- Related Stories
-
Anti-spyware bill gets new life
January 25, 2005 -
Banks bearing the brunt of phishing scams
January 20, 2005 -
McAfee joins identity theft watchdog
January 12, 2005 -
FTC, states take on online-auction fraud
April 30, 2003
Losses related to an average case of
The survey, which follows an earlier study carried out by the Federal Trade Commission in 2003, indicated that Internet-related crimes are actually less severe, less costly and not as widespread as previously thought.
The amount of money lost to
"This new research contradicts some common assumptions about identity-theft fraud and points to new paths of prevention. There are several steps consumers can take to improve their identity safety and protect themselves against this type of fraud,"
The survey said computer crimes accounted for only 11.6 percent of identity fraud in 2004 in which the cause was known. Half of those crimes stemmed from
"Our numbers show that fears about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues," James Van Dyke, Javelin's founder, said in a statement. "Indeed, most instances of identity fraud occur through traditional channels and are paper-based, not Internet-based."
Users can protect their financial data by using updated software that protects against spyware and viruses and by and not responding to
Also revealing was the finding that half of those who committed the online crimes are closely related to the victim as a friend, family member or neighbor.
See more CNET content tagged:
identity fraud,
fraud,
crime,
identity theft,
survey
"...the survey which indicated that Internet-related crimes are actually less severe, less costly and not as widespread as previously thought."
I'm very surprised at this statement as in other reports it's stated that over 90% of online pcs are infected with spyware. Couple this with the fact that a pc (with a certain OS) connected to the Internet without proper hardening will be compromised in under 5 minutes. Now to me, that seems pretty wide spread.
This article also seems to give the impression that the research conducted by the FTC in 2003 is in agreement with the research conducted by the BBB and Javelin Strategy & Research Group - but the first link below highlights the fact that the FTC is very aware of this serious and growing issue. The link is a testimony before the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census by Howard Schmidt - CISO, eBay Inc.
Additionally, the notion that users can protect their personal information by conducting their financial business over password-authenticated Web sites is part of the problem. Passwords are no longer a strong measure of security. Spyware on pcs can collect those passwords from Internet browsers as a user is typing it into a "protected web site". What good is it then? A password is only as good as the user typing it, and as such, does not prove that a user is he or she claims to be. A better solution would be to urge financial institutions to administer 2-factor authentication. That way, even if a password is compromised, there is still a portion of the required credential that isn't known to the attacker.
Lastly, to wrap up with a few figures, in a report furnished by the SMU Engineering Department, damages to US financial institutions in 2004 was estimated at $1.2 billion. Estimated damages to consumer victims was $1.8 million. Now these figures may still not be near offline ID fraud, but the ease of which online fraud can be conducted make it a very serious crime to pay close attention to.
http://reform.house.gov/UploadedFiles/Schmidt1.pdf
http://www.antiphishing.org
http://engr.smu.edu/~tchen/papers/talk-bt-Nov2004.pdg
How timely could this story possibly be with the economy slowing down......
It's all relative isn't it when it comes to consumer protection. Ask
yourself, is one crime too many? Especially if that one crime turns out to
be against one of us.
Quite often in IT Governance we use a maturity model, which I am sure that
many of you are familiar with. Based on that concept we'd have to say that
so called off-line ID crime tools and countermeasures have had a few hundred
years to mature and evolve and yet we continue to see a figure like $4,543
in losses. On the other side of the coin, the Internet only really took off
just sixteen years ago, 1989 and the skills and techniques of perpetrators
today have only begun to mature. The objectives and results of the different
techniques may be the same, but the similarities end there. The tools and
access to vulnerable information are drastically incomparable. So where or
how do these crimes really compare?
Another fascinating spin on this article is how it differs from the CSI/FBI
2004 report. Fraud is definitely a crime of opportunity. Thus it's only
logical that as more and more people become interconnected there will be
more opportunity. If so what purpose does this report truly serve to the
public? Have you let you guard down yet?
Best regards,
Mark.
Mark E. S. Bernard, CISM, CISSP, PM,
e-mail: Mark.Bernard@TechSecure.ca
Web: http://www.TechSecure.ca
Phone: (506) 325-0444
Leadership Quotes by John Quincy Adams: "If your actions inspire others to
dream more, learn more, do more and become more, you are a leader."
Information Security Notice:
This e-mail is classified as private and is intended for use by the sender
and recipient "only". Unauthorized access to this e-mail will be dealt with
in accordance to the Canadian charter of rights and freedoms section 7 and
8.