Internet Fraud - Protection Against E-fraud

PROTECTION AGAINST E-FRAUD

Most industry-standard encryption technologies only protect customer data during its actual transmission. An equally vulnerable point—the Web site's storage of personal data after the transaction occurs—often remains unprotected. Many hackers break into the servers that store customer data collected from past e-commerce transactions. Third-party sites that process credit card information also may furnish weak links. Thus, most online merchants rely on secure sockets layer (SSL) encryption technology to protect e-commerce data while in transit. However, it does nothing to safeguard information before or after it arrives on the server. Ideally, sites should possess a complex combination of firewalls, digital certificates, intrusion detection, access control, passwords, anti-virus software, and even biometrics systems to verify customers' identities. Retailers also can require the three-digit card verification value (CVV or CVV2), which is printed above the signature on the back of credit cards, to prevent unauthorized use of credit card numbers that have been obtained over the Web. Finally, transaction-risk scoring software exists that can spot deviations from customers' usual shopping patterns. One of the latest developments was a smart card payment option, which became popular in Europe.

Federal legislation concerning online fraud includes the Computer Fraud and Abuse Act of 1986, which authorizes both criminal remedies and civil remedies for such offenses. The Electronic Signatures in Global and National Commerce Act ("E-Signature Act") of October 1, 2000 guaranteed that electronic signatures on legal agreements or commercial transactions enjoy the same legal status and protection as written signatures.

The Federal Trade Commission and the Internet Fraud Complaint Center (a joint initiative of the FBI and the National White Collar Crime Center) host Web sites where victims of online schemes can post complaints. In May 2000, the FBI teamed up with the National White Collar Crime Center to create the Internet Fraud Center, whose 161 full-time employees will conduct preliminary investigative work into complaints and then forward their findings to field agents. The FTC manages the world's biggest database on Internet fraud, though it cannot lodge criminal charges in cases.

Some electronic payment processors were developing special digital certificate codes that identify consumers as rightful credit-card holders. Also in the works were virtual, single-use credit cards. Ultimately, many firms hope that biometric identification systems, which read unique voice or retinal patterns, will provide higher e-commerce security.

The federal Fair Credit Billing Act limits consumer liability for all incidents of credit card fraud to only $50 of any unauthorized charges. Thus, online merchants often stand to lose the most from online fraud. Beyond the expenses of charge-backs and bank fees (which are higher than those paid by their traditional retail counterparts), companies that gain reputations as vulnerable to online fraud often lose customer confidence and business. The CSI/FBI Computer Crime and Security Survey for 2000 indicated that 44 percent of all companies interviewed revealed that they failed to report incidents, while 20 percent notified their legal counsel, and only 25 percent went to law enforcement agencies. More than half stated that they wanted to avoid negative publicity or would prefer to handle the situation themselves.