• by Seana Mulcahy , December 6, 2004

I'm sure if you are reading this column you never open e-mails from someone you don't know, use a firewall, have virus protection software on your home and work computers, tell your kids to protect themselves while on instant messenger, etc.

There seems to be fraud all over the Net these days. The good news is online merchants have been putting up their dukes. According to a new survey by The Merchant Risk Council, a nonprofit group of 7,500 online merchants, financial institutions, and law-enforcement agencies, merchants have increased the use of tools deployed to combat online fraud by 13 percent compared to last year.

They're trying to combat fraud with address-verification systems (74%), customer follow-up (70%), card-verification codes (65%), negative files (55%), and real-time authorization (54%). While these numbers seem like a big improvement, many aren't doing much in terms of being proactive or preventative. Many also believe that fraudsters won't take long to catch up and crack in.

Julie Fergerson, co-chairman of the council and co-founder of ClearCommerce Corp., hit the nail on the head when she said, "I always call it the great arms race," she says, noting that the fraudsters are getting more sophisticated, too. She continued, "I firmly believe that merchants need to have a plan in place to keep up." As an example, she suggests keeping on staff a programmer who can craft code to address unanticipated attacks.

I've written about this before and many of you posted to the SPIN board. Some of you were quite candid by telling us you were scammed online. Well you are not alone; according to the National Fraud Information Center the average loss to consumers victimized by online fraud in the first six months of 2004 was $803. This is up from $527 in 2003 and $468 in 2002. Complaints to the center reached 37,183 in 2003, up from 36,802 in 2002. Online auctions generated the greatest percentage of complaints, at 28 percent; phishing attacks made up 5 percent of complaints.

Phishing is a term used to describe when fraudsters fake their identity to lure victims into submitting their personal details. For example, people using online banks and ecommerce sites have been victimized.

Phishing attacks are getting so big that a dedicated group has been formed. It's called the Anti-Phishing Working Group. It is an industry association that is dedicated to end identity theft and fraud via e-mail spamming. This group says phishing scams have increased on average by 25 percent per month in the United States for the past six months. Most scams lead to identity theft.

At a recent conference in Barcelona, the director for RSA Security Andrew Nash had a lot to say about this. He said businesses need to move their online customers toward a federated identity policy or security threats could bring people to lose confidence in trading.

"You're talking about hundreds of thousands of people who need to be authenticated," he said. "If we can't adopt quickly enough, the Internet will become known as a very unsafe place. People won't have confidence in it and (companies) will bail out, if not put their technology on hold," he continued.

He agreed that phishing was one of the biggest problems and that it most often leads to identity theft. He also said that it is difficult to moderate online identities. He warned that this might prohibit ecommerce activities.

I agree. How the heck can anyone authenticate online identities without prohibiting activities to online sales, music, and software downloads, etc. Heck it's hard to tell who a lot of people are on the SPIN board. Let's face it; we live in a land of screen names.

Do you think fraudsters will always get the best of us? Share your opinion with me on the SPIN board. In the meantime, we need to keep spreading the word and providing tips and tricks: Don't open e-mail from someone you don't know, use strong passwords (letter and number combos), don't store personal financial information on your computer, use a firewall, update virus software regularly, use encrypted sites when transacting online, look at the privacy policies on Web sites, and never send money to the whackos who say they are battered Nigerian women who need to wire money to your account to be saved.