Online fraud dominates retail show

Online fraud prevention was the major theme of the annual Retail Business Show (RBS) held at London’s Olympia earlier this month. Attendees debated the merits of innovative new fraud solutions and others called for greater police powers to help slow the rapid rise in online crime.

According to new research from life assistance firm CPP Group, 40 per cent of all fraud victims suffered online fraud last year. But although the technologies to detect fraud in online transactions are improving, many firms are still employing sub-standard tools, which could miss more sophisticated attacks, argued Ori Eisen, founder of fraud management firm 41st Parameter.

“Attacks are compromising the very infrastructure put in place for commerce ­ TCP/IP was never designed to be secure because no one knows who’s at the other end,” Eisen added.

Eisen explained that common anti-fraud measures such as the address verification service (AVS) which ties an individual card to the cardholder’s address, and the CV2 number on the back of cards, are not strong enough measures to prevent fraud.

Eisen advised firms to look for solutions that are able to screen transactions by browser type, time zone, language and other criteria. With this information, anti-fraud experts can then search for inconsistencies, such as a card with a billing address in the UK, which has been used to buy a corresponding product or service in a different time zone or language, he explained.

“Adding some simple code to the web page asks for this data, and then you can write rules and create algorithms that search for these inconsistencies,” added Eisen. “With this data you can see what’s hitting you without changing the customer experience, which is important.”

Also at the show, Dave Pope of fraud prevention service provider 192.com Business Services presented new research detailing the modus operandi of online fraudsters. The white paper highlighted the extent to which the criminal fraternity shares information and tactics to improve their success rate.

“Fraudsters work together to look for the point of least defence and share this information with their peers,” Pope explained. “Given that the fraudsters share information, we need to ask each other as fraud prevention professionals ‘Shouldn’t we share information too?’”

Ex-fraudster Elliot Castro, who spent more than two years in jail for his crimes ­ including online and offline card fraud over roughly a six-year period ­ also presented at the event.

Castro explained that he used social engineering techniques over the phone to call centre staff, thereby bypassing many banks’ anti-fraud measures. “I amassed knowledge of what questions they’d ask when ringing a certain bank [to confirm identity] which they did not change regularly,” he said. “Some were easier to defraud than others, and there was only one bank that I failed to penetrate at all.”

In a keynote speech, detective superintendent Charlie McMurdie, head of e-crime at the Metropolitan Police Service, argued that a centralised unit is needed to deal with the growing fraud problem, co-ordinating intelligence, engaging with industry and liaising with international law enforcement agencies. “If the national infrastructure is attacked [for example], it is not a local police force issue ­ we need a centralised team with international connections to respond to it, McMurdie said.