E-Commerce Security:

Preventing Fraud

By preventing

Identity Theft

 

Diane M. DuhéMay 6, 2012

E-Commerce and Internet Fraud

• As E-business continues to grow, the potential for exposure to threats also increases.

• As the threats become more damaging and/or widespread, “security” becomes critical.

• There are many types of security in place, however most internet credit card fraud occurs when an order was placed illegally, by someone other than the authentic cardholder.

Series10

1

2

3

4

5

6

7

8

9

E-Commerce GrowthExposure to Threats

What is Internet fraud?

• Internet fraud is a type of cybercrime.

• Transactions are committed by using deception, credit card information gained illegally.

• Occurs when an e-Commerce merchant is unaware that an order was not placed by, and will not be paid for, by the authentic cardholder.(3)

• When fraud occurs, a chargeback must be issued by the merchant.

• This means that the merchant incurs costs: must refund all the expenses, and pay an additional fee. (4)

How do identity thieves do it?

• Stealing checks, bank statements, wallets/purses, anything containing oersonal information

• Proffering phony offers via phone or email

• Creating realistic looking websites, that request information from the consumer

• The information is used to access bank accounts, obtain loans, or to use credit cards.

Merchants are negatively affected:

Merchants who accept credit cards online are subject to:

• Additional examination and processes that protect credit card information.

• Higher transaction fees to offset the cost of security

• More stringent shipping requirements

• Paying the cost of becoming and staying PCI compliant

• Being held responsible for any accepted fraudulent transaction.

•There are at least 25 current internet scams, including:

• Nigerian letter scam• Counterfeit checks • Credit or debit card fraud • Identity theft• Investment schemes• Online auction and other sales• Phony escrow• Pyramid or “ponzi” schemes (Fraudulent investment operations) (1)

Preventing Fraud

Existing Issues

• Privacy: information must be kept safe from unauthorized access.

• Integrity: information must not be altered or tampered with.

• Authentication: sender and recipient must prove their identities to each other.

• Non-repudiation: proof is needed that the message was actually received

There are many ways to implement security methods and practices. Examples:

• Creating and maintaining security policies (passwords, backups) , utilizing anti-virus/spyware, hacker protection, & firewalls,

• Fortified web servers, setting database security, and securing webpage content.

Despite this, Internet Fraud continues

The primary underly

ing

goal of a

ll secu

rity m

ethods

is to deter and prevent fraud!

Can empowering consumers with information and resources

for protecting their sensitive information, help to prevent

identity theft, and thereby lower internet fraud???

Method

Teach an Identity Theft Prevention class, consisting of visual presentation, class discussion, online interactive content, pre and post tests

Topics Covered:

• safeguarding personal information using the “Detect, Deter and Defend” method.

• How to identify spoofed email, phishing email

• How to use public WiFi safely

• How to use Social Networking websites safely

• Learning steps to take, if victimized

The pre and post test:

• 10 true/false questions, administered online via “QuizStar.com”

• Each question worth 10 points

• One attempt, given for pre-test

• One attempt for post test

• Pre test administered 5 days before Identity Theft Prevention class

• Post test administered one week after Identity Theft Prevention class

RESU

LTS

Pre Test Results

Question Analysis:

Futu

re W

ork