Expert opinion: e-tailers should copy online fraudsters' tactics

It is credit crunch time, the belts are tightening whether you are a consumer or a business. Well for the consumer it is how they use their cash that is at the forefront of their minds: where can we save? Where can we go for the big bargains?

It is credit crunch time, the belts are tightening whether you are a consumer or a business. Well for the consumer it is how they use their cash that is at the forefront of their minds: where can we save? Where can we go for the big bargains? The online retail community has, through streamlined processes, always been able to deliver significantly reduced prices to the consumer and online sales in the UK of nearly £5bn per month are set to rise from last year's figure of 15% of total retail sales, as shoppers trawl the internet for the lowest prices.

Those of us with a stake in the online industry such as ISPs, retailers, security suppliers, government and law enforcement have a job to do. We all know that putting your financial details online carries some risks. After all, there have been numerous recent cases of large-scale online fraud and US authorities recently charged 11 individuals from across the globe with the online theft and sale of more than 40 million credit and debit card numbers. With public data breaches such as the HMRC data loss, customer confidence in the security of their online identity faces some challenges. It is only by retail and security communities combining to protect consumers with a "defence-in-depth" approach that this trust will return. There is a multitude of talent, knowledge and technology out there, which will now benefit from a unilateral approach to harnessing it.

Recently we hosted a security conference with Interactive Media & Retail Group (IMRG), a membership community for the e-retail industry, at our offices in London. A familiar theme once again dominated - the feeling that there was a need to better align fraud prevention and law enforcement. For example, attempted but unsuccessful fraud is not classed as fraud by banks but is by the police. Yet, several months ago, the Home Office decreed that if your credit card or bank account is compromised your recourse is not to the police in the first instance, but rather your bank. But the fact is the police are under significant pressure to produce results across a whole variety of crime prevention, not simply online fraud.

The fraudsters' modus operandi is to pool knowledge and resources, a template that in some ways the e-retail stakeholder community should aim to emulate. There is no single solution to the problem of fraud in the retail sector. Nevertheless, consumers need to know how all of us in the online retail world, law enforcement, and government are working together to help create an online experience free of fraud, identity theft, and irresponsible handling of our personal details.

So what is actually being done to help retailers minimize fraud online? This IMRG/Microsoft security conference and many other such conferences held around the UK, at which information is shared with like-minded people, is a critical and sure bet forward. At Microsoft, for example, we are planning our next three-day Law Enforcement (LE3) training conference for police and civilians on the coal face of forensic (e-crime) investigations, at our Microsoft campus in Reading, 28-30 January 2009.

I say it all the time, but the issue of securing data comes down to people, processes and technology. A significant amount of data theft comes down to the human factor. Whether it is a crooked call centre employee selling card details to a fraudster, a careless employee losing a laptop, or a consumer accidentally clicking on a malware-laden link, the fact is that the human element will always introduce risk into online engagements. Microsoft, online retailers and industry-backed bodies such as the GetSafeOnline campaign have all gone to great lengths to educate the consumer and reduce that risk. The technology is there to secure the customers' data and privacy, whether it is for age verification or fraud prevention.

Consumers have a responsibility as well - regularly update their software (whether operating a Mac, Windows, or open source), have current anti-virus/anti-spam software installed and turned on, and adopt safe online habits. But is there a tipping point at which retailers risk turning the consumer off the whole concept of shopping online? We all want a safe internet to shop on, so let us give our police every assistance we can they are the good guys!

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.