Online fraud still on the rise

Posted on March 03rd, 2005

Phishing and rich pickings bring criminals to the web in growing numbers…

The UK is among the worst offenders for originating fraudulent transactions, with the growth of phishing scams and the temptation of booming ecommerce revenues blamed for an explosion in online fraud. The US, Romania and Vietnam are the worst in terms of point-of-origin for fraudulent transactions. The UK shares second place with Canada and Germany, according to the fifth annual Internet Security Report from VeriSign. These findings are based on transactions which secure site provider VeriSign deemed too risky to complete. In total, VeriSign processed around $12bn in online sales between 1 November and 31 December 2004 – an 88 per cent increase on the same period of 2003. Six per cent of those transactions were blocked – representing $720m worth of assumed fraudulent transactions. And that is only the tip of iceberg. Peter Dorrington, head of fraud solutions at SAS, said: ‘Fraud is rising at an incredible rate for a number of reasons. It is becoming more attractive as a crime because it is low risk and high reward. It’s a lot safer than robbing banks and the police cracking down on other, offline areas of crime is driving criminals into fraud.’ And it’s likely the fraudsters will get an easy ride from the police, said Dorrington.

‘Fraud is not something police forces are measured on in the UK, for example. It doesn’t hit high on the police agenda and their resources in this area are limited.’ Fraud is also becoming a more mature industry. There is infrastructure in place such as the networks of compromised servers and PCs which can be exploited, at a per-dollar rate, by the criminals.

An interesting finding from VeriSign is that Nigeria, which has become synonymous with online fraud and identity theft in recent years, has dropped out of the list of worst offenders, possibly because those perpetrating the crimes in the past have moved on to new territories. ‘Point of origin is interesting,’ said Dorrington, ‘though it may tell us little about where the criminals are actually based. It will show us though whether this is a concerted effort or a one-off.’ ‘But a gang which finds a good technique, rather than changing their methods will often change their geographical location. As they get closed down in one territory they simply move on to another.’

That needn’t mean physically upping sticks and relocating but simply switching to new servers elsewhere – often where regulation is lighter. Many spammers in the US use servers based in China for example. Similarly, Dorrington said the appearance of Canada high up the point of origin list is due to ‘a weakness in Canadian law.’

Similarly the country where the fraud is being targeted is of interest. Dorrington said: ‘Some of this is about the dynamics of economy. Fraudsters will ask themselves of any country ‘Is it worth committing a fraud there?”

MasterCard today announced the launch of its Match anti-fraud database which will flag up traders who have been reported for financial irregularities previously and enable banks to more dynamically screen transactions.

Walter Hansen, VP of global security and risk services at MasterCard, said: ‘The use of an anti-payment fraud databases is critical to helping the banking industry manage risk. Hansen predicted the system could generate estimated cost savings of up to €200m per annum in the EU, based on cardholder disputes on identified merchants.

By Will Sturgeon