Cyber crime growing

Safety issues

In your country

News

Library

Safer Internet Day

Search / Site Map


	Home > News > Cyber crime growing

Cyber crime growing says European Commission Report

Crime, in particular related to credit cards and identity theft is a very much present part of the cyber landscape. In the United Kingdom alone credit card fraud accounted for GBP 428m losses in 2006 (approximately 90 euros lost per man, woman and child) (www.apacs.org.uk).
Of this, over half stems from card-not-present fraud. If this sum were evenly defrauded throughout the European Union, the criminals would be getting away with 44 138 345 400 euros.

The fraud is mostly perpetrated once the victim’s identity and the credit card details have been stolen by collecting their data sent through poorly secured means (e-mail, unsecured sites) and where malware collects this information. Some victims also give their details away unwittingly in response to spam and spoof e-mails. It has been reported that a single identity with credit card details is worth between “$10 to $1,000 USD, depending on the amount of funds available and the location of the account” (symantec.com).

This opportunity for rich pickings hasn’t gone unnoticed. Fraud on non-cash payments is increasing and in terms of on-line technologies, particularly, in two areas related to identity theft with respects to credit cards and banking details.

Ever inventive criminals are starting to exploit VOIP applications (e.g. Skype): “The latest ‘phishing evolution’ which yields illicit money for organised crime in this area is called Vishing which is not web-based but consists of perpetrating fraud using VOIP. In other words, a dialler calls customers and an automatic voice starts pretending to be the financial institute; it then requests credit card numbers including the Card Validation Code (CVV). The frauds over IP are becoming more and more widespread.” (europol)

In the recent Report on fraud regarding non cash means of payments in the EU the European Commission points to the trend that “both card-not-present fraud and e-banking fraud are, de facto, variations of the wider identity theft/fraud phenomenon, where the non-face to face dimension is important and whose impact seems to be growing.”

In effect, the report highlights weaknesses in the way that payments are collected by suppliers of goods and services in particular in the airline and gaming industries over the internet: “the so-called card-not-present fraud. This type of fraud is increasing in Europe and is considered to constitute the highest threat for payment cards. Card-not-present fraud consists in the misuse of illegally obtained card data in mail and telephone orders, but essentially in Internet payments (e-commerce).” The report adds: “not all merchants have systematically been collecting the card security codes (the numbers on the back of the card, also known as CVX2 numbers, which cannot be skimmed) while payment card issuers have not systematically rejected transactions with false or no card security code. The airlines/travel agencies and gaming/gambling sectors have been identified as weak areas.”

By the same token the Commission looks at another area of concern for e-safety awareness raisers: “E-banking fraud also takes place in a remote transaction environment. The main threat relates to account takeover fraud. Bank customer data is obtained through spoofing, phishing, pharming, trojans (or other viruses and similar malware), hacking of databases, staff fraud etc. Data illegally obtained is then used, for instance, to empty the account through credit transfers.”

Part of the answer to these criminal activities is to insist on providers applying the safeguards available and the European Commission is working towards a wider use of these.

As usual, raising awareness and education is paramount. As Europol points out “It seems that as long as we are not directly affected by the consequences of crimes, we do not much care about them.” This ostrich-like response is a personality trait that criminals exploit, very much to their gain and in the long run, our loss.

Tips:

Only pay for services by the internet if the page is secure (the address reads https:// and not http://).
Keep your computer virus free – update anti-virus software regularly and ensure that you apply the highest degree of security with respects to firewall and browser settings.
Keep your operating system (Windows XP for example) updated by turning on automatic updates.
Do not answer e-mails which ask for banking or credit card details.
Only install software and browser add-ins that you trust.
Do not take part in criminal activity! If you benefit from some illegal activity you are part of the market that criminals need to survive. Remember: their prime motive is profit.

Links:

Author:	Chris Jenkins, Insafe
Published:	Thursday, 29 May 2008
Last changed:	Friday, 30 May 2008

Links:

Report illegal content • About us • Privacy/Disclaimer/Copyright • Contact • Insafe Community (restricted access)

co-funded by the European Union