Internet fraud prevention

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet must make sure to avoid such scams.

Internet fraud must be prevented on two ends. First, there is the basic user who may be susceptible to giving away personal information in a phishing scam, or have it be acquired by rogue security software or a keylogger. In a 2012 study, McAfee found that 1 in 6 computers do not have any sort of antivirus protection, making them very easy targets for such scams.[1] Business owners and website hosts are also engaged in the ongoing battle of preventing Internet fraud. Due to the illegal nature of fraud, they must ensure that the users of their services are legitimate. Websites with file hosting must work to verify uploaded files to check for viruses and spyware, while some modern browsers perform virus scans prior to saving any file (there must be a virus scanner previously installed on the system).[2] However, most files are only found to be unclean once a user falls prey to one.

History[edit]

Internet fraud began appearing in 1994 with the start of e-commerce. The first trend to be seen was the use of “Famous Names” to commit the fraud. Using this method, the person committing the fraud would use stolen credit cards with the popular celebrity of the time’s name. This highly unsophisticated plan was only successful because the internet was new and the possibility of fraud had not been considered. Eventually internet merchants implemented rules to confirm the card user name.

Following the “Famous Names” strategies were more technical attacks in which hackers created card-generator applications that came with real credit card numbers. Attacks such as these were commonly targeted toward the same vendor. Merchants had no way to see cross-merchant activity until the credit card associations reported it. After 1996 fraudulent users went on the internet to test the status of stolen credit cards.

By 1998, the internet was filled with e-commerce sites. Fraudsters began to set up “dummy” merchant sites where they could harvest their own credit cards through their own site. Before the charge-backs rolled in, they would shut the doors of the website and leave the country. Soon a trend started of the mass theft of identities from the internet through information provided online under the Freedom of Information Act. One of the counter-methods merchants developed was the use of consumer accounts. The merchant would set up a consumer account the first time the consumer made a purchase. Following the creation of the new account, the merchant would perform a series of third-party checks to validate the information provided by the consumer.

As auction sites like eBay and uBid gained popularity, new fraud methods arrived specifically targeting this new merchant community. From selling bogus goods to misleading the consumer, the fraudsters continued to take advantage of consumers.[3]

Credit Card Fraud[edit]

Credit card fraud is the unauthorized use of a credit card to make a transaction. This fraud can range from using the credit card to obtain goods without actually paying, or performing transactions that were not authorized by the card holder. Credit card fraud is a serious offense, and punished under the charge of identity theft. The majority of this type of fraud occurs with counterfeit credit cards, or using cards that were lost or stolen. Approximately .01% of all transactions are deemed fraudulent, and approximately 10% of Americans have reported some type of credit card fraud in their lifetimes.[4]

While many systems are in place by the card provider to identify fraud, the card holder is left with the ultimate responsibility. Preemptive steps to reduce chances of fraud include installing anti-virus software, keeping and maintaining current records, and reviewing statements and charges regularly. The objective is to provide a first defense in spotting fraudulent charges. Exercising caution on online sites, especially suspicious or non-established sites, as well as in foreign countries is also advisable. The legitimacy of websites should be verified. Checking with the Better Business Bureau is a first step to see how that company has established themselves. Once on a website, the user can check what security or encryption software the website utilizes. A padlock to the left of the URL, can sometimes be found to signify additional security is being implemented. A physical address for the company, or sending an email to one of the contact addresses can further verify the reliability of the company.[5] Even on trusted sites, it is important to be diligent that one has not navigated away from that site. Other safe practices include being cautious of account number distribution, keeping credit cards separate from a wallet or purse, keeping constant sight of credit cards, and never signing receipts with blank spaces above the total. On accounts in which one has saved card information, it is important to have a strong password with a mix of numbers and symbols. Using different passwords for different sites, is also strongly encouraged.[6]

If a card is lost or stolen, the card holder must report it immediately, even if no fraud has been detected yet. Once a card is reported lost or stolen, the card-holder is not responsible for erroneous charges.[7]

Identity Theft[edit]

Identity theft, also called identity fraud, is a term used to refer to a crime in which someone steals and uses another person’s personal information and data without permission. It is a crime usually committed for economic gain. Stolen personal data includes Social Security Number's (SSN), passport numbers, or credit card numbers, which can easily be used by another person for profit. It is a serious crime that can have negative affects on a persons finances, credit score and reputation.

There are three specific types of identity theft aside from the broad term. Tax-related identity theft is when a criminal uses someone else's SSN to get a tax refund or a job. Victim of this type of theft must contact the IRS. Child identity theft is when a criminal uses a child’s SSN to apply for governmental benefits, open bank accounts, or apply for a loan. Medical identity theft is when a criminal uses someone else's name or health insurance to see a doctor, get a prescription or other various medical needs.[8]

Fortunately, there are precautions that one can take in order to prevent identity theft. There are simple ways in which to avoid becoming a victim of identity fraud and an easy way to remember them is the acronym SCAM. SCAM reminds us to 1. Be stingy when giving out personal information to others 2. Check financial information regularly and recognize when something strange has occurred 3. Ask for a copy of your credit report often, and 4. Maintain careful financial records. It is necessary to be aware of phishing and to always be cautious of giving your personal information out through e-mail, website or over the phone. Also be sure that the phone number, name and mailing address registered to your bank account is all correct as there are cases in which bank statements have been sent to false addresses and identities have been stolen. Check these bank statements regularly and be sure that there are no charges to your account that you do not recognize.[9]

Individuals experiencing identity theft can take immediate steps to limit the damage to their finances and personal life. The first step is to contact one of the three national credit reporting companies and place an initial fraud alert. This is done by contacting a national credit reporting company, asking them to put a fraud alert on your credit file, and confirming that they will notify the other two companies of this change. The next step is to order free credit reports from each of the three national credit reporting companies. Lastly, report the identity theft to the FTC and print an FTC identity theft affidavit and then file a police report and ask for a copy of the report.

Phishing[edit]

Phishing is a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer (phisher) can use illicitly.[10] Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware.[11] Phishing is typically carried out by email spoofing or instant messaging,and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. There are four main type of phishing techniques: link manipulation, filter evasion, website forgery, and phone phishing. Legislation, user training, public awareness, and technical security measures are all attempts to control the growing number of phishing attacks. The damage caused by phishing ranges from denial of access to email to substantial financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. United States businesses lose an estimated US$2 billion per year as their clients become victims.[12]

As early as 2007, the adoption of anti-phishing strategies by businesses needing to protect personal and financial information was low. There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. These techniques include steps that can be taken by individuals, as well as by organizations. One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. Education can be effective, especially where training provides direct feedback.[13] People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified" (or any other topic used by phishers), it is a sensible precaution to contact the company from which the email apparently originates to check that the email is legitimate. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any hyperlinks in the suspected phishing message. Nearly all legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers. It is up to the customer to use his or her discretion to separate genuine emails from phishing emails and prevent phishing attacks.[14] The Anti-Phishing Working Group, an industry and law enforcement association, has suggested that conventional phishing techniques could become obsolete in the future as people are increasingly aware of the social engineering techniques used by phishers. They predict that pharming and other uses of malware will become more common tools for stealing information.

Chargebacks[edit]

A chargeback is not necessarily a fraudulent activity. In its most basic sense, a chargeback is when an issuing bank, a bank where consumers acquire credit cards, reverses a prior charge from a bank account or credit card at the request of a cardholder because there was a problem with a transaction. The problem could be anything from a situation where the consumer did not receive the product they purchased,[15] to one where the cardholder was not satisfied with the quality of the product, to a situation where the cardholder was a victim of identity theft.[16] The concept of a chargeback rose as a measure of consumer protection taken by issuing banks and credit card companies. Chargebacks were a measure to protect cardholders from identity theft and the unauthorized transitions from identity theft. Chargebacks also provide inventive to producers and sellers to provide products of consistent quality and efficient customer service.

With the rise of technology,[17] and the resulting increase in online and telephone transactions and commerce, it has become easier to commit fraud via chargebacks. Chargebacks are an interesting concept because the process protects consumers from identity theft fraud, but opens the door for consumers to commit chargeback fraud. Chargeback fraud is also known as “friendly fraud.” Friendly fraud is the term for when a consumer authorizes a transaction for an online purchase on his or her credit card, receives the product or products the consumer paid for, but then later the same consumer files for a chargeback.[18] The fraudulent filing for a chargeback results in a consumer keeping and avoiding paying for the products they ordered.

There are several common cases where a consumer commits friendly fraud. One situation is where the consumer claims that they never received the purchase or order. In reality, they did receive the order. In this scenario, when a customer files a chargeback, it enables to customer to keep the product while not paying for the product.[19] Another situation is where a customer claims that the product they received was either defective or damaged. In this scenario, a chargeback claim facilitates the customer to get a “two for one” deal because the producer will ship a replacement product. Finally, another common situation is where the customer buys a product, but then files a chargeback with their issuing bank claiming they never authorized such a transaction.[20]

Producers and merchants have responded to the rise of fraudulent chargeback claims and have implemented measures to combat friendly fraud. It is difficult for merchants to protect against friendly fraud chargebacks because the chargeback process often favors the consumers over the producers.[21] As a result, producers need to find ways to protect themselves. The best way to prevent friendly fraudsters is for producers to require signatures for the delivered packages upon their arrival. This will provide very specific information to the producers about the delivery. The only drawback to signature confirmation is the fact that it increases shipping costs, which still hurt producers’ bottom line.[22] In addition, producers have started to share data of lists of customers who make chargeback claims. This helps producers see trends of customer’s shopping habits.[23] This transfer of information among producers helps them maximize profits and forces consumers to stay honest. Producers have also started keeping a record of all communication with customers, so customers who want to file fraudulent chargebacks have a harder time following through with the claim. Finally, e-commerce sites have started to keep track of customer's IP addresses, so when consumers make a claim that they did not make a purchase, it is much harder to lie.[24]

Although chargeback fraud is a problem with the growth of e-commerce and other alternative shopping outlets [25] with dishonest consumers, many consumers who file chargeback claims are honest and have encountered a real problem with their transaction.

References[edit]

  1. ^ "1 in 6 Windows PCs Have Zero Antivirus Protection". Retrieved 19 March 2014. 
  2. ^ "Browser.download.manager.scanWhenDone". Retrieved 19 March 2014. 
  3. ^ Montague, David. "Fraud Library History of Online Credit Card Fraud". Fraud Practice. Retrieved 2014-03-18. 
  4. ^ "Credit Card Fraud Statistics". Retrieved 10 March 2014. 
  5. ^ "FBI - Internet Fraud". Retrieved 10 March 2014. 
  6. ^ "Credit Card Protection, and Online Security". Retrieved 10 March 2014. 
  7. ^ "Protecting Against Credit Card Fraud". Retrieved 10 March 2014. 
  8. ^ "Consumer Information: Identity Theft". Retrieved 14 March 2014. 
  9. ^ "Identity Theft and Identity Fraud". Retrieved 14 March 2014. 
  10. ^ . Merriam-Webster Dictionary http://www.merriam-webster.com/dictionary/phishing. Retrieved 6 March 2014.  Missing or empty |title= (help)
  11. ^ Niels, Provos. "Safe Browsing". Google Blog. Retrieved 7 March 2014. 
  12. ^ Kerstein, Paul. "How Can We Stop Phishing and Pharming Scams?". WayBackMachine. Retrieved 7 March 2014. 
  13. ^ Hong, Jason (November 6, 2006). Protecting People from Phishing:The Design and Evaluation of an Embedded Training Email System. Pittsburgh, PA: Carnegie Mellon University. 
  14. ^ "Anti Phishing Tips You Should Not Follow". WayBackMachine. Retrieved 7 March 2014. 
  15. ^ "Chargeback Guide". Retrieved 14 March 2014. 
  16. ^ "Chargebacks: A Survival Guide". Retrieved 10 March 2014. 
  17. ^ "Chargeback Fraud". Retrieved 9 March 2014. 
  18. ^ "Chargeback Guide". Retrieved 14 March 2014. 
  19. ^ "Chargebacks: A Survival Guide". Retrieved 10 March 2014. 
  20. ^ "Common Charge Backs Often Associated to Friendly Fraud". Retrieved 9 March 2014. 
  21. ^ "Common Charge Backs Often Associated to Friendly Fraud". Retrieved 9 March 2014. 
  22. ^ "Common Charge Backs Often Associated to Friendly Fraud". Retrieved 9 March 2014. 
  23. ^ "Common Charge Backs Often Associated to Friendly Fraud". Retrieved 9 March 2014. 
  24. ^ "Chargebacks: A Survival Guide". Retrieved 10 March 2014. 
  25. ^ "Chargeback Fraud". Retrieved 9 March 2014.