EU payment card fraud nets 1.5 billion euros a year to cybercriminals
Although the total number of payment cards (debit and credit) issued in the EU in the previous 12 months reached over 726,000,000 – card fraud has actually been on a decline in recent years due to technological advances that have increased the security of transactions.
However, Europol reports that there remains a very active criminal market in payment card fraud in Europe, pulling in around 1.5 billion euros a year for the organized crime groups involved.
The wide adoption of EMV (Chip and PIN) technology in the EU has been a key driver for reducing domestic “card-present’ (CP) fraud. Chip and PIN technology offers stronger security features than conventional magnetic strips, both for the physical card (unlike magnetic strips, the chips cannot be easily duplicated), for the technological infrastructure behind the transaction, and for the cardholder whose confidential data is more secure.
However, the level of illegal card-present transactions carried out overseas has seen a sharp increase as criminals target the weak points of the system by committing crimes using non-EMV compliant cash machines and payment card terminals in countries such as the USA, Dominican Republic, Colombia, Russian Federation, Brazil and Mexico.
Organized crime groups upgrade their criminal techniques relatively quickly, producing devices to bypass the latest anti-skimming technology and exploring other ways to rip off EU consumers and industry.
As “card-not-present’ (CNP) transactions do not benefit from the same security enhancements as Chip and PIN cards, CNP fraud is on an upward trend. In the period analysed, around 60% of losses to card fraud, totalling around 900 million euros, were caused by card-not-present fraud.
Credit card information and bank account credentials are some of the most actively traded “goods’ on the Internet’s underground economy and this stolen data is used to create cloned cards which are used to make fraudulent card-not-present online purchases with EU suppliers.
Most of the credit card numbers misused in the EU come from data breaches in the USA. Major investments by EU industry in the 3D secure protocol have increased the security of transactions, however not all transactions are protected with it on an EU or worldwide level.
Since the vast majority of such criminal activities take place online in multiple countries, often involving numerous parties, the most effective law enforcement solution is to task specialised cybercrime teams with such cases.
In the last year, Europol provided support to EU law enforcement authorities in hundreds of international investigations into payment card fraud. The new European Cybercrime Centre (EC3), which officially launches this week at Europol in The Hague, will be the focal point in the EU’s fight against cybercrime, contributing to faster reactions in the event of online crimes. It will support Member States and the European Union’s institutions in building operational and analytical capacity for investigations and cooperation with international partners.