Financial Crime World

Title: Slovenia Battles Surge in Financial Scams: Insights into Issuing Fraud, BIN Attacks, and Skimming Cases

By: Vanesa Filipčič, May 2017, Ljubljana

Financial Scams in Slovenia: An Overview

In the first quarter of 2017, Slovenia experienced a significant rise in financial scams. In this article, we delve into the latest fraud trends impacting Slovenia, focusing on issuing fraud, card not present fraud, and counterfeit fraud.

Issuing Fraud: A Comprehensive Analysis

Issuing Fraud Breakdown by Type

A closer investigation into the issuing fraud trend in Slovenia reveals an increase in the following types:

  1. Card Not Present Fraud
  2. Counterfeit Fraud

Card Not Present Fraud

Most Susceptible Cards and Threats

Most susceptible to card not present fraud are cards frequently used online, where security breaches and phishing schemes put consumers at risk.

BIN Attacks

BIN attack example: In a typical BIN attack, multiple fraudulent transactions with the same BIN range occur, despite small differences in the last four digits. The attack is unsuccessful when using non-existent cards or ones with incorrect expiry dates or CVC2/CVV2 values.

Counterfeit Fraud and Skimming Cases in Slovenia

Skimming Cases at ATMs

Skimming incidents were most prevalent at NCR ATMs due to their vast spread in the region. In the last six years, 19 criminal groups have exploited Slovenian ATMs for skimming activities.

Security Breaches Compromising Card Information

Several high-profile security breaches have led to compromised card information, including the InterContinental Hotel Group’s breach in the Bahamas and the Fontainebleau resort in Miami Beach incident.

Countermeasures Taken by Financial Institutions

Financial institutions across Slovenia have taken measures to counteract these issues:

  • Mercury Processing created Black list 12, restricting non-EMV ATM withdrawals in non-CLS areas and high-risk countries using all debit cards and some credit cards.
  • For a single skimming case, Mercury Processing only adds the compromised cards to a new blacklist, effectively stopping non-EMV ATM withdrawals worldwide.
  • Mercury Processing instituted Black list 244, restricting non-EMV ATM and POS transactions in the US and Canada.
  • First Online Plus rule was implemented in December 2015, with two additional rules following in 2017, aimed at limiting transactions within compromised BIN ranges using insecure Internet authorization channels.

Stay Informed and Protect Yourself

Stay informed about these financial threats and protect yourself effectively. Have any questions? Feel free to contact Mercury Processing at +385 1 6456 041 or visit their website at www.mercury-processing.com. Mercury Processing is located at Radnička cesta 50, 10000 Zagreb.