Since the terrorist attacks on 11 September, online security has
assumed a much higher importance and interagency co-operation is
beginning to see results.
The words "e-commerce" and "security" rarely go together. What
often replaces the 'S' word is hacking, fraud and threat, but there
are increasing attempts to reduce risk by bringing together
expertise from the IT industry, law enforcement agencies and credit
card firms.
The current wartime footing has put security at the forefront of
everyone's minds and those businesses hoping to get through with
fingers crossed and wallets firmly closed are facing up to a
different reality.
The other reason for an increased focus on security is the rising
level of disgruntled employees deciding their last action at their
company will be to wreak havoc on internal systems.
An unforeseen consequence of the 11 September attacks has been an
increase in US e-commerce spending.
"People are a little hesitant to go to stores shopping, but are
going online to shop instead," says Tom Arnold, chief technology
officer at CyberSource.
The increased level of online spending comes at the same time as
transactions are being put under greater scrutiny in the attempts
to crack down on terrorist funds.
"From a merchant's perspective, they are now finding there are
agencies looking over their shoulders. In the US, the Office of
Foreign Asset Control is looking at sales and who would have heard
of the OFAC before," he points out.
The challenge for e-commerce firms is to add in all the extra
checks and ensure customers are legitimate before they go ahead
with the sale.
"Are they who they claim to be and do I accept or not? If it takes
too long to answer the question, you will lose the customer," adds
Arnold.
But things are getting better. The technology and awareness of the
problem has improved and law enforcement agencies are starting to
develop a coherent strategy to deal with online fraud.
Hackers used to compare their ability to outwit the police to
someone in a sports car being chased along the information
superhighway by cyclists. Arnold claims the same analogy would now
see the police in a Volkswagen Beetle, which is an improvement, but
still not as good as the fraudsters.
"The fraudsters have become more creative and I am paid to look at
problems and come up with cool products, but the bad guys also have
people like me looking for technological answers," he admits.
Partnerships with Visa and discussions with the FBI are producing
results, as well as the use of police in a forensic role.
"The police don't do a good job in prevention, their skills lie in
education and in the forensics afterwards, helping to catch the
criminals," he argues.
The problem law enforcement agencies still face is working out
where a crime in cyberspace was committed and how you bring the
perpetrators to justice.
The sort of people running credit card scams are not the easiest to
spot. If someone steals 15 million credit card details and uses
them with different e-commerce stores at just £10 a purchase on
each card, they have managed to run up a crime totalling £1.5m
without attracting suspicion.
In the US, steps are being taken to pool information from users and
e-commerce retailers to try and provide the FBI with the
information needed to go after the criminals.
The Internet Fraud Complaints Centre acts as an online clearing
house where the FBI can refer complaints to the appropriate
authorities and ensure someone deals with the case.
Arnold argues that in tandem with the law enforcement agencies
improving their post crime capture rate, companies need to improve
their own security and face up to both the external and internal
threats.
"Things will turn around and things will get better and there is
more sensitivity now to security," he adds.
But he also has a healthy dose of realism and doesn't expect online
fraud to disappear, despite the best efforts of technology
companies and police.
"Fraud is probably the second oldest profession in the world and,
even then, the fraudsters probably were conning those people in the
oldest profession," he adds.
The partnership fighting crime
The Internet Fraud
Complaint Centre was set up in May last year as a partnership
between the FBI and the National White Collar Crime Center. The Web
site (www.ifccfbi.gov) offers users and e-tailers a chance to
register their complaints.
Since 11 September the service has been encouraging users to report
scams taking advantage of the terrorist attacks. There have been
various e-mails asking people for credit card information to help
fund charitable schemes, which are a front for fraudsters trying to
get people's details.
Since the launch of the site, dozens of criminals have faced
charges and prison terms are currently being served by fraudsters
caught out by the FBI through the site. One of the largest areas of
fraud it tackles on a regular basis is in online auction sites,
where con artists have been defrauding people bidding for computers
and Beanie Babies.