Feeds

E-fraud costs retailers millions

At Xmas of all times too

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

Internet fraud will cost US on-line retailers $500 million this Christmas, as fraudsters devise more sophisticated scams to obtain credit card information.

Research firm Gartner said on Wednesday that an estimated $160 million will be lost this holiday season to fraud and approximately $315 million will be lost in sales due to suspect transactions.

Gartner said its survey found that on-line merchants did not think they were getting the help they needed from credit-card issuers to prevent fraud. The company advised on-line merchants to use real-time checks to look for fraudulent activity based on patterns of fraud abuses. The research firm said that suspect transactions should be weeded out for manual review and money for chargebacks should be collected from card issuers.

The warning follows a steady stream of reports over the last few months of US-based fraudsters targeting eBay and Amazon users with increasingly sophisticated credit card scams. This week, Ebay customers were targeted by fraudsters who sent e-mails to asking them to log on to a fake Web site - ebayupdates.com - that appeared to be related to eBay's official site. They were then asked to resubmit their financial details.

These scam e-mails often tell recipients that someone has tampered with their account or that some unspecified fraud is suspected. The e-mail then tells the recipient to click on a link leading to a site where visitors can enter or change their username and password.

The issue is further complicated by the fact that eBay is sending out its own share of legitimate appeals, urging some users whose accounts have been tampered with to change their passwords, thus leading to confusion.

However, fraud activity in Europe and Ireland is still largely off-line and any on-line credit card fraud does not approach anywhere near the levels of elaboration and sophistication of that in the US, said Denis Cody, vice president at Irish payment security firm Orbiscom.

Credit card transaction software supplied by Orbiscom has a facility that generates a substitute credit card number exclusively for payment on individual Web sites that the customer visits, which includes a set credit limit. In other words, if the substitute number falls into the hands of a fraudster who hacks a Web site used by the customer, the amount of potential damage is limited.

"I would certainly agree that credit card companies need to do more to prevent fraud," added Robert Burke, an engineer with on-line security firm Zerflow. "Its important for people to feel secure about buying products when they go on-line."

While Internet users in Europe were considerably more reticent at the beginning when it came to making purchases on-line, there has been a considerable increase in such purchases, said Burke. "Before people were buying inexpensive, conservative things like books, DVDs, and CDs, but now they're pushing the boat out more towards expensive purchases."

Burke said that his company has conducted audits on Web sites that were so insecure and penetrable that malicious hackers could easily find algorithms that would allow them to generate credit card numbers. Another example of lack of basic security found by Zerflow was users going onto a secure site to enter their credit card number only to find that the hosts have forgotten to turn off the auto complete function, thus exposing their numbers. © ENN

Using blade systems to cut costs and sharpen efficiencies

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple ran off to IBM
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.