TechnologyAccounting SoftwareHow to foil the online fraudsters

How to foil the online fraudsters

Peter Dorrington, an expert in fraud detection and prevention measures at software developer SAS Institute, explains how online retailers should protect customer data and transactions

IT Week: As head of fraud prevention solutions at business intelligence software developer SAS, what do you see as the biggest problems for e-traders?

Peter Dorrington: According to statistics from the US-based National Consumers League for the first half of this year, the most common problem was online auction fraud, which made up 87% of all incidents. This was followed by general merchandise fraud and (hoax) Nigerian money offers. We do not have a reliable similar source in the UK, although I suspect that we are in the same position here.

A recent survey showed that most Internet merchants have been affected by online fraud in some way. Why are the numbers so high?

Internet merchants are vulnerable to the various forms of card-not-present fraud. These include stolen cards, which are on the decline; card number generators, which are peculiar to the Internet or call centres and are also beginning to decline; and the use of false identities or identify theft – where the fraudster takes over someone else’s identity to make a purchase, leaving the innocent victim to fend off the credit recovery agencies. This last type of fraud is dramatically increasing. Another reason why the levels are high is that many retailers have not implemented the kind of fraud-detection measures that the banks and bigger players have in place. Those can potentially spot a fraud as it happens.

What can retailers do to reduce the risk of fraudulent transactions?

They can use a number of measures to protect themselves. Initially, they should implement adequate security to protect sensitive customer information. Where substantial sums of money are involved, they need to verify details of the purchaser. Implementation of a fraud-detection system that can automatically indicate those transactions that are most suspicious, usually some kind of rules-based system, is also important.

And what steps should consumers take to guard themselves?

Consumers should protect their cards and any personal information that can be used to apply for a card in their name. For example, they should destroy ID-related information before putting it into the rubbish.

Should there be more collaboration among banks, retailers and payment systems providers, to develop standardised online payment models?

While supportive of measures that can prevent fraud, we have to recognise that these systems are only as good as the data they use. If data about an individual is wrong or outdated, it may disenfranchise them from doing business over the Internet. Also, all these verification systems are vulnerable when it comes to the original application for, and issuing of, the verification key. How do you tell that the person applying for the key is really who they say they are?

Will the introduction of smartcards help to reduce fraud?

Smartcards will dramatically decrease opportunistic fraud, but they are not infallible. For example, France has a smartcard and PIN system, but it still suffers from about 20% of the card fraud it originally had. An 80% reduction is excellent, but it is not 100%. As to online fraud, the problem will be the reader. Lots of online shoppers shop from home. Are we going to make them buy smartcard readers before we allow them to shop?

How are fraudsters likely to change their strategies and how should firms react?

Fraudsters constantly evolve their techniques, so it is impossible to predict where next they will turn up. There are an awful lot of them and relatively few of us. That said, we cannot afford to just give up. Businesses need to get to grips with the problem today, by becoming familiar with the common forms of fraud and appropriate countermeasures. Firms should also keep themselves educated by working with a good vendor and joining appropriate self-help bodies.

ABOUT PETER DORRINGTON

  • Peter Dorrington is head of fraud solutions at business intelligence software developer SAS Institute UK. His role focuses on helping organisations to detect and prevent fraud and money laundering.

Dorrington has more than 20 years’ experience in IT. He was originally sponsored as a systems designer by the Science & Engineering Research Council, where he spent a number of years working with advanced computer systems.

Before joining SAS, Dorrington was a principal consultant with a European IT services consultancy.

Related Articles

5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
Finance and the tech foundation: what’s needed to deliver impactful business insights?

Accounting Software Finance and the tech foundation: what’s needed to deliver impactful business insights?

3m Workday | Sponsored
Best accounting software for businesses in the UK

Accounting Software Best accounting software for businesses in the UK

3m Accountancy Age, Reporters
Making sense of enterprise tech concepts for finance teams

Accounting Software Making sense of enterprise tech concepts for finance teams

4m Workday | Sponsored
Open Banking: what you need to know

Accounting Software Open Banking: what you need to know

4m Edward Berks, Xero
Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

6m Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

10m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

10m Alia Shoaib, Reporter