- Email: [email protected]
Australian bankers form fraud taskforce
news attacks (90%) and financial fraud (88%) as a real threat to their business. Len Hynds, Head of the NHTCU said "With 87% of respondents reporting that they had suffered some kind of hi-tech attack it is not so much will you become a victim but rather when will you know that you are a victim?"
ID Theft Roundup
One-factor authentication = massive ID theft A massive identity theft affecting Ford Motor Credit has been attributed to three men recently arrested by US Federal investigators. Philip Cummings, a helpdesk employee left Teledata Communications, a US-based company that supplies banks with credit reports from Equifax, Experian and TransUnion, armed with information to access the passwords and codes of over 30 000 customer records. After Cummings left, his password remained active, allowing him to execute this fraud. It is vital for passwords to be rendered inactive after staff leave. Randy Vanderhoof, executive director of the Smart Card Alliance said “Any system
where access is protected only by passwords is rich with fraud possibilities.” The perpetrator supplied credit reports of certain customers while co-conspirators provided additional pieces of data including names, addresses or social security numbers to piece together a customer’s complete identity record. The activity was stopped when one of the credit reporting agencies traced fake requests coming from one location in New Rochelle. So far this year, the FTC has received over 70 000 reports of identity theft. The losses are currently estimated to be $2.7 million. Manhattan US Attorney James Comey said “with a few keystrokes, these men essentially picked the pockets of tens of thousands of Americans and, in the process, took their identities, stole their money and swiped their security.”
Fraud Roundup
Australian bankers form fraud taskforce The Australian Banker’s Association has set up a fraud taskforce to cope with growing electronic bank fraud. David Bell, Chief Executive of the Australian
ISSN: 1361-3723/02/$30.00 © 2003 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@ elsevier.com. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.com), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
Bankers Association (ABA) said “Fraud prevention has always been a priority for the banking industry and Australian banks continue to be very aggressive and progressive in managing operational risks”. ABA member banks make substantial investments each year in the latest fraud detection and prevention technology, and constantly review security tactics in an effort to stay ahead of the criminals.” The Fraud Taskforce is being established to create a unified national approach to tackle new fraud problems such as ATM skimming, credit card skimming and Internet banking fraud.
E-commerce Roundup
Fake eBay website to capture credit card numbers eBay users have received emails directing them to a bogus eBay website where they are requested to submit financial details. eBay with some 55 million customers faced the prospect of its customers submitting financial details to a fake website — www.ebayupdates.com. eBay has published a word of caution on its website.
“Some members have reported attempts to gain access to their personal information through email solicitations that are falsely made to appear as having come from eBay. “These solicitations will often contain links to Web pages that will request that you sign in and submit information. eBay will never ask you for your password” said the company. The website featured both the eBay logo and used the eBay colours. The site has now been removed. The fake website was registered in Florida in early December. Downloading a logo to feature on a fake website is easy, it is just a matter of right clicking and saving the image. The average user is not educated to spot the tell tale signs of a bogus site.
US E-commerce will lose $500 million Almost $500 million will be lost to fraud and lost sales this Christmas according to research from Gartner. $160 million will be lost to fraud and $315 million will be attributed to sales due to suspect transactions.
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd
ID Theft Roundup
One-factor authentication = massive ID theft A massive identity theft affecting Ford Motor Credit has been attributed to three men recently arrested by US Federal investigators. Philip Cummings, a helpdesk employee left Teledata Communications, a US-based company that supplies banks with credit reports from Equifax, Experian and TransUnion, armed with information to access the passwords and codes of over 30 000 customer records. After Cummings left, his password remained active, allowing him to execute this fraud. It is vital for passwords to be rendered inactive after staff leave. Randy Vanderhoof, executive director of the Smart Card Alliance said “Any system
where access is protected only by passwords is rich with fraud possibilities.” The perpetrator supplied credit reports of certain customers while co-conspirators provided additional pieces of data including names, addresses or social security numbers to piece together a customer’s complete identity record. The activity was stopped when one of the credit reporting agencies traced fake requests coming from one location in New Rochelle. So far this year, the FTC has received over 70 000 reports of identity theft. The losses are currently estimated to be $2.7 million. Manhattan US Attorney James Comey said “with a few keystrokes, these men essentially picked the pockets of tens of thousands of Americans and, in the process, took their identities, stole their money and swiped their security.”
Fraud Roundup
Australian bankers form fraud taskforce The Australian Banker’s Association has set up a fraud taskforce to cope with growing electronic bank fraud. David Bell, Chief Executive of the Australian
ISSN: 1361-3723/02/$30.00 © 2003 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@ elsevier.com. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.com), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
Bankers Association (ABA) said “Fraud prevention has always been a priority for the banking industry and Australian banks continue to be very aggressive and progressive in managing operational risks”. ABA member banks make substantial investments each year in the latest fraud detection and prevention technology, and constantly review security tactics in an effort to stay ahead of the criminals.” The Fraud Taskforce is being established to create a unified national approach to tackle new fraud problems such as ATM skimming, credit card skimming and Internet banking fraud.
E-commerce Roundup
Fake eBay website to capture credit card numbers eBay users have received emails directing them to a bogus eBay website where they are requested to submit financial details. eBay with some 55 million customers faced the prospect of its customers submitting financial details to a fake website — www.ebayupdates.com. eBay has published a word of caution on its website.
“Some members have reported attempts to gain access to their personal information through email solicitations that are falsely made to appear as having come from eBay. “These solicitations will often contain links to Web pages that will request that you sign in and submit information. eBay will never ask you for your password” said the company. The website featured both the eBay logo and used the eBay colours. The site has now been removed. The fake website was registered in Florida in early December. Downloading a logo to feature on a fake website is easy, it is just a matter of right clicking and saving the image. The average user is not educated to spot the tell tale signs of a bogus site.
US E-commerce will lose $500 million Almost $500 million will be lost to fraud and lost sales this Christmas according to research from Gartner. $160 million will be lost to fraud and $315 million will be attributed to sales due to suspect transactions.
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd