Although ATM card-skimming incidents in Europe are declining, explosive attacks there are increasing, the European Association for Secure Transactions reported in its third 2019 European Fraud Update.
The report is based on country crime updates from representatives of 16 countries in the Single Euro Payments Area (mainly countries that use the euro) and four non-SEPA countries given at a meeting held in London on Oct. 8, according to a press release.
Thirteen countries reported card skimming at ATMs. Three of those reported the use of deep-insert skimming devices (also known as an M3), and the most recent variants continue to be made of transparent plastic. M3 devices are pushed deep into a motorized ATM card reader behind the shutter, far enough to escape interference from a jamming signal.
Year-to-date international skimming-related losses were reported in 41 countries and territories outside SEPA and in four within SEPA. The top three locations where such losses were reported remain Indonesia, India and the U.S.
Five countries reported ATM malware and logical attacks — one of those reported a new way of getting malware onto an ATM, which did not succeed, and four reported the use (or attempted use) of black-box devices to allow the unauthorized dispensing of cash, an attack commonly known as jackpotting.
Four countries reported card-trapping attacks. Such attacks involve devices that fit over the card-acceptance slot and include a razor-edged spring trap that prevents the customer's card from being ejected from the ATM when the transaction is completed. One of the countries reported such card-trapping attacks at fake terminals, designed to resemble lobby-door opening devices at bank branches, the report said.
Ram raids — where thieves typically use a heavy vehicle to smash an ATM — and ATM burglaries were reported by nine countries, and 12 countries reported explosive gas attacks. After one explosive attack, collateral damage of over 200,000 euro ($221,000) was reported.
Six countries reported solid explosive attacks. Worrisomely, the use of the chemical triacetone triperoxide is increasing across Europe. Mixing the highly volatile TATP — otherwise known as the "Mother of Satan" — is a complicated procedure that requires knowledge of the chemicals to avoid accidental detonation.
EAST said the spread of such attacks is of great concern due to the risk to life and to the significant amount of collateral damage to equipment and buildings.
Founded in February 2004, as the European ATM Security Team, EAST became the European Association for Secure Transactions in June 2017.