Am I the luckiest online shopper in the country?

By Nick on 23 Apr 08

Categories: ecommerce, web, fraud, phishing

I heard on the breakfast news this morning that net card fraud has been massively underestimated, and that hundreds of millions of pounds of card transactions take place fraudulently every year.

I should therefore count myself seriously lucky that as someone who has been buying things online for over ten years, I have never been the victim of online fraud. Am I just really lucky, or is it because working in the industry I'm much more able to spot the danger signs of a fake or insecure website?

If you look beneath the headlines of the report, the £500m figure includes phone and mail fraud, but most significantly £210m of failed attempts at fraud. In other words banks and retailers fraud detection systems successfully pick up nearly half the attempted fraudulent usage. There was also £245m of “high street” fraud – very nearly as much as online – which the much trumpeted “infallible” chip and PIN security system is spectacularly failing to prevent.

There's also a failure to differentiate between where the cards are being used, and how the details are being obtained. How many were obtained by hacking or phishing online, and how many were obtained by offline means – for example “skimming”, cards intercepted in the post, physically stolen, corrupt shop workers, etc?

Firefox's phishing alertObviously it is (to a degree) easier to use a stolen card number online, as there is no physical card to clone, and a degree of anonymity. But it does bring in its own degree of tracability, as the goods have to be delivered somewhere (as oppose to a high street shop where as soon as you leave the premises, you are anonymous again).

In other words this is yet another story where the internet is simply blamed entirely for a problem which in fact much wider and more complicated.

One of the main issues which needs addressing in order to prevent card details being obtained online is that of user education – how to spot a fake site; how to check you are secure; and how to differentiate between phishing spam and legitimate communication from companies you deal with. Web browsers are starting to include features which help flag up “badware” sites to the user – using alerts (see right) a traffic light system in the address bar, or in the forthcoming IE8, simply highlighting the actual domain you are visiting in the address bar.

Paypal recently announced it will begin to block users using browsers which don't have adequate security measures in place. But the fraudsters are good – in the past I've seen sites and received e-mails which would be almost impossible to detect as fraudulent to the untrained eye.

Of course by saying that I've never been defrauded, I'm obviously tempting fate for some massive purchase of herbal drugs from Nigeria to appear on my credit card statement this month. Perhaps it would be safer to switch to cold hard cash...

Comments

Write a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code: