I’m not much of a Nostradamus, but one thing I can predict with near certainty is that this time next year we are likely to find ourselves witnessing an all-time high in the rate of online credit and debit card fraud. Ironically, that surge in online theft will be the result of efforts to make the offline use of credit and debit cards more secure.
By Oct. 1 of next year, retail establishments are supposed to be able to accept new credit and debit cards that have a chip embedded and require the use of a PIN when making purchases at the checkout counter. The point is to make the cards smarter so that financial institutions can better detect fraudulent usage. Requiring a PIN clearly adds a layer of identification and protection that can deter such fraud.
How do we know that this effort to increase security at the point of sale is going to actually drive online fraud? We already saw it happen in Europe.
In 2002, European financial institutions starting rolling out these very same cards and point-of-sale terminals. We call this technology EMV (Europay, MasterCard and Visa). Financial institutions intend to make EMV a global standard for authenticating credit and debit card transactions using integrated chip technology.
This technology has now been partially or fully deployed in about 14 countries and regions, including most Asian Pacific nations, all of Europe, most of Latin America and the Caribbean. Every country and region in which EMV has been deployed has seen a corresponding surge in online fraud.
Four years after beginning the deployment of cards and new point-of-sale terminals, about 99 percent of businesses and consumers were utilizing EMV. No doubt the cards were effective at cutting offline abuse. Before EMV, Europe saw fraud losses in stores of about 13 basis points of net sales. After EMV, the offline fraud rate plummeted to just 3.5 basis points, according to Douglas King in the study, “Chip-and-Pin: Success and Challenges in Reducing Fraud.”
However, the online world was a fraud nightmare. Online credit and debit card fraud rates more than doubled from the pre-EMV days. In 2004, Europe had an online credit and debit card fraud rate of 25 percent. By 2010, the rate had soared to 64 percent. Further, the European Central Bank’s February 2014 report on card fraud found that card-not-present (CNP) payments, i.e. payments via the internet, post or phone, were the source of 60 percent of total fraud incidents across Europe in 2012. With about $1.1 billion in fraud losses in 2012, CNP fraud showed the highest growth rate, up 21.2 percent from 2011, and analysts project this growth rate will continue to increase in 2013 and 2014.
Making credit and debit cards smarter made the crooks smarter. They stopped using cards with EMV technology in brick-and-mortar stores. Even the thieves knew that using one of the new EMV cards in a store was quickly going to get the card shut down.
So they doubled their efforts at stealing online, where the chips in cards did no good when all that was required were card numbers. Additionally, the bad guys shifted more of their nefarious online activity to foreign countries where it’s even harder to tell a legitimate card user from a thief.
When EMV technology was established, the crooks also started targeting debit cards over credit. Most debit cards use the magnetic stripe and therefore behave like credit cards without the chip and pin, making it easier for fraudsters to exploit both offline using the swipe and online using the debit card number.
Some will probably ask why online retailers don’t just require a PIN for all purchases as in-store clerks do with EMV. We may see more of that kind of adoption here in the U.S. than we’ve seen in other countries that saw this surge in online fraud, even as offline fraud declined. However, putting any barrier to check out in the ecommerce world means a lot of full shopping carts that never make it to purchase.
We live in a technological age where it often seems that everything is coming at us all at once and information overload is the edge of a cliff we teeter on daily. My son, who is not even 3 years old, plays games on my iPad and has his own tablet – a Nabi. Watching him navigate the programs – some educational and some not – has led me to question whether it serves a greater good or harmful to his cognitive development.
I know he is learning hand-eye coordination and being exposed to a great many ideas, enhanced vocabulary and even the beginnings of critical thinking skills, but is there a hidden cost? Parenting magazine had an article entitled “The Right Technology for Kids at Every Age.” The answer, according to the article’s author, Gwenn Schurgin O’Keeffe M.D., the American Academy of Pediatric’s tech expert, isn’t entirely helpful in settling the question. She believes, “there really is no ‘right’ age to allow our kids to dip a toe into the digital pond.”
O’Keeffe proclaims that thanks to technology we are free to open “the mind to an almost endless expanse of knowledge.” She went on to list different devices and apps and what your child should be able to do with such devices at different ages. The only warning I found was about cell phones emitting electromagnetic fields and a child’s developing skull being thinner than that of an adult. But doesn’t knowledge of any sort require a context, a level of maturity to process and value it? Can we integrate knowledge and use it without that gate? Should we even try? On that, O’Keefe is silent.
This complicated issue definitely involves balance – allowing your child some exposure while also making sure they have equal or more time to use their imaginations, read books and play games that do not require batteries.
When the police release the latest annual crime statistics tomorrow, chances are there will be little or no reference to cybercrime.
Perhaps it is because the concept of cybercrime is still relatively new and not everyone is aware of the risks. Businesses are complicit in the lack of awareness of the threat because cybercrimes are hugely under-reported. This urgently needs to change.
In the words of Beza Belayneh, CE of the South African Centre for Information Security, cybercrime is a national crisis. Business is affected by crimes such as fraud, murder and robbery; and indirectly through the effects of crime on insurance, investment and business confidence. Cybercrime will also affect business, directly and indirectly, with direct losses including electronic cash theft, identity theft, information theft, deleting information from systems and rendering systems unworkable. The indirect effects includes the cost of securing against intrusions, replacing equipment, appointing specialist security staff, compensation to clients who suffered losses, insurance costs and loss of customer confidence.
According to a study by cyber security firm Wolf pack Information Risk, the three sectors hardest hit by cybercrime in South Africa were government, banking and telecommunications. They were conservatively estimated to have lost R2.6bn between January 2011 and August last year. What we do not know is how much cybercrime goes unreported or undetected.
Because police statistics do not precisely categories cybercrime, they do not tell us the extent to which South Africa has become a victim of it. What we do know is that it is a critical threat to be taken very seriously.
The National Cyber security Policy Framework was approved by the Cabinet in March last year, but is not yet publicly available. As a result, the only official definition of cybercrime is contained in the 2011 draft policy framework, which says cybercrime is "illegal acts, the commission of which involves the use of information and communication technologies." Police record all kinds of fraud, forgery, misappropriations and embezzlement as "commercial crime".
But crimes related to the "increasing role of computerization and electronic communication in commercial activity" is still referred to as "so-called cybercrime", without it being specified or quantified.
All businesses are potential targets, but small businesses are now on the front line. According to Symantec’s 2013 Internet Security Threat Report, 50% of all targeted attacks last year were aimed at businesses with fewer than 2,500 employees. The largest growth area for targeted cybercrime attacks was businesses with fewer than 250 employees.
David Szady, vice-president of the US security conglomerate Guardsmark, was quoted in South Africa safety and security magazine Servamus in August last year as saying thousands of intrusions into corporate networks, government systems and personal computers are occurring every day; though the real threat is in the "continuous transfer of wealth from national economies".
Szady believes that if the trend towards rapidly increasing cybercrime is not reversed, it will have a catastrophic economic effect, resulting in reduced economic growth, impaired competitiveness and job losses.
Verine Etsebeth, a lecturer in information security and data protection at the University of the Witwatersrand, says cybercrime is bigger than the global black market in marijuana, cocaine and heroin combined. She said earlier this year that there were twice as many cybercrime victims as newborn babies. It is useful to consider the experience of a country such as the UK, which has a substantially bigger economy and which is typically a few years ahead of South Africa in technology trends and risks. More than 9-million adults in the UK have had online accounts hacked and 8% of the population say they have lost money to cybercrime in the past year. Cyber security experts at the University of Kent report that 2.3% of the UK population reported losing more than £10,000 to online fraud and cybercriminals.
Maximale veiligheid op de kaarten
Ongevraagde telefoontjes niet beantwoorden, hyperlinks niet geraakt en laat niet uw credit card worden gejat, of genomen, uit je gezicht.
Als dat een beetje draconische of politie-staat ook voor u klinkt, dan beginnen voorbereiden cybercriminaliteit en oplichting.
De toename van de internet-enabled apparaten is het zien van een overeenkomstige toename in de snelheid van oplichting en cybertheft door partijen die ook profiteren van de toenemende hoeveelheid informatie die we - meestal vrij - online beschikbaar maken.
De Australische betalingen Clearing Association schat 262.6 miljoen dollar ging verloren aan creditcard diefstal in het financiële jaar 2011-2012. De Australische Commissie van de misdaad, als gevolg van de Task Force Galilea in ernstige en georganiseerde beleggingsfraude activiteit in Australië, geschat verliezen in '' boiler room''-type moeten worden, meer dan 113 miljoen dollar tussen januari 2007 en April 2012. Een ketelruim is waar iemand verzoekt u om te investeren in onbestaande of waardeloos aandelen of investeringen.
De regering heeft een aantal initiatieven om te proberen om consumenten te beschermen. In eind juli, bijvoorbeeld, kondigde de procureur-generaal, Mark Dreyfus en staatssecretaris van de procureur-generaal, Shayne Neumann, een belangrijke initiatief voor een nationale online rapportage faciliteit voor cybercriminaliteit genaamd de Australische cybercriminaliteit Online rapportage netwerk, of ACORN.
Maar er veel die je doen kunt om jezelf te beschermen - plaats is, inzicht in de aard van de problemen die er zijn.