Card security should target criminal sites, report claims
By Stewart Mitchell
Posted on 21 Mar 2011 at 12:36
Anti-fraud officials are missing a trick when it comes to tracking credit card and identity fraud, according to a report from security research company Identity Intelligence (IDI).
Rather than concentrating on verifying which end-user details are genuine, security officials should also be reviewing information from criminal websites to spot frauds, IDI said.
“Millions of fraudulent applications could be detected and prevented if the credit agencies checked against the data that the criminals have in their possession, rather than just the information supplied to them by legitimate institutions,” said IDI director Colin Holder.
By looking at the criminal websites, and the information being sold, security officials would be able to build up a clearer risk profile for individuals whose details were likely to be used in bogus applications for financial services.
The warning comes weeks after official figures showed online card fraud had dropped, and confirmed the number of compromised cards had also fallen.
According to the report, just over 61,000 stolen credit cards were used on the internet during 2010, a decrease of 10% on 2009.
However, the incidences of personal data being stolen and sold on by criminals during the same period increased dramatically, from 138m to 270m records, with 4,500 websites used to trade details.
Those details, IDI said, could well be used to apply for new cards and accounts.
According to security experts, the personal details were harvested during phishing attacks, which are on the rise globally and are hard to prevent.
“They are so easy to set up, and although there are techniques for identifying and blacklisting the sites, they take about four days to set up, by which time the phishers have moved on,” said Dave Waterson, CEO of security firm SentryBay.
“They are targeting more than just bank details now, because the more fields they can fill in on an application form, the more valuable the data is – it’s not just for bank details.”
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
