TechnologyAccounting SoftwareHow to foil the online fraudsters

How to foil the online fraudsters

Peter Dorrington, an expert in fraud detection and prevention measures at software developer SAS Institute, explains how online retailers should protect customer data and transactions

IT Week: As head of fraud prevention solutions at business intelligence software developer SAS, what do you see as the biggest problems for e-traders?

Peter Dorrington: According to statistics from the US-based National Consumers League for the first half of this year, the most common problem was online auction fraud, which made up 87% of all incidents. This was followed by general merchandise fraud and (hoax) Nigerian money offers. We do not have a reliable similar source in the UK, although I suspect that we are in the same position here.

A recent survey showed that most Internet merchants have been affected by online fraud in some way. Why are the numbers so high?

Internet merchants are vulnerable to the various forms of card-not-present fraud. These include stolen cards, which are on the decline; card number generators, which are peculiar to the Internet or call centres and are also beginning to decline; and the use of false identities or identify theft – where the fraudster takes over someone else’s identity to make a purchase, leaving the innocent victim to fend off the credit recovery agencies. This last type of fraud is dramatically increasing. Another reason why the levels are high is that many retailers have not implemented the kind of fraud-detection measures that the banks and bigger players have in place. Those can potentially spot a fraud as it happens.

What can retailers do to reduce the risk of fraudulent transactions?

They can use a number of measures to protect themselves. Initially, they should implement adequate security to protect sensitive customer information. Where substantial sums of money are involved, they need to verify details of the purchaser. Implementation of a fraud-detection system that can automatically indicate those transactions that are most suspicious, usually some kind of rules-based system, is also important.

And what steps should consumers take to guard themselves?

Consumers should protect their cards and any personal information that can be used to apply for a card in their name. For example, they should destroy ID-related information before putting it into the rubbish.

Should there be more collaboration among banks, retailers and payment systems providers, to develop standardised online payment models?

While supportive of measures that can prevent fraud, we have to recognise that these systems are only as good as the data they use. If data about an individual is wrong or outdated, it may disenfranchise them from doing business over the Internet. Also, all these verification systems are vulnerable when it comes to the original application for, and issuing of, the verification key. How do you tell that the person applying for the key is really who they say they are?

Will the introduction of smartcards help to reduce fraud?

Smartcards will dramatically decrease opportunistic fraud, but they are not infallible. For example, France has a smartcard and PIN system, but it still suffers from about 20% of the card fraud it originally had. An 80% reduction is excellent, but it is not 100%. As to online fraud, the problem will be the reader. Lots of online shoppers shop from home. Are we going to make them buy smartcard readers before we allow them to shop?

How are fraudsters likely to change their strategies and how should firms react?

Fraudsters constantly evolve their techniques, so it is impossible to predict where next they will turn up. There are an awful lot of them and relatively few of us. That said, we cannot afford to just give up. Businesses need to get to grips with the problem today, by becoming familiar with the common forms of fraud and appropriate countermeasures. Firms should also keep themselves educated by working with a good vendor and joining appropriate self-help bodies.

ABOUT PETER DORRINGTON

  • Peter Dorrington is head of fraud solutions at business intelligence software developer SAS Institute UK. His role focuses on helping organisations to detect and prevent fraud and money laundering.

Dorrington has more than 20 years’ experience in IT. He was originally sponsored as a systems designer by the Science & Engineering Research Council, where he spent a number of years working with advanced computer systems.

Before joining SAS, Dorrington was a principal consultant with a European IT services consultancy.

Related Articles

Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

2w Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

5m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

5m Alia Shoaib, Reporter
UK behind foreign markets in digital accounting, but gap is narrowing

Accounting Software UK behind foreign markets in digital accounting, but gap is narrowing

7m Alia Shoaib, Reporter
The rise of the progressive accountant

Accounting Software The rise of the progressive accountant

7m Emma Smith, Managing Editor
Making Tax Digital: Revolution or revolt?

Accounting Software Making Tax Digital: Revolution or revolt?

8m Emma Smith, Managing Editor
Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

Accounting Software Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

8m Emma Smith, Managing Editor
Four reasons why SME owners should switch to cloud accounting

Accounting Software Four reasons why SME owners should switch to cloud accounting

9m Emma Smith, Managing Editor