E-criminals nicked £205m from UK retailers last year
Twice as bad for shops as thefts and fraud in meatspace – study
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Online fraud and other 'e-crimes' have cost British retailers operating over the internet at least £205m in a year according to the first comprehensive study of the make-up and scale of crimes affecting e-commerce.
According to figures (8-page / 590KB PDF) published by the British Retail Consortium (BRC), the direct and indirect costs associated with electronic crime (e-crime) are twice the level of overall retail crime. The study estimates that retailers lost 0.75 per cent of all sales in 2011-12, meaning that £205.4m was lost from sales of £28bn. In contrast retail crime as a whole amounted to 0.36 per cent of the £303bn value of all retail sales, according to the BRC.
The trade body called on government and law enforcement to "take e-crime more seriously" in order to maximise the sector's benefit to the economy. Sixty per cent of the retailers surveyed as part of the study said it was "unlikely" that they would report any more than 10% of e-crimes to the police, due to lack of confidence in the response by officials to complaints. Only 14 per cent said that they were satisfied with current law enforcement support for such attacks, saying that e-crimes were not "considered to be a priority" by many police forces.
"Online retailing has the potential for huge future commercial expansion but Government and police need to take e-crime more seriously if the sector is to maximise its contribution to national economic growth," said Stephen Robertson, director general of the BRC. "Retailers are investing significantly to protect customers and reduce the costs of e-crime but law makers and enforcers need to show a similarly strong commitment."
He said that the authorities should develop a consistent, centralised method for reporting and investigating e-crime and ensure sufficient resources were directed to tackle the "emerging threat".
"This will encourage retailers to report more offences and allow the police to better identify and combat new threats," he said.
The BRC questioned a range of companies including supermarkets, department stores, fashion, health and beauty and mixed retail which, when taken together, accounted for 45% of the UK retail sector by turnover, it said.
In addition to £77.3m in direct losses as a result of various types of fraud, retailers lost an estimated £11.6m in legitimate business deterred as a result of fraud prevention measures - for example, honest customers deterred from continuing with an online purchase by additional burdensome security measures. The cost to businesses of installing these measures was also considerable, the BRC said.
Personal identification-related frauds – for example, account takeovers - were the most expensive type of e-crime for retailers over the period surveyed, producing £20m of losses in 2011-12. Card fraud cost retailers £15m, while "refund frauds" accounted for an additional £10m worth of losses.
The BRC said that other types of e-crime, such as bogus 'phishing' websites, were also a particular problem for UK retailers; however losses as a result of these crimes were harder to quantify. UK brands and companies are the second most targeted by fraudsters after those in the US, the BRC said.
"Some respondents [indicated] that a single phishing attack within the period surveyed could have cost the company concerned up to £2 million to deal with," the paper said.
Although more sophisticated attacks like phishing or hacking were often carried out by perpetrators from outside the UK, the BRC said, its evidence suggested that the majority of frauds were carried out within the UK. Retailers reported that around 86 per cent of the attacks they experienced originated within the UK, it said.
Copyright © 2012, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
COMMENTS
Doesn't help if the police are not interested.
A few times I have notified banks of phishing, but they don't seem to care. If the amount of effort that has been put into tackling file sharing has gone into phishing and other electronic crimes, then maybe something will be done about it.
I know someone who paid for a camera from a website only for it to never appear and the person to vanish. He told the police and they said there is nothing that can be done about it and they have lost £500. However, when it comes to file sharing, the police will be doing dawn raids.
The police are not bothered with tackling fraud against individuals. I have reported them to the police, but they say there is nothing they can do about it. It is only when large companies are afraid of others buying cheaper versions of their goods that the police are happy to get involved, that really annoys me.
How many times have people had their email accounts hacked, only for the police or anyone not care? However, if they were a politician, say Sarah Palin, then everything is done to get the hacker into prison. Double standards!
Call me Mr Cynical
Having worked for many years in the retail sector, most of the senior managers believe that the majority of theft is actually carried out by staff. Not so much in terms of numbers of thefts but in amount of money / goods taken. It's been that way for a long time and based upon my own experience, it's probably valid.
Is that any different with online retailing? At first glance, the answer would be no; the cases highlighted tend to involve people working for criminal gangs in Eastern Europe, Africa or Asia. But they don't tend to say too much about where some of the information originally came from. Call me cynical, but in several cases it seems likely that at least some of the information came from an inside source that highlighted where vulnerabilites could be found.
The reality is that everyone has their price; many will argue otherwise, but they are fooling no-one but themselves. It starts with a company pen, photocopying minutes of the football club committe meeting, phonecalls to people for non company use. These are often viewed as just "perks", part of the job, no harm done to anyone. But soon they become seen as "rightful" use; and people can get upset if they are questioned over the amount that they take.
What started as a box of matches to light a cigarette, became a weeks groceries for some managers in supermarkets and resulted in a number of my then colleagues getting fired. Often, an argument is made "If they paid us better, we wouldn't have to do it"; sorry, complete BS. Many of the worst offenders were people on the highest wages.
When you consider how much the criminals make from their thefts, it wouldn't cost them a great deal to buy someone on the inside. For example £250k to a programmer for details on a few lines of code could net them tens of millions. And I think it pretty likely that they could find people to offer them the details for a lot less than that.
Warnings and cynicism
People were warned not to put their businesses on the web as it isn't a secure platform, now they've gone ahead anyway they want the police to sort it out!
I'm also suspicious of the numbers. It all seems lie a lot of plucking numbers out of the air and extrapolating along graph lines.
Continuing on that theme they seem to be saying that "the internet" is a huge barely exploited source of income. This seems obviously untrue. If I buy my bog roles on line, I stop buying them in a shop. So all we've done is shuffle around the money, not create any new money in the economy.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
