Event
Summary
IDC
estimates that internet commerce will reach $220 billion by year 2000. During
the December 1998 holiday season, FTC numbers indicate that holiday sales tripled.
As on-line transactions continue to grow, so does Cyberfraud. Acknowledging
the rise in cybercrime, Republican Senator Susan Collins (Maine) states, "Law
enforcement officials are quickly learning that almost any crime that can be
committed in the real world can also be committed in the virtual world. In fact,
by using the Internet, criminals can target more victims more quickly, more
cheaply, and with much less chance of getting caught."
Cyberfraud
is clearly on the rise, and with the holiday season coming up, it behooves you
to understand the risks involved before shopping on-line. According to Sam Nair,
director of loss prevention for Cardservice International, "Internet merchants
are not keeping enough checks and balances to combat fraud." Many credit card
transactions are still transmitted in plain-text, allowing credit card numbers
to be electronically captured unknowingly and exploited by cyberfraudsters.
All credit card transactions should be encrypted -- any security less than that
shows negligence on the part of the internet merchant.
Online
auctions are particularly susceptible to cyberfraud. There are few regulations
and controls in place to safeguard consumers against bidding for a piece of
merchandise, paying for it, and never receiving it. It is just too easy for
the online sellers to remain anonymous and evade identity disclosure. The lack
of proximity boundaries created by the internet further complicates the situation.
A transaction with someone half-way around the world may appear as close as
a transaction with someone in the next office. Figure 1 documents the 10 most
common internet frauds.
User
Recommendations
-
Ensure
that any website that collects personal or credit card information from
you has a Privacy Statement explaining what information about you is collected
by their site, and how they intend to use it. If you can not find a policy,
send an email or written message to the website to ask about its privacy
policy and request that it be posted on the site.
-
Ensure
you are using a secure web-browser. Use an industry security standard capable
web-browser such as SSL. SSL enables your financial transaction to be encrypted
while in transit. This may require you to update your browser. Early versions
of the major browsers from Netscape and Microsoft have serious bugs that
allow criminals to read the information on your hard disk by sending the
command file:///c:/ to your browser.
- Do not trust
a website because it claims to be secure.
-
Choose
a secure password and keep it private. Avoid using passwords that contain
telephone numbers, dictionary words, birthdates, and social security numbers.
Make your passwords eight characters or more, and mix in numerical characters
and upper and lower-case characters.
-
When
shopping online, shop from companies that you know. If you're not familiar
with a merchant, ask for a paper catalog or brochure to get a better idea
of their merchandise and services. Also, determine the company's refund
and return policies before you place your order.
-
Before
you sign up for any online service, evaluate how the company is securing
your financial and personal information. Many companies explain their security
procedures on their Web site. If you don't see any security rhetoric, call
up the site and ask for more information.
-
If
you suspect any kind of cyberfraud, report it at once to the FTC and to
The Better Business Bureau Online.
You can file a complaint with the FTC using the online
complaint form.
-
Retain a copy of your purchase order and confirmation number for your records.
The Federal Mail/Telephone Order Merchandise Rule covers orders made over
the Internet. This means that unless stated otherwise, merchandise must
be delivered within 30 days, and if there are delays, the company must notify
you.