How To Mitigate Holiday Cybercrime

Event Summary

IDC estimates that internet commerce will reach $220 billion by year 2000. During the December 1998 holiday season, FTC numbers indicate that holiday sales tripled. As on-line transactions continue to grow, so does Cyberfraud. Acknowledging the rise in cybercrime, Republican Senator Susan Collins (Maine) states, "Law enforcement officials are quickly learning that almost any crime that can be committed in the real world can also be committed in the virtual world. In fact, by using the Internet, criminals can target more victims more quickly, more cheaply, and with much less chance of getting caught."

Cyberfraud is clearly on the rise, and with the holiday season coming up, it behooves you to understand the risks involved before shopping on-line. According to Sam Nair, director of loss prevention for Cardservice International, "Internet merchants are not keeping enough checks and balances to combat fraud." Many credit card transactions are still transmitted in plain-text, allowing credit card numbers to be electronically captured unknowingly and exploited by cyberfraudsters. All credit card transactions should be encrypted -- any security less than that shows negligence on the part of the internet merchant.

Online auctions are particularly susceptible to cyberfraud. There are few regulations and controls in place to safeguard consumers against bidding for a piece of merchandise, paying for it, and never receiving it. It is just too easy for the online sellers to remain anonymous and evade identity disclosure. The lack of proximity boundaries created by the internet further complicates the situation. A transaction with someone half-way around the world may appear as close as a transaction with someone in the next office. Figure 1 documents the 10 most common internet frauds.

User Recommendations

  1. Ensure that any website that collects personal or credit card information from you has a Privacy Statement explaining what information about you is collected by their site, and how they intend to use it. If you can not find a policy, send an email or written message to the website to ask about its privacy policy and request that it be posted on the site.

  2. Ensure you are using a secure web-browser. Use an industry security standard capable web-browser such as SSL. SSL enables your financial transaction to be encrypted while in transit. This may require you to update your browser. Early versions of the major browsers from Netscape and Microsoft have serious bugs that allow criminals to read the information on your hard disk by sending the command file:///c:/ to your browser.

  3. Do not trust a website because it claims to be secure.

  4. Choose a secure password and keep it private. Avoid using passwords that contain telephone numbers, dictionary words, birthdates, and social security numbers. Make your passwords eight characters or more, and mix in numerical characters and upper and lower-case characters.

  5. When shopping online, shop from companies that you know. If you're not familiar with a merchant, ask for a paper catalog or brochure to get a better idea of their merchandise and services. Also, determine the company's refund and return policies before you place your order.

  6. Before you sign up for any online service, evaluate how the company is securing your financial and personal information. Many companies explain their security procedures on their Web site. If you don't see any security rhetoric, call up the site and ask for more information.

  7. If you suspect any kind of cyberfraud, report it at once to the FTC and to The Better Business Bureau Online. You can file a complaint with the FTC using the online complaint form.

  8. Retain a copy of your purchase order and confirmation number for your records. The Federal Mail/Telephone Order Merchandise Rule covers orders made over the Internet. This means that unless stated otherwise, merchandise must be delivered within 30 days, and if there are delays, the company must notify you.


comments powered by Disqus