fraud

Infosecurityadviser.com highlights need for central e-crime body

Submitted by Kai on Thu, 2008-10-16 10:02.
This just entered my inbox:

London, UK 16th October 2008 Research carried out by Infosecurity Europe has shown that 95 per cent of people would prefer to report online fraud directly to a dedicated e-crime agency, rather than having to go through APACS and/or the financial services firm with whom the fraud took place.

The research by the Infosecurity Europe show - which took in online responses from 359 visitors to the site - follows on from a debate in the House of Lords on e-crime and IT security issues.

In that debate, their Lordships noted it was anomalous for UK banks not being obliged - in law - to refund account holders who have been electronically defrauded.

Lord Broers, the Chairman of the House of Lords Committee on Science and Technology, said that the current situation is that account holders are only being refunded under a voluntary code, noting that that in today's environment, this is scarcely appropriate.

In addition, Lord Broers said, whilst customers currently report their e-frauds to the banks, it is not in the banks' interests to draw attention to the fact that their anti-fraud systems have failed.

Against this backdrop, their Lordships concluded there is a need for specific legislation - similar to the Bills of Exchange Act 1882 - which specified that if a bank honoured a forged cheque, the bank, not the customer upon whose account the cheque had been drawn, was liable.

Commenting on the results of the security debate and the Infosecurityadviser.com research, the Earl of Erroll, a cross-bench member of the House of Lords, said that he was not surprised that 95 per cent of people would like to be able to report online fraud directly to a dedicated body.

"I think that people instinctively realise that you cannot expect people or organisations to report their own shortcomings reliably," he said, adding that the industry must always have independent bodies looking after our interests.

"I am delighted that money is finally being put into out into the new National Fraud Reporting Centre and is actually going to be given some teeth in the form of the new Police Central e-crime Unit," he added.

Lord Erroll's comments were echoed by Mike Barwise, Editor of Infosecurityadviser.com, the online forum for the information security industry who noted Lord Broers' description ( "extraordinarily complacent" ) of the government's response to the August 2007 report on personal Internet security by the House Science and Technology Committee.

The House of Lords debate, he said, was fascinating, as it illustrated the degree of confidence that consumer must have in a system for it to flourish.

"Lord Sutherland of Houndwood's comments that Internet trading and purchase... depend on confidence and trust in the processes employed by the banks and in the priority that they give to personal Internet security, highlights this fact," he said.

"As events in the financial world in recent weeks have shown, without an underlying level of confidence in a given market, that market will collapse spectacularly. The danger with e-trading security is that, if confidence fails, the e-trading market will similarly slump," he added.

For more on Mike Barwise's comments: http://www.infosecurityadviser.com/view_message?id=74

 

, ,

TJX - over reaction?

Submitted by Kai on Mon, 2008-08-18 14:15.
Benjamin Wright posted a comment about TJX case been an over reaction. He has also posted on this on his own blog.

First things first: let me welcome you to the blogosphere! Taking your expertise as a laywer, I probably should just shut up and not start to argue, but then again, what is the point of a discussion if we cannot share our opinions?

To you comment, I do not agree that there has been an over reaction. I think this depends on your point of view. If you consider only the known theft of money, you might be right.

However, if you consider the theft of privacy, the costs related to renewing CCs and the potential threat to the CC holder, I think the reactions so far has been anything but over reaction. I also think it is necessary to consider the time frame of the attack - this went on for quite a while, and I think it is important to consider that this was an important "wake-up" call to many shops.

You say that the Credit card issuers over reacted. I disagree. Their alternatives where:
  • say nothing (and wait for the press to find out...ticking, expensive bomb)
  • say "your credit card info is just lost, but hey, who cares? It is way too expensive to issue a new card" (and wait for customer to yell, call the press and cancel their cards manually; adding potential expensive law suits to the cost)
  • do as they did - cancel all cards, issue new ones. High initial cost, but low cost & risk in the long run. Just imagine the cost of loosing the trust of the credit card user...

Hacking Feedburner - who do you fool?

Submitted by Kai on Thu, 2008-08-07 10:28.

There is a Feedburner hack available. It seems to let you increase the number of readers on your blog. WRONG - it increases the number SHOWN - thus only making your blog appear more popular than it really is.

Why would you even care for such a self fooling hack? I am pretty sure that some script kiddies and equally !mature creatures out there may use this tip to show off their number of readers to their friends, not realizing how easy it is to see through.

Personally, I prefer real readers who actually read what I write. So thank you - for reading!

1234567next ›last »
Syndicate content

Recent comments