The latest figures for European ATM fraud attacks reflect the ability of cybercriminals to adapt as some types of ATM related fraud incidents fall and others increase.

Figures published by EAST, the European ATM Security Team, an international network working in the Single Euro Payments Area (SEPA) to improve public/private sector cross-border cooperation in the fight against organized cross-border crime, reveal the impact of changing ATM attack methods employed by cybercriminals as they attempt to stay ahead of improving security measures against some types of ATM fraud.

While ATM fraud losses fell from EUR268 million (USD352 million) in 2010 to EUR234 million (USD307 million) in 2011, a decrease of 13 percent, total ATM related fraud incidents increased from 12,383 in 2010 to 20,244 in 2011. According to EAST, the fall in losses, down from EUR267 million (USD351 million) in 2010 to EUR232 million (USD304 million), can be explained by a continued reduction in card skimming attacks. The majority of ATM related card skimming attacks, 79 percent, continue to be perpetrated from outside national borders using stolen card details and account, as well, for most of the losses incurred.

A decrease in ATM card skimming incidents and losses is good news but, at the same, other types of ATM fraud have increased. Cash trapping incidents at ATMs increased significantly in 2011, up from just 240 reported incidents in 2010 to 10,808 incidents, and account for the net increase in ATM related fraud incidents over the last year. Cash trapping is used by criminals to defraud customers carrying out a legitimate cash withdrawal request at an ATM that delays the dispensing of money until after the customer has walked away empty-handed from the cash machine.

Organized gangs of cybercriminals demonstrate the ability to be flexible as the need arises to take full advantage of the slow deployment of counter measures against some types of ATM fraud by banks and financial institutions. Where the uptake on EMV is still low, ATM fraud losses remains high: the USA, the Dominican Republic and Colombia. Newer methods of fraud prevention such as geo-blocking and fraud monitoring capabilities continue to improve fraud detection rates but slow deployment offers cybercriminals the opportunity to re-group and adapt.