Combating E-crime - electronic commerce fraud - Brief Article - Statistical Data Included

Internal Auditor, Dec, 2000 by C. Brune

SEVENTY PERCENT OF online retailers believe the Internet poses more risk than traditional market routes, according to a recent survey of 800 e-retailers in the United Kingdom. Conducted by Experian, a global information-management company, Internet Fraud: A Threat to Online Retailers uncovers the extent of e-fraud, its operational impact, similarities in fraudsters' methods of operation, and the effectiveness of fraud prevention systems.

The study found that online businesses increasingly have become victims of repeated, opportunistic, and unsophisticated fraud. "In effect, the Internet is becoming the first choice for thieves that, in another age, might have just been petty shoplifters or locker-room pickpockets," says Richard Fiddis, chief operating officer of Experian U.K.

Fortunately for retailers, Internet thieves make little effort to cover their tracks. According to the study, only 10 percent of e-fraudsters establish a false telephone account and fewer use a redirection service at the delivery address.

Still, nine out of to Internet fraudsters are getting away with it. Although 57 percent of organizations report incidents of fraud to criminal authorities, a mere 9 percent of those cases actually result in prosecution. In addition, survey results show that e-retailers consistently per form inadequate identity verification processes. Many organizations rely almost totally on manual fraud prevention measures, and fewer than half use external data to verify a customer's name and address prior to authorizing an e-transaction.

Moreover, victims of Internet fraud are slow to respond to the crime, says Fiddis. In fact, two thirds of survey participants reported that their organizations routinely took more than a month to detect credit card fraud, and 18 percent took up to two months. "By that time, the thief has gotten away with it--not just once, but in 40 percent of cases, several times on the same Web site," Fiddis says.

"The use of external information to provide online, real-time authentication of the Web site visitor's identity is the best way to tackle this type of crime," maintains Fiddis. "The level of identity authentication can then drive processes designed to frustrate all but the most sophisticated of fraudsters, making the Web safer for all parties.

Strengthening software and hardware architectures may also help to prevent e-fraud, suggest KPMG's assurance and advisory services experts. Their recently released white paper, E-Commerce and Cyber Crime: New Strategies for Managing the Risks of Exploitation, focuses on how organizations can develop comprehensive cyber-defense programs to fight online crime. The paper describes current e-marketplace risks, explains how online attacks frequently occur, examines predicted changes in the nature of online crime, details how organizations can respond to e-fraud and avert damages, and discusses how organizational leaders can prepare for future protection.

PricewaterhouseCoopers also recently released a report in response to the increasing threat of Internet fraud. The paper assesses the effectiveness of new weapons available to fight fraud and lists a number of precautions companies can take to reduce the likelihood that they'll fall victim to online crime. Recommended measures include:

* Establishing that e-mail, billing, and shipping addresses match.

* Determining the name and location of the customer's Internet service provider.

* Verifying the company's trading address and registered office.

* Obtaining the past three years' accounts to ensure solvency and turnover levels.

* Determining the names of directors and shareholders and examining for potential conflicts of interest. Though John Hayton, author of the report, recommends using advanced software to monitor key risks, he also cautions organizational leaders to remember that it is people--and usually employees--who defraud organizations.

For more information from Experian on Internet fraud, visit www.experianeseries.com. The KPMG paper can be downloaded from www.us.kpmg.com. To learn more about the PricewaterhouseCoopers report, visit www.pw.com.