Catching cyberspace crooks

Since the terrorist attacks on 11 September, online security has assumed a much higher importance and interagency co-operation is...

Since the terrorist attacks on 11 September, online security has assumed a much higher importance and interagency co-operation is beginning to see results.

The words "e-commerce" and "security" rarely go together. What often replaces the 'S' word is hacking, fraud and threat, but there are increasing attempts to reduce risk by bringing together expertise from the IT industry, law enforcement agencies and credit card firms.

The current wartime footing has put security at the forefront of everyone's minds and those businesses hoping to get through with fingers crossed and wallets firmly closed are facing up to a different reality.

The other reason for an increased focus on security is the rising level of disgruntled employees deciding their last action at their company will be to wreak havoc on internal systems.

An unforeseen consequence of the 11 September attacks has been an increase in US e-commerce spending.

"People are a little hesitant to go to stores shopping, but are going online to shop instead," says Tom Arnold, chief technology officer at CyberSource.

The increased level of online spending comes at the same time as transactions are being put under greater scrutiny in the attempts to crack down on terrorist funds.

"From a merchant's perspective, they are now finding there are agencies looking over their shoulders. In the US, the Office of Foreign Asset Control is looking at sales and who would have heard of the OFAC before," he points out.

The challenge for e-commerce firms is to add in all the extra checks and ensure customers are legitimate before they go ahead with the sale.

"Are they who they claim to be and do I accept or not? If it takes too long to answer the question, you will lose the customer," adds Arnold.

But things are getting better. The technology and awareness of the problem has improved and law enforcement agencies are starting to develop a coherent strategy to deal with online fraud.

Hackers used to compare their ability to outwit the police to someone in a sports car being chased along the information superhighway by cyclists. Arnold claims the same analogy would now see the police in a Volkswagen Beetle, which is an improvement, but still not as good as the fraudsters.

"The fraudsters have become more creative and I am paid to look at problems and come up with cool products, but the bad guys also have people like me looking for technological answers," he admits.

Partnerships with Visa and discussions with the FBI are producing results, as well as the use of police in a forensic role.

"The police don't do a good job in prevention, their skills lie in education and in the forensics afterwards, helping to catch the criminals," he argues.

The problem law enforcement agencies still face is working out where a crime in cyberspace was committed and how you bring the perpetrators to justice.

The sort of people running credit card scams are not the easiest to spot. If someone steals 15 million credit card details and uses them with different e-commerce stores at just £10 a purchase on each card, they have managed to run up a crime totalling £1.5m without attracting suspicion.

In the US, steps are being taken to pool information from users and e-commerce retailers to try and provide the FBI with the information needed to go after the criminals.

The Internet Fraud Complaints Centre acts as an online clearing house where the FBI can refer complaints to the appropriate authorities and ensure someone deals with the case.

Arnold argues that in tandem with the law enforcement agencies improving their post crime capture rate, companies need to improve their own security and face up to both the external and internal threats.

"Things will turn around and things will get better and there is more sensitivity now to security," he adds.

But he also has a healthy dose of realism and doesn't expect online fraud to disappear, despite the best efforts of technology companies and police.

"Fraud is probably the second oldest profession in the world and, even then, the fraudsters probably were conning those people in the oldest profession," he adds.

The partnership fighting crime
The Internet Fraud Complaint Centre was set up in May last year as a partnership between the FBI and the National White Collar Crime Center. The Web site ( offers users and e-tailers a chance to register their complaints.

Since 11 September the service has been encouraging users to report scams taking advantage of the terrorist attacks. There have been various e-mails asking people for credit card information to help fund charitable schemes, which are a front for fraudsters trying to get people's details.

Since the launch of the site, dozens of criminals have faced charges and prison terms are currently being served by fraudsters caught out by the FBI through the site. One of the largest areas of fraud it tackles on a regular basis is in online auction sites, where con artists have been defrauding people bidding for computers and Beanie Babies.

Read more on Antivirus, firewall and IDS products