Tackling Internet Fraud: Electronic Banking Fraud Is Growing with Increased Internet Usage, but Fortunately So Too Are the Technology Solutions
Curtis, David, Journal of Banking and Financial Services
Given the growth of the information society and the advent of the internet, we can all see the need for enhanced security in our daily activities. The electronic marketplace has become increasingly vulnerable to attack, more frequently and through increasingly sophisticated means.
For example, criminal syndicates operate globally using stolen identities, often based around an initial fraud on credit cards in one country. This cross border fraud is created to generate a spend in another country, which can be readily perpetrated across the internet.
In response, companies have increased the responsibilities and accountabilities of their risk management and security functions. While security still tends to be low on the agenda, companies are elevating security to be an integral part of their business strategy.
Cybercrime: the facts
Here are some scary statistics and facts about cybercrime:
* Fraud in Australia is estimated to cost around $6 billion a year, according to the Committee on Drug & Crime Prevention.
* Identity fraud alone cost the British economy $1.6 billion in 2000, according to British Cabinet Office and Internet Industry Association data.
* Identity fraud in the US increased by 88 per cent last year (Internet Industry Association).
* Data and PINs stolen from magnetic stripes by skimming is sold over the internet to the card counterfeiters. This is increasingly the case in countries where the card issuers and acquirers have not yet migrated to chip technology.
* In Europe, more than 50 per cent of fraud perpetrated on payment transactions is cross border, with only 12 per cent of the transaction volume cross border from the country of card issue (Nilson Report, February 2004).
* In the US, 37 per cent of online credit card transactions involve stolen of fraudulently manufactured cards. The issue here is that the merchant offering goods and services online carries the risk if a credit card is used fraudulently to pay for the goods or services (and neither the card nor the cardholder were actually present at the time of the transaction). As the merchant cannot verify the card or the cardholder, the card issuing bank does not have to transfer the funds to the merchant's account.
* Only 36 per cent of companies experiencing cyber crime actually report the crime, according to the US Department of Defence CyberCrime Centre.
* According to the Melbourne Age, requests for assistance from the Australian Securities and Investment Commission have increased from eight to 200 in the past two years.
* The Australian Hi Tech Crime Centre is investigating an online theft from a major Australian bank, in which a criminal hacked into a customer's e-banking details. This calls into question the level of cryptographic protection around these details.
* The recent increase in "phishing" scams, which encourage internet users to divulge confidential details including bank account details, to fake websites for subsequent fraudulent use.
* In 2003 the Australian Crime Commission established a special intelligence operation on identity fraud, and the Australian Federal Police established the Australian High Tech Crime Centre to strengthen the focus on dealing with cybercrime.
As a result of the uptick in fraud, governments, the scheme operators VISA and MasterCard, their member banks and responsible corporations are drilling down into identity management issues and understanding the cost implications of solving these issues.
One such issue is how to develop disparate security measures across divisions which are often competing for a company's limited IT resources. What is needed is a more integrated approach to security.
Developing such a strategy is increasingly a global issue as internet transactions transgress geographic borders, limiting the effect of corporate of even national rules. …