team (EAST) European Fraud Update for 2011.
Skimming attacks at ATMs continue with 20 countries reporting incidents. 8 countries reported increases in such incidents, and 2 countries decreases. 2 countries have reported a new variant of skimming device, and three countries that anti-skimming devices have been successfully over-ruled or removed by criminals.
This follows the recent EMV loophole investigations in Operation Night Clone (simultaneous arrest operations in Bulgaria, Italy, Spain, Poland and the USA involving over 200 police officers), as explained by Europol.
Organised crime groups are always looking for new criminal opportunities and for some time they have been targeting the vulnerability of payment cards with magnetic strips. Within the EU, criminals’ work has been made more difficult with the full implementation of EMV technology (chip and PIN), but criminals have since exploited a loophole in these security arrangements by making illegal transactions with EU issued cards in non-EMV compliant regions, including Africa and the USA. Payment cards in the EU are targeted for cloning, and the fraud committed in other regions which still accept payment by magnetic strip. This was the major feature of the criminal methodology used by the organised crime group in this case and is an increasingly common problem.
I suppose they would also consider on-line transactions or other card-not-present situations a “loophole”.
Looks like chip and pin provides real benefits over mag stripe. I wonder what it’ll take to finally get rid of mag stripes here in the US. Think we’ll go for chip and pin eventually, or move straight to the next gen? I saw a demo of hard-token based cards at RSA this year, think that’s the future?
bulgaria or romania ?
From the report: “The focus of the operation was Bulgaria, where 150 police officers participated in operations to arrest 47 suspects.”