Printed from www.pcpro.co.uk
The e-crime epidemic
Posted on 8 Feb 2008 at 14:26
The banks also have alarming figures for payment fraud and, according to APACS, in the first half of 2007 web transactions accounted for 75% of the loss from Card Not Present crimes - a figure that's growing at 50% a year.
Tip of the iceberg
According to a report from the security software company Garlik, however, these official crime statistics are regarded as the "tip of the iceberg". The situation is made worse by the fact that, in a bizarre case of passing the buck to the private sector, Home Office regulations introduced in April 2007 changed the way credit card thefts and much internet fraud is reported. Move over PC, bring on PLC. Rather than reporting this crime to the police for investigation, victims are now told to talk to their bank.
"You report much e-fraud to the bank, not the police, so the banks have initial information on a particular crime and they can package it up and make it easier for the police to investigate," says Mark Bowerman, spokesperson for APACS. "If a crime is linked and all the different jurisdictions are reporting independently to different stations, there's no way of knowing they're investigating the same crime, but the bank can make an initial report into what's happened."
The problem is that the banks aren't obliged to pass on the crime reports to the police, and many people think it's madness to hand control to institutions with a vested interest. "The decision on whether to pursue and investigate is made by the banks," admits Bowerman. "But it's never been the case that every instance of fraud or any crime has been investigated."
Critics of the scheme believe this is yet another argument for establishing a central reporting panel for e-crime, because there are real concerns that the banks massage the figures. The Metropolitan Police recently told the House of Lords Science and Technology Committee it believes 20-30 attempts are made to hack information from organisations and financial institutions each day, but that the figure was a gross underestimate because "the banks don't want to lose consumer confidence, or because financial institutions don't have faith in the police to be able to tackle these issues."
Even if banks are telling the truth, consumer confidence in the figures could still be eroded. "Banks aren't the best place for collecting data," claims Graham Cluley of security firm Sophos. "We see a similar problem with viruses and hacks - the police just don't want to know and they tell people to speak to the antivirus companies.
"That puts us in a position of needing to collect data to assess the scale of the problem, but we have a vested interest in saying the problem is big - and, in this case, the banks have an interest in telling us the problem is small. It's like asking the padlock industry to collate details on bicycle theft - it isn't realistic."
Apart from the potential damage to their reputation, the banks have another good reason for simply paying the price of criminality and passing on the costs in bank charges - it's cheaper than solving crime. "From a bank's point of view, they're already incurring significant costs because they're going to have to recompense you anyway," says Peter Sommer, computer crime expert at the London School of Economics. "Getting the police involved only makes it more expensive for them, as they need to do all the paperwork and police liaison."
The banks may be happy to accept crime as par for the course, but the real victims of the crime are most certainly not. "It's important to have a central area for co-ordinating these issues, because at the moment there's nowhere to report e-crime," says Neil Stinchcombe, who has set up a petition on the Downing Street website calling for change. "No-one has a clue where they should be reporting crime or what action will be taken, so no-one actually knows how big the problem is. E-crime is evolving faster than the technology and tools we have to protect us from it, because the criminals have access to better tools and resources than the police."
advertisement
- Q&A: Why Conficker was a victim of its own success
- App developers losing faith in Android
- Biz Stone: Murdoch's Google veto will "fail fast"
- Google adds automatic captions to YouTube
- China ramps up cyber spying
- Mozilla maintains dependence on Google
- Windows 7 flying off the shelves
- Google Chrome OS: full details unveiled
- AOL slashes 2,500 jobs
- YouTube begins streaming full-length shows
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Microsoft Word 2010: inserting screenshots
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
