Firms told to come clean on e-commerce fraud

UK companies are trailing behind established US dotcoms and industry best practice in dealing with e-commerce fraud.

UK companies are trailing behind established US dotcoms and industry best practice in dealing with e-commerce fraud.

The warning came from Sue Thackeray, partner and head of the commercial litigation unit at Russell Jones & Walker solicitors.

She told telecoms managers at the TMA conference in Brighton that UK companies were particularly slow in adopting "reputation management" techniques, which have proved effective in combating fraud.

Reputation management involves companies meeting e-commerce fraud head-on. It means publicising fraud and attempted fraud in an effort to catch the perpetrators and reduce the chances of it happening to others.

An example of the problem, said Thackeray, was a current trial involving alleged fraud against Barclaycard, which is being held in secret because the credit card issuer was reluctant to reveal details of the case.

TMA delegate Michael Harrison, a board member of the Information Assurance Advisory Council (IAAC), confirmed the resistance to reputation management.

He said UK banks were refusing to confirm that they were the victims of fraud, because they did not want to cause panic among their customers.

This approach, said Harrison, was the opposite of that taken by established dotcoms such as eBay and Amazon, with both companies actively reporting frauds or attempted frauds.

Harrison also warned organisations not to be complacent about the damage caused by viruses such as Code Red.

There had been those who belittled the threat from Code Red after the US government and the CIA publicised the potential damage the virus could cause.

Harrison said he knew of two UK companies that had each suffered losses in the region of £10m from Code Red, but both refused to publicise the damage caused. "We are trying to get them to publicise their losses as part of the reputation management process," said Harrison.

The IAAC is seeking backing from the government's E-envoy for anonymous reporting of losses, to improve reporting and make it easier to take action.

Harrison said the proposal involved withholding the names of companies hit by fraud and viruses, but there would be almost full disclosure from the victims about the technical details of the attack.

Read more on E-commerce technology