Today is the annual peak of on-line transactions in the run-up to Christmas. Will consumers stay away because they are scared of being ripped off? Will they once again flock on-line for their annual binge? If so, will the proportion of fraud be such as to trigger a backlash in the New Year?
Last monday at a meeting of the EURIM E-Crime Group to help plan support for the E-Crime Reduction Partnership one of the contributors, speaking on behalf of the Information Security Awareness Forum said that we were very good at preaching to each other but not to the outside world. Another suggested that perhas we needed a plot line in East-Enders.
On Saturday the BBC did much better: a crisp three minute clip on Breakfast TV, repeated and also placed on the main news webside. The only thing missing was the Get Safe On-line website address. Tony Neate did a crisp summary of the problems with Fake websites. A BBC voice-over said that inside a day of Operation Papworth (which took down 1200 in one day) the fake Tiffany sites were back up. Rik Fergusson of Trend Micro (one of the global operations than is looking beyond current generation reactive security) then pointed out than anyone in the world can use .co.uk. It is no more trustworthy than .com.
The key messages were all there – and will hopefully reach a larger audience than East-Enders – including those whose businesses rely on on-line trust.
It will take a few days to see the impact of the advice and perhaps a month to see the fall-out – not just from the advice and but also from the annual peaks of on-line business and on-line fraud.
Pressure is building up to cleanse the domain name system as a key point of leverage in the fight against on-line fraud and malpractice but that raises the interesting question of who is serious. Co.uk may be unpoliced but the registration details for .ltd.uk and .plc.uk are supposed to match those registered with Companies house – and almost no-one uses them.
Is that because they are not promoted or because the commercial value of the increased trust is negligible?
If on-line business today falters, or sees an unacceptable (what is that?) level of fraud, how long will it be before that changes?
And will the change be business-led and “simple” – for example, registrars enforcing the e-Commerce Directive by reminding customers of the need for trading web-sites (such that those using .co.uk to carry contact details for use in the event of dispute and charging a “deposit” to cover the administrative cost of de-registration that will be refunded once they have shown that they have done so).
Or will we have rounds of impractical legislative and regulatary flummery.
Part of the discussion at the EURIM meeting was on the need for industry and government to work together to identify the actions needed and bring them about lest concern over on-line rip-offs triggers the on-line equivalent of the Dangerous Dogs Act.