Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

E-commerce and fraud


Published on

Presented at Cambridge Economic Crime Symposium

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

E-commerce and fraud

  1. 1. E-commerce and fraud Ian Brown UCL
  2. 2. Outline <ul><li>Where is fraud happening: card payments and telecommunications </li></ul><ul><ul><li>Is this a technology problem? </li></ul></ul><ul><ul><li>How can we fix it? </li></ul></ul><ul><li>Nothing in this discussion is meant to absolve criminals… </li></ul>
  3. 3. Card payments <ul><li>Global fraud yr.2000: $2bn (DataMonitor) </li></ul><ul><li>“ Online fraud has risen by 60 per cent, from £5m to £8m which the Interactive Advertising Bureau said was to be expected because Internet shopping rose by 76 per cent in the same period [Jan-Sep 2001].” </li></ul><ul><li>– The Observer </li></ul>
  4. 4. Small and shrinking problem?! <ul><li>Overall, UK online fraud fell from 0.32% to 0.29% of turnover </li></ul><ul><li>UK online fraud < 2% total card fraud </li></ul><ul><li>Europe 1/1500, US 1/2500 </li></ul><ul><li>May change in future, but should be kept in perspective </li></ul>
  5. 5. Faulty technology? <ul><li>Credit card numbers flowing over Internet where they can be grabbed by any passing 13-year old hacker? </li></ul><ul><li>No: SSL, telephone orders, bar/restaurant use </li></ul><ul><li>SET development; merchant obstruction </li></ul>
  6. 6. Liability <ul><li>Banks push “card not present” transaction risk to merchants – so can afford to be generous to consumers (£50 limit) </li></ul><ul><li>But many online banking terms and conditions force risk onto customers: </li></ul><ul><ul><li>“ Until you tell us, you will be responsible for any instruction in writing or by telephone or Internet which we receive and act on even if it was not given by you.” – Egg </li></ul></ul>
  7. 7. Secure card payments <ul><li>Use chips, not stripes </li></ul><ul><li>But where does it go in your PC… and what does your PC tell it? </li></ul><ul><li>Who pays? </li></ul>
  8. 8. Telecommunications fraud <ul><li>Actually larger problem - $1bn+ dial-through fraud alone </li></ul><ul><li>Phone phreaking </li></ul><ul><li>Clip-on fraud </li></ul>
  9. 9. Continuing fraud problems <ul><li>Hacking switches – Porsches, Concorde </li></ul><ul><li>PBX fraud – Scotland Yard lost £1m </li></ul><ul><li>Premium rate calls </li></ul>
  10. 10. Better phone security <ul><li>Analogue  digital mobile phone changeover brought major security improvements </li></ul><ul><li>Cryptographic phone authentication </li></ul><ul><li>But designed by phone companies, so guess who benefitted… </li></ul>
  11. 11. Protecting customers from fraud <ul><li>Call charge display and limits </li></ul><ul><li>Consistent numbering </li></ul><ul><li>PBX manufacturer liability </li></ul>
  12. 12. Conclusion <ul><li>Fraud is rarely entirely the “fault” of one party </li></ul><ul><li>Law should help consumers help themselves… </li></ul><ul><li>… but also ensure liability lies with party best-placed to reduce the problem </li></ul>