Top Strategies to Combat Online Fraud

By Courtney Macavinta

In 2007 alone, Internet users reported losing nearly $240 million to online fraud -- a $40 million increase from the previous year, according to the Internet Crime Complaint Center (IC3), a joint operation between the Federal Bureau of Investigation and the National White Collar Crime Center. Overall, the IC3 received 206,884 complaints last year, and more than 90,000 were referred to law enforcement around the nation.

The IC3 states that Internet auction fraud was the most widely reported complaint, as well as credit or debit card fraud. To be sure, these days online fraud can include a wide range of activities including exploitation of online banking and e-commerce sites and customers as well as spamming or denial of service (DoS) attacks, where there is no direct financial gain for the perpetrator, but the victim’s service or corporate reputation is harmed. Moreover, fraud is now conducted in minutes, leaving enterprises little time to respond with damage control measures.

And it’s not just money that perpetrators are after. The threat could be much larger, says Geoffrey Turner, senior analyst for Forrester Research Inc. and lead author of the February 2008 report Countering Online Fraud Globally. Turner says online fraud could also be used as a tactic by adversaries to cripple a nation’s economy.

“As the online fraud economy gets ever more sophisticated and organized, it becomes a question of whether it's motivated by just economic incentives or other incentives such as a covert arm of foreign governments who are looking to cause harm,” says Turner.

Amid these growing threats, the pressure is on CIOs -- especially those in industries such as financial services and e-commerce -- more than ever before. CIOs need to deploy counter-fraud measures to protect their company and customers. Here are some of the measures CIOs can take to thwart online fraud:

Counter-measure No. 1: Assess and improve authentication
Turner says one of the biggest areas where enterprises need to up the ante on security is authentication. “Identity theft is a huge problem and the root of all online fraud,” he says. “Ultimately online fraud is of the magnitude it is now because we have a poor capability to know who’s who.”

Currently many financial institutions and online businesses do go beyond password-based authentication and use additional techniques such as challenge responses. “It's the poor basis we have for managing identity in the online environment -- that’s where we're always going to be vulnerable to cracks in the system, both human and technological,” he adds. To improve authentication processes, Turner says CIOs should investigate emerging authentication technologies such as biometrics and smart cards, along with taking more advantage of public key cryptography.

Counter-measure No. 2: Increase your fraud intelligence
Before deploying a new technological measure, the key is for CIOs to lead the way to take stock of their current online authentication processes and determine if fraud risks justify adding more layers of sophisticated measures. On top of that, the Forrester report advises that they need to take steps to determine where and when online fraud can impact their operations and customers. CIOs can also “consider whether the level of risk to your organization necessitates preventing fraud rather than recovering from it, and whether fraud intelligence would be an effective means for achieving preventive capability in your monitoring and analytic systems.” And once anti-fraud processes and technologies are in place, it’s essential to have an auditing system in place to measure their ongoing effectiveness and whether they are keeping pace with new threats.

Counter-measure No. 3: Know your ROI
Belt-tightening and a focus on revenue-generating business strategy is already driving CIOs to evaluate the ROI of any investment they make. When it comes to investing in online fraud prevention, CIOs should first concentrate on risk-driven security controls, Turner advises. “Rather than put all the expense on the front edge, you do it based on the level of risk of the transaction,” he says.

As a final word of advice, Turner also says CIOs should look to how government agencies are bolstering online security. “The more strategic security exploration is being done by governments," says Turner. "CIOs need to be aware of what the government is doing to see what can be leveraged in the private sector.”

 

Courney Macavinta is a business and technology writer based in Silicon Valley. Her articles have appeared in CNET News online, Business 2.0, Inc. online, Red Herring, Wired News and The Washington Post. She is also the managing editor of The Online Family.