By silicon.com, 10 November 2003 15:05
Many of this morning's newspapers have been quick to point the finger of blame at the internet for £110m in 'card not present' credit card fraud.
The thinking must be that the internet is the only thing to have changed in recent years as far as card payments are concerned so it must be the cause.
It's a typical knee-jerk reaction based on the "Think what's changed and then blame it on that" mentality. Yes, the internet has come along, but rising levels of offline crime are far more likely the cause of this increase.
To assume offline crimes were halted as fraudsters all defected to the internet is laughable. It is still far easier to physically steal a credit card than it is to steal the information it contains electronically. And yet people still view the internet with suspicion.
For some reason people would still rather read out their credit details to somebody in a call centre than enter them online via a secure payment service. It's laughable to think that people believe call centre staff, with a churn rate of days or weeks rather than months, and little loyalty to their companies are more trustworthy than advanced technology.
It's incredible to think that people sit on crowded trains and book cinema tickets over their mobile phone rather than buy them at their desk via the internet. Think for a minute. The person eavesdropping behind you can write down the card details you're reading out far more easily than somebody can intercept them electronically.
Would any self-respecting criminal really invest in the time and technology required to commit advanced cybercrime while there are handbags left unattended in pubs, credit cards left behind bars, bin bags full of bank statements and fools parting gladly with their money over the phone on the packed 07:30 into London Bridge? Of course he wouldn't.
Perhaps that naivety is the real reason why these crimes are on the increase. Yes the internet contributes - people do buy things on the net, after all. But we should not be taking our eyes off the real and far more significant threat, which existed long before the internet came along.
Comments
There are 8 comments. Join the discussion
1. Beng Lim
Can't agree more with silicon's editorial.
If the bank's strong room door is open it is likely to be robbed by its own staff and walk-in customers and robbers.
So if credit cards do not have any working security - you would expect every self-respecting thief to exploit the weakness.
The so-call security for credit card was designed on the assumption that all thieves are stupid - wrong!
2. anonymous
Having been involved for years in a business that routinely accepts unattended credit card payments, but requires access to a physical credit card's magnetic stripe and limits transaction value to a few pounds, I agree that the problem with card fraud today is not just the Internet.
The blame lies firmly at the door of the card issuers. They make a huge amount of money from credit card holders and merchants and the fraud rate is just a fraction of their revenues. Their greed for turnover drives their low security levels - security gets in the way of convenience and convenience means more transactions.
Online credit card fraud is so easy that it is questionable whether it can be described as a crime at all. Nothing is stolen, copied or damaged. There isn't even any explicit fraud - you are simply asked to enter a number, not to assert you have a right to use it. Compare what the Bank of England do to secure cash compared to what the credit card companies do to secure an online credit card transaction. Why should consumers pay the police and justice system to investigate and prosecute a "crime" that the card issuers have created?
It is time the credit card companies put their house in order.
3. anonymous
I don't want to temp fate, but I've never had problems with online ordering.
My wife has been the victim of card fraud twice. And that was her new cards being stolen somewhere before they got to our house.
The only other people I know who have suffered from card fraud have either had their cards stolen or had a card copied in a restaurant when they took the card to run through the machine, which is normally out of view somewhere.
I've bought loads of things online, both for work and home, with no problems. I always make sure the site is secure (I don't try and hack it or anything, I just look for the padlock and shttp: etc etc), that it has some sort of track record (even if it is just a recomendation from a friend), or at least a verifiable address/contact details.
It doesn't take much to reduce the risk.
4. anonymous
Crime, what crime?
Having had a situation where our company has been the victim of a credit card fraud I can only say that the police seem to view this as a victimless crime and not worth the hassle of investigation. Despite the fact that we could supply a data trail that led directly to the premises of the persons involved and there were three incidents involving different cards there seemed to be no enthusiam to investigate and the suggestion was made that the incident was "really just a customer that refused to pay". In our case, while the value of the fraud was in the thousands, it was something that we could survive, many small companies would not.
5. anonymous
This article simply misses the point. The internet opens up new options for stealing and then using credit card numbers.
Visa and MasterCard have now confirmed that 5 million (yup million) credit card numbers were recently stolen in the U.S. You would have to steal a lot of handbags to get that many card numbers.
And as for online being safer - when was the last time you checked the SSL certificate of the web site you are buying from. If you don't check the certificate then all the little padlock tells you is that your session is encrypted. It might be encrypted to a russian mafia website designed to look like Tesco, or even Barclays, who are busy stealing your credit card number, password, userID. I haven't heard of anyone building a fake Tesco out of bricks and mortar!
I agree that the press reporting is over the top, but we need intelligent and informed response - not having a go at Call Centres (I talk to a lot of nice people in Call Centres) or pretending that the problem is not there.
6. Russell Fewing
Silicon are (deliberately) ignoring the fact that crime scales up so easily on the Internet.
Visa and MasterCard have admitted that 5 million credit card numbers were stolen in one 'online' heist. How many nicked handbags is that?
And don't be so quick to criticise call centre workers. In my experience computer programmers are as quick as any group to move to crime - and who thought up Napster and Kazaa?
7. Jeremy Drew
Surely one of the easiest ways to ease the problem of online credit card fraud is to only deliver to the cardholder's registered address, but of course then the credit card companies would have to give that data to the retailer....
8. Nigel Morris-Cotterill
Mr Fewing misses the point.
Computers (and by extension the internet) do not commit crime.
People commit crime.
It is not the medium per se that needs to be controlled, it is the user and his conduct.
We studied internet crime when the internet was formative (in Europe) in the mid 1990s and what was clear was that the internet is merely the latest technology channel exploited by criminals.
Criminals will always exploit new technology ahead of public sceptism. The general approach for most humans is to believe what tech. presents them until they have a reason for cynicism.
But whether we are talking about newspaper adverts or internet schemes, the principle is the same: there is insufficient scepticism on the part of the average user.
And what is noticeable is that the events that are being perpetrated now are no different to those we identified nearly ten years ago: but the number of internet users has increased dramatically, and most of those are not at all technology-savvy and so simply do not know the risks they sign up for when they turn on their computer.