E-fraud costs retailers millions

Internet fraud will cost US on-line retailers $500 million this Christmas, as fraudsters devise more sophisticated scams to obtain credit card information.

Research firm Gartner said on Wednesday that an estimated $160 million will be lost this holiday season to fraud and approximately $315 million will be lost in sales due to suspect transactions.

Gartner said its survey found that on-line merchants did not think they were getting the help they needed from credit-card issuers to prevent fraud. The company advised on-line merchants to use real-time checks to look for fraudulent activity based on patterns of fraud abuses. The research firm said that suspect transactions should be weeded out for manual review and money for chargebacks should be collected from card issuers.

The warning follows a steady stream of reports over the last few months of US-based fraudsters targeting eBay and Amazon users with increasingly sophisticated credit card scams. This week, Ebay customers were targeted by fraudsters who sent e-mails to asking them to log on to a fake Web site - ebayupdates.com - that appeared to be related to eBay's official site. They were then asked to resubmit their financial details.

These scam e-mails often tell recipients that someone has tampered with their account or that some unspecified fraud is suspected. The e-mail then tells the recipient to click on a link leading to a site where visitors can enter or change their username and password.

The issue is further complicated by the fact that eBay is sending out its own share of legitimate appeals, urging some users whose accounts have been tampered with to change their passwords, thus leading to confusion.

However, fraud activity in Europe and Ireland is still largely off-line and any on-line credit card fraud does not approach anywhere near the levels of elaboration and sophistication of that in the US, said Denis Cody, vice president at Irish payment security firm Orbiscom.

Credit card transaction software supplied by Orbiscom has a facility that generates a substitute credit card number exclusively for payment on individual Web sites that the customer visits, which includes a set credit limit. In other words, if the substitute number falls into the hands of a fraudster who hacks a Web site used by the customer, the amount of potential damage is limited.

"I would certainly agree that credit card companies need to do more to prevent fraud," added Robert Burke, an engineer with on-line security firm Zerflow. "Its important for people to feel secure about buying products when they go on-line."

While Internet users in Europe were considerably more reticent at the beginning when it came to making purchases on-line, there has been a considerable increase in such purchases, said Burke. "Before people were buying inexpensive, conservative things like books, DVDs, and CDs, but now they're pushing the boat out more towards expensive purchases."

Burke said that his company has conducted audits on Web sites that were so insecure and penetrable that malicious hackers could easily find algorithms that would allow them to generate credit card numbers. Another example of lack of basic security found by Zerflow was users going onto a secure site to enter their credit card number only to find that the hosts have forgotten to turn off the auto complete function, thus exposing their numbers. © ENN