Card fraud denting surfers' confidence

Click to follow
The Independent Online

The experience of Powergen last week shows that internet fraud remains a major problem in e-commerce. The electricity generator was forced to close its website and launch a review of its security systems after customers' bank details were accessed by an customer attempting to pay his bill online.

The experience of Powergen last week shows that internet fraud remains a major problem in e-commerce. The electricity generator was forced to close its website and launch a review of its security systems after customers' bank details were accessed by an customer attempting to pay his bill online.

The innocent surfer unearthed the names, addresses and debit card details of 7,000 customers, which were stored in an unsecured directory file. As a result, Powergen had to urge 2,500 of its bill payers to change their card numbers as an additional security measure.

Scare stories like this are the reason credit card fraud is regularly listed as the main deterrent for shopping and banking online. And they crop up with alarming regularity. For example cdUniverse, an online CD retailer, had credit card numbers stolen and used from its site and was faced with a blackmail demand of $100,000. And Visa, the credit card group, was hit by a blackmail demand for $10m last December. The case is in the process of coming to court.

Other organisations, from Cardiff City council to the Cabinet Office, have seen hackers break into their sites and make unauthorised alterations. Cardiff City Council, for example, once found its site adorned with the message: "You are all sheep - sheep I tell you."

How big a problem is it? According to the Association for Payment Clearing Services, internet fraud accounted for 2 per cent of total card losses last year, the first time it has compiled the figures. That equates to £3.7m. But Apacs itself admits the data is sketchy and adds that there are few worldwide figures available.

The DTI's Information Security Breach survey earlier this year showed that 17 per cent of companies engaged in e-commerce failed to take any security issues into account before buying or selling over the internet. According to Insight Consulting, a Surrey-based internet security group, part of the problem is that many companies are rushing their e-commerce strategies to such an extent that security issues often get overlooked. And even though the fraud figures appear relatively small, the bad publicity alone is enough to dent consumer confidence.

An added issue is that consumers are often their own worst enemy when it comes to online buying. According to a new study by Visa, two out of three PC codes can be easily cracked by "the man in the street". Almost half of internet users choose either their birth date, nickname or favourite sports team or pop star as their security code word.

Worse, over a quarter using these passwords admit to using the same one to access their on-line bank details. And one in five people use the same word as their e-commerce shopping security code. The bottom line is that two thirds of passwords can be easily cracked with even the most basic knowledge about a person, even guesswork, Visa says.

Under the Consumer Protection Act, credit card holders are only liable for the first £50 of any fraud and even this is often waived by the bank. However, the very thought of someone filching your credit card number off a web site and going on a wild spending spree is enough to put many consumers off.

Of course there are a wide variety of security measures that are being developed to combat online fraud including address authentication procedures and improved encryption technology.

Visa, which has an obvious vested interest in assuring consumers of the web's safety, is working on a new secure e-commerce initiative which it claims will reduce internet transaction disputes by up to 50 per cent.

The problem is that every well-publicised security breach puts the frighteners on a fresh wave of would-be online buyers.

Staying power

Technical glitch alert at lastminute.com. Some visitors who had signed up as lastminute subscribers have apparently found it impossible to remove themselves from the register. Lastminute has acknowledged the problem with an e-mail to one subscriber saying: "We apologise for the unsuccessful attempts you have made to unsubscribe. We were having some technical inconsistencies with this function and have addressed them urgently."

Could this have led to a slight inflation of subscriber numbers?

Lastminute claims not. It says only 50-100 subscribers have contacted the company about this problem, though it is possible that many other sufferers never bothered to complain. New subscriber figures are due next month.

Jargonbusters

Single Digit Midget: American stock market slang for internet companies whose share prices have slumped below the $10 mark. Examples include CDNow, snapped up by Bertelsmann last week for just $3 a share.

Dumb money: funds invested by both venture capitalists and private investors in the internet's pre-shake-out heyday. That dumb money just isn't there any more.

Comments