The 2004 holiday shopping season is behind us, and retailers are breathing a sigh of relief in the mistaken assumption that once Santa slithers back up the chimney, the risks for fraud go down again until Black Friday, 2005.
Unfortunately, online fraud is not seasonal. Rather, its peak times tend to vary in different types of business. Jewelry purveyors, for example, hit their high fraud points around Valentine's Day and Mother's Day, whereas office supply stores see a spike around the back-to-school season at the end of August and beginning of September.
This month, Internet fraudsters are preying on Americans' patriotism by offering bogus inauguration memorabilia. Auction sites are also feeling the pinch with Super Bowl-related rip-offs. But no business has a safe season when it comes to online fraud, because fraudsters don't take vacations.
The Hurrier They Go, the Behinder They Get
Naturally, savvy retailers take steps to combat Internet fraud, but keeping one step ahead of the latest scams is akin to safeguarding computers from the latest virus. As soon as a fraud-prevention technology debuts, illegally minded computer geeks are hard at work figuring out a way around it. And while the image of a hacker calls to mind a loner frantically tapping at the keyboard, the reality is that there is a community of fraudsters who share information in real time.
"Fraudsters figure out a way to defeat the latest technology, then post the techniques in online newsgroups," said Julie Ferguson, co-chair of the Merchant Risk Council and co-founder of ClearCommerce Corp., a provider of fraud prevention and payment processing solutions for online retailers. According to Ferguson, the locations of the newsgroups or online bulletin boards accessed by the cyber-thieves change daily, which makes tracking them down a real challenge.
The Merchant Risk Council (www.merchantriskcouncil.org), which pursues new technology to enable e- commerce merchants to guard against fraudulent activity, will take a screen snapshot of any site that details ways to circumvent a particular retailer's anti-fraud mechanism and inform that retailer.
The problem of staying ahead of the fraudsters is compounded by the fact that so much of the fraud takes place in foreign countries, where law enforcement is often ineffective in combating this type of theft.
How Scams Operate
Many online scams are variations of brick-and-mortar rip-offs, but there are original ones designed just for the Internet as well. And of course, as technology advances, so do the tools that cyber-thieves have to work with.
A relatively new way of getting credit card numbers for use in illegal online transactions is to take a photograph of the front and back of the card using a cellular picture phone. These phones can be purchased anonymously for less than $100. With a picture phone, fraudsters don't even need to touch the card, and the person to whom it belongs may not know the card is being misused until the bill comes. A snapshot of both sides of the card even gives the fraudsters the CVV2 code, which many e-tailers request to verify that the person placing the order actually has possession of the card.
Scammers also get credit card information through a method called phishing. Phishing involves sending an unsolicited e-mail that appears to be from a legitimate company, such as a bank or an online auction site, and requesting that the cardholder verify credit card information. When cardholders click on the link, they are taken to the cyber-thief's site, where all the information they enter is captured and reused for illegal purposes. Some of these spoof e-mails can be identified by poor grammar or by the fact that the account holder is addressed as "Dear Customer" rather than by name, but many of the e-mails look legitimate.