It is
credit crunch time, the belts are tightening whether you are a
consumer or a business. Well for the consumer it is how they use
their cash that is at the forefront of their minds: where can we
save? Where can we go for the big bargains? The online retail
community has, through streamlined processes, always been able to
deliver significantly reduced prices to the consumer and online
sales in the UK of nearly £5bn per month are set to rise from last
year's figure of 15% of total retail sales, as shoppers trawl the
internet for the lowest prices.
Those of us with a stake in the online industry such as ISPs,
retailers, security suppliers, government and law enforcement have
a job to do. We all know that putting your financial details online
carries some risks. After all, there have been numerous recent
cases of large-scale online fraud and US authorities recently
charged 11 individuals from across the globe with the online theft
and sale of more than 40 million credit and debit card numbers.
With public data breaches such as the
HMRC data loss, customer confidence in the security of their
online identity faces some challenges. It is only by retail and
security communities combining to protect consumers with a
"defence-in-depth" approach that this trust will return. There is a
multitude of talent, knowledge and technology out there, which will
now benefit from a unilateral approach to harnessing it.
Recently we hosted a security conference with Interactive Media
& Retail Group (IMRG), a membership community for the e-retail
industry, at our offices in London. A familiar theme once again
dominated - the feeling that there was a need to better align fraud
prevention and law enforcement. For example, attempted but
unsuccessful fraud is not classed as fraud by banks but is by the
police. Yet, several months ago, the Home Office decreed that if
your credit card or bank account is compromised your recourse is
not to the police in the first instance, but rather your bank. But
the fact is the police are under significant pressure to produce
results across a whole variety of crime prevention, not simply
online fraud.
The fraudsters' modus operandi is to pool knowledge and
resources, a template that in some ways the e-retail stakeholder
community should aim to emulate. There is no single solution to the
problem of fraud in the retail sector. Nevertheless, consumers need
to know how all of us in the online retail world, law enforcement,
and government are working together to help create an online
experience free of fraud, identity theft, and irresponsible
handling of our personal details.
So what is actually being done to help retailers minimize fraud
online? This IMRG/Microsoft security conference and many other such
conferences held around the UK, at which information is shared with
like-minded people, is a critical and sure bet forward. At
Microsoft, for example, we are planning our next three-day Law
Enforcement (LE3) training conference for police and civilians on
the coal face of forensic (e-crime) investigations, at our
Microsoft campus in Reading, 28-30 January 2009.
I say it all the time, but the issue of securing data comes down
to people, processes and technology. A significant amount of data
theft comes down to the human factor. Whether it is a crooked call
centre employee selling card details to a fraudster, a careless
employee losing a laptop, or a consumer accidentally clicking on a
malware-laden link, the fact is that the human element will always
introduce risk into online engagements. Microsoft, online retailers
and industry-backed bodies such as the GetSafeOnline campaign have
all gone to great lengths to educate the consumer and reduce that
risk. The technology is there to secure the customers' data and
privacy, whether it is for age verification or fraud
prevention.
Consumers have a responsibility as well - regularly update their
software (whether operating a Mac, Windows, or open source), have
current anti-virus/anti-spam software installed and turned on, and
adopt safe online habits. But is there a tipping point at which
retailers risk turning the consumer off the whole concept of
shopping online? We all want a safe internet to shop on, so let us
give our police every assistance we can they are the good guys!