Europol takes down card fraud network

Europol and Romanian police have arrested 44 alleged members of a global fraud ring believed to have tampered with payment terminals throughout Europe, stealing the details of tens of thousands of cards.

  6 2 comments

Europol takes down card fraud network

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The Pandora-Storm operation saw more than 400 police officers search 82 houses in Romania and the UK, arresting 44 and seizing illegal electronic equipment, financial data, cloned cards, and cash.

Europol's European Cybercrime Centre (EC3) says that the gang has been implanting card reading devices and malicious software on POS terminals in big shopping centres throughout Europe.

The crooks were then able to steal the card numbers and PINs of around 36,000 people in 16 European countries before making counterfeits and carrying out transactions in Argentina, Colombia, the Dominican Republic, Japan, Mexico, South Korea, Sri Lanka, Thailand and USA.

The members of the group are also accused of setting up a "sophisticated criminal network for online fraud".

Troels Oerting, head, EC3, Europol, says: "This case is another example of excellent police work and flawless cooperation and a proof of the fact that EU law enforcement cooperation continues to improve. This is a good sign for the future when increased cybercrime will become a great challenge for the LE community."

Sponsored [New Report] Managing Fraud Risks with Synthetic Data: A Practical Approach for Businesses Services Industry

Related Company

Keywords

Comments: (2)

Nick Collin

Nick Collin Director at Collin Consulting Ltd

Note the countries where the fraudulent transactions took place - the sooner we have 100% EMV chip and PIN worldwide the better.

A Finextra member 

I'm not convinced in chip-and-pin as a strong authentication mechanism anyway. Any 'secure' token approach in my view is inherently insecure - particularly when you put the all authentication information on the device itself (PIN, CV1, CV2, card number and in most cases the account number and sort code). The death of chip-and-pin? Probably not coming soon, but I'd like to see someone take a serious review of it as it's just another hoop that fraudsters have now figured out how to jump through. Coincidently, today I've written an article voicing my concerns on this very subject (it actually takes a wider view on all token-based auth's): https://www.finextra.com/blogs/fullblog.aspx?blogid=7514

 

[Webinar] Unifying Card Programmes: The cost-reduction imperativeFinextra Promoted[Webinar] Unifying Card Programmes: The cost-reduction imperative