Feeds

E-fraud costs retailers millions

At Xmas of all times too

  • alert
  • submit to reddit

Security for virtualized datacentres

Internet fraud will cost US on-line retailers $500 million this Christmas, as fraudsters devise more sophisticated scams to obtain credit card information.

Research firm Gartner said on Wednesday that an estimated $160 million will be lost this holiday season to fraud and approximately $315 million will be lost in sales due to suspect transactions.

Gartner said its survey found that on-line merchants did not think they were getting the help they needed from credit-card issuers to prevent fraud. The company advised on-line merchants to use real-time checks to look for fraudulent activity based on patterns of fraud abuses. The research firm said that suspect transactions should be weeded out for manual review and money for chargebacks should be collected from card issuers.

The warning follows a steady stream of reports over the last few months of US-based fraudsters targeting eBay and Amazon users with increasingly sophisticated credit card scams. This week, Ebay customers were targeted by fraudsters who sent e-mails to asking them to log on to a fake Web site - ebayupdates.com - that appeared to be related to eBay's official site. They were then asked to resubmit their financial details.

These scam e-mails often tell recipients that someone has tampered with their account or that some unspecified fraud is suspected. The e-mail then tells the recipient to click on a link leading to a site where visitors can enter or change their username and password.

The issue is further complicated by the fact that eBay is sending out its own share of legitimate appeals, urging some users whose accounts have been tampered with to change their passwords, thus leading to confusion.

However, fraud activity in Europe and Ireland is still largely off-line and any on-line credit card fraud does not approach anywhere near the levels of elaboration and sophistication of that in the US, said Denis Cody, vice president at Irish payment security firm Orbiscom.

Credit card transaction software supplied by Orbiscom has a facility that generates a substitute credit card number exclusively for payment on individual Web sites that the customer visits, which includes a set credit limit. In other words, if the substitute number falls into the hands of a fraudster who hacks a Web site used by the customer, the amount of potential damage is limited.

"I would certainly agree that credit card companies need to do more to prevent fraud," added Robert Burke, an engineer with on-line security firm Zerflow. "Its important for people to feel secure about buying products when they go on-line."

While Internet users in Europe were considerably more reticent at the beginning when it came to making purchases on-line, there has been a considerable increase in such purchases, said Burke. "Before people were buying inexpensive, conservative things like books, DVDs, and CDs, but now they're pushing the boat out more towards expensive purchases."

Burke said that his company has conducted audits on Web sites that were so insecure and penetrable that malicious hackers could easily find algorithms that would allow them to generate credit card numbers. Another example of lack of basic security found by Zerflow was users going onto a secure site to enter their credit card number only to find that the hosts have forgotten to turn off the auto complete function, thus exposing their numbers. © ENN

Choosing a cloud hosting partner with confidence

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.