While our government officials and legislators are so busy investigating phone conversations, charter change, piracy, drug trafficking, carjacking, terrorism and other problems, a new wave of crimes is now on the rise which our authorities are not prepared to face.  It's called CYBERCRIME.

US Treasury advisor Valerie McNiven, an advisor to the US government on cybercrime recently said that global cybercrime generated a higher turnover than drug trafficking in 2004 and is set to grow even further with the wider use of technology in developing countries.  Cybercrimes like corporate espionage, child pornography, stock manipulation, phishing fraud, extortion and copyright offenses are continuously growing and creating a lot of damage. 

"Cybercrime is moving at such a high speed that law enforcement cannot catch up with it and no country is immune from cybercrime," said McNiven during a conference on information security in the banking sector in Riyadh, Saudi Arabia.  McNiven also said that wider penetration of technology in developing nations is likely to increase levels of fraud.  She also added that human trafficking and pornography is also rising due to communication advancement and availability.

The remarks made by McNiven is supported by a recent fraud survey released by CyberSource Corporation indicating that fraudsters will take $2.8 Billion out of eCommerce in 2005, an 8% increase over the year before.  The survey asked merchants to count not only orders that were identified by the banks as fraudulent, but also to specify any charges merchants reversed as a result of calls directly from the cardholders to the merchants claiming fraudulent use of their cards. According to the survey, bank-identified fraud chargebacks accounted for less than half (37%) of total fraudulent orders.

Some of the highlights of the survey are:

- Dollar losses from eCommerce fraud continue to mount. Fraudsters will steal more than $2.8 billion from eCommerce in 2005, an 8% increase over the year before.

- Although the overall rate of fraud loss remains relatively constant at 1.6% of revenue, mid-to-large merchants are taking a pounding. Merchants selling $5-$25 million annually online saw fraud losses increase from 1.5% to 1.8% of revenue. Those selling over $25 million saw losses increase from 1.1% to 1.2% of revenue.

- International eCommerce continues to be a far higher risk, with order rejection and fraud rates about three times higher than the overall rate.

- Overall, smaller merchants, those with annual eCommerce revenues below $5 million, fared better this year, with lower fraud loss rates compared to 2004.

- All merchants are reviewing more orders manually. This increase is largely due to the growth of eCommerce, though over 75% say they are unable to add staff. Highest review rates remain in small business, where more than one out of four orders are manually examined. Mid-to-large merchants are forced to seek productivity gains - employing twice as many screening and automated decisioning tools as small businesses.

- Chargeback rates may understate actual fraud rates by as much as 50%.

Research firm Gartner Inc. also released a study stating that the number of "Phishing" attacks was up 28 percent between May 2004 and May 2005.  An estimated 2.4 million Americans were victims during the 12-month period, resulting in financial losses of about $929 million.  Phishing is about making e-mails and Web sites to look official and are used to trick people out of their credit card numbers or other personal information.

The Gartner report also said that:

- About 73 million adult e-mail users reported more than 50 phishing e-mails during the 12-month period.

- 2.42 million adults reported losing money because of phishing attacks.

- Since May 2003, nearly 11 million recipients of phishing e-mail clicked on the links. Of those, 1.8 million recalled filling out the information requested.

- Victims said their banks and credit card companies took the biggest hits. Victims recovered 87% of their funds.

- Major U.S. Internet service providers reported 150 to 200 uniquely identifiable phishing attacks against their brands.

- PayPal and eBay are the top spoofed sites. Citibank is the primary bank target for phishing scams.

To counter the increase in cybercrimes, The FBI, Monster Worldwide, the National White Collar Crime Center, the U.S. Postal Inspection Service, Target Corp. and the Merchant Risk Council setup a website called LooksTooGoodToBeTrue.com, a Web site containing a variety of educational tools to keep consumers safe from fraudsters. The Federal Trade Commission's (FTC) also has a website called OnGuardOnline.gov. Both feature glossaries with definitions of the latest Internet scourges, consumer tips for safe online practices and methods for reporting cases of Internet fraud.  (I recommend that you visit both websites and take their risk assessment test).

Given the increasing fraud incidents here in the Philippines both for the Internet and Mobile phones, why don't our government setup a site like the two I just mentioned.  Better yet, why don't private organizations like the Philippine Internet Services Organization (PISO) launch a campaign to fight online fraudsters?  Why don't Smart, Globe and SunCellular start an initiative to fight SMS scams?  The National Telecommunication Commission (NTC) released some circulars for the providers to follow to fight SMS scams but whether it's working or not is still a question. 

Education and awareness is important to fight cybercrimes, but these fraudsters are experts and technically knowledgeable.  You fight technology with technology.  You fight knowledge with knowledge.  You don't fight a criminal armed with a gun with a knife.  Given the recent economic difficulty, you cannot blame users to fall prey to these scams since almost everyone wants to get into the get-rich-fast schemes, and the fraudsters know this very well and are taking advantage of it to the hilt.

Security solution providers should also work together to fight this crime.  I've attended several security press conferences and let me be honest with you my dear readers, I myself is confused and puzzled which security solution is the right one and the best.  One will offer software security, the other one will offer hardware security, and another will offer both.  Which is which really?  They're in unison in saying that cybercrimes are increasing, and yet they have different methods in solving the issue at hand.  The question I always ask them - if you're solutions are effective, then how come cybercrime incidents are increasing?

The answer: Users should realize that security does not end with buying, installing, and configuring the best products in the industry today. It requires a clear framework or methodology that involves people, products, and processes.  Products provide some protection, but the only way to effectively do business in an insecure digital world is to put processes and policies in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches.  For ordinary users, applying a bit of common sense won't harm.  Again, the question you have to ask yourself is:  Are you that lucky?

Am logging off.  Stay cool always and God Bless us all!!!

**********

Announcement: Watch out for the Powertips 2006 "Security Secrets and Strategies" conference.

For your questions, comments, suggestions, press releases and stories, please e-mail techtvhost@yahoo.com or visit www.infochat.com.ph for more articles.