Computer Crime Research Center


40 million card owners could be exposed to danger

Date: July 12, 2005

MasterCard's recent admission that 40 million customers could be affected by the lastest in a string of high-profile breaches has bankers scrambling to keep up with security threats.

When bankers refer to fraud publicly, it often comes off as if the theft does not involve human beings. But behind the recent spate of data breaches are people-on both sides of the problem. Want to make a CEO wince? Talk about fraud in real terms.

Consider the facts: Check fraud continues to be the major contributor to banks' fraud-related losses, but Internet fraud is gaining ground.

And identity theft rose 80 percent between 2002 and 2003-well before Citibank kicked off its advertising campaign on the subject.

Even more, insiders remain the major source of fraud. Bank of America and Wachovia recently notified 108,000 customers that their account information was stolen by employees and sold to a person posing as a collection-agency representative.

While phishing gets a lot of air time, overall losses from this Web-based fraud remain low relative to other types of fraud. As of January, reported losses were about $137 million. Expect these crooks to continue to hone their skills, particularly when it comes to Trojan horses and malware.

While consumers are wising up to the attempts to extract their confidential information via phishy e-mail, the likelihood that they'll detect a Trojan horse being dropped onto their system is slim. Once the door is open, it means access to systems and financial activities.

But Internet fraud overall is gaining momentum among crooks. The National White Collar Crime Center issued a recent report that examines all such activity in 2004. Among its findings: Internet auction fraud is by far the most reported offense, with 71.2 percent of complaints, while credit- and debit-card fraud make up 5.4 percent. Check fraud commanded the highest median dollar losses ($3,600), followed by Nigerian letter fraud ($3,000) and confidence fraud ($1,000). E-mail and Web pages were the primary methods for the activity.

And like it or not, repeated security breaches involving millions of customer accounts-including personal information such as names, addresses and Social Security numbers-are likely to contribute to some type of fraud or identity theft.

How plausible is it that Citibank's lost data tapes containing the personal information of four million customers won't lead to trouble down the line-long after customers affected by the security breach let their guard down? Or MasterCard's massive security breach? Fat chance.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo