E-Commerce and Fraud
E-commerce, or electronic commerce, can include any type of transaction which requires electronic transmission of data. Fraud, in this respect, can include the most obvious type being online transactions, as well as a far range of other activities from the swiping of a stolen credit card at a grocery store to the electronic embezzlement of money by an employee within a company. E-commerce fraud is different than that of other specific industries or situations. It encompasses such a large span of industries, activities, and data types; it is a relatively new concern since the internet has become prominent In most households only within the past 15 years resulting in lack of education and security concerns for many users especially since verification of identity is difficult without face to face encounters. As with many types of fraud, E-commerce fraud targets the consumer as its primary victim, leaving many individuals at risk.
Fraud may occur within organizations as well as outside organizations; it can be perpetrated by a business, a consumer, or a person posing as someone they are not. Within an organization, management or employees can perpetrate a fraud. Since they are inside of the company, they have the advantage of being inside the company’s computer network, meaning they do not have to get through external security to access information. This type of fraud can compromise accounting information, company confidential data, or personal information relating to both customers and employees. Sniffing may be used to view data passing along the network, where an employee can gain access to a wealth of information which they are not authorized to access, and this data can be used for personal advantage.
Fraud from outside an organization can be perpetrated by consumers, hackers, or others who may pose as someone who they are not. This may include illegitimate vendors, organizations, or individuals, as well as consumers impersonating someone whom they have stolen identity from. As mentioned before, fraud in e-commerce has become such a great concern largely because of the inability to verify the identity and location of those who are dealing with each other, as well as security risks that may be not be recognized. Fraud outside organizations may or may not be against organizations, and the lack of education associated with risks is often the greatest opportunity presented to perpetrators.
Fraud outside an organization, but against an organization may include intrusion into their computer systems, but more often is related to identity theft, where a perpetrator has stolen someone’s identity to make purchases from another person’s account, open accounts with someone else’s name, credit, or social security number, or, a person may even impersonate another when legal trouble arises. Other types of fraud outside an organization can include illegitimate businesses, most commonly occurring in auction fraud where a person makes an auction sale and the consumer is delivered inferior goods or nothing at all. Web site hijacking occurs when a web page or site is created to resemble that of a legitimate business and consumers may be taken for payment or personal information believing that they are dealing with a well known organization, when in fact they are dealing with a third party who is attempting to fool an unsuspecting person; and the creation of bogus internet companies may also fool consumers into purchasing products from someone who does not have a legitimate business at all. They may have a full blown web site offering high priced electronics at unbelievably low prices, and when a payment is made, the unsuspecting consumer has compromised their personal information to be used by the fraudster for whatever purpose was intended by the web site operator, usually theft of data or money.
Other e-commerce frauds can include email scams such as Nigerian letter scams offering millions of dollars to a person who will help transfer funds out of Nigeria, other advance fee schemes where a person is promised a large sum of money for a small amount down, health insurance fraud may require individuals to supply insurance information in exchange for free medical equipment where insurance claims are submitted but equipment is not received, phishing attempts will pose as financial institutions or other accounts which suggest that the consumer “verify” personal information but it is not actually that purported organization which has sent the request, counterfeit prescription drugs may be offered at low costs and the drugs received are not the drugs promised and may cause serious health concerns especially with elderly, investment scams including pyramid schemes or letters of credit, and finally viruses or spyware that may be obtained through clicking on attachments or downloading free software. There are many others as well, but these seem to cover the most popular frauds.
This is a preview of the whole essay
How can these frauds be identified? How can they be prevented? What can be done if they occur? Many people ask these questions as they enter bank or credit card information into an order form. They proceed nevertheless, submit the order, make payment, and hope that all goes well and the goods will be delivered under the conditions promised. Symptoms of e-commerce fraud within an organization are the same as we have studied in chapter 5; however the other types are a bit different. Since those frauds regarding organizations are similar to those studied in class, I have focused on fraud targeting individuals or consumers, which ultimately affects merchants when this stolen information is used to make purchases with funds belonging to somebody other than the person making the purchase. The lack of education and safeguarding of information causes financial loss for consumers, merchants, investigative organizations, as well as other organizations that regulate anything which could be related to e-commerce. Symptoms for a merchant can be identified through fraud management tools and screening, and symptoms for an individual are many, and can often be identified before they has been defrauded, but unfortunately for both of these, identifying symptoms and discovering the frauds are too often discovered at the same time. Waiting until credit reports are damaged, bank accounts are drained, payments are disputed or purchases are not received as promised is not the best way to identify fraud. A person or merchant must understand the possible results of their actions and know where to turn if they become a victim of a fraudulent or misleading engagement, or other problems resulting from it. Many people understand that there are illegitimate businesses operating online with fraudulent intents, and they also realize that identity theft is a concern when giving out personal information. What many people don’t realize is that privacy can be hard to obtain if it is strongly valued, and security can be threatened in more ways than often anticipated.
“We offer Search Engine Optimization, Pay-Per-Click Advertising Campaigns, Technology Coaching, Email Marketing Campaigns, Site Statistics Software, Digital Video Services and Content Management Systems to ensure that our clients are on the leading edge of online marketing.”
It is unclear as to what information they are collecting or sharing, but the tracking and profile building of information regarding pharmaceuticals should not be in question. I also found multiple agencies that collect information and sell it such as :
“With over 14 million businesses and 200 million consumers at our fingertips, we have access to anyone and everyone you are looking to target for a fraction of the cost.”
This concerns me in the respect that personal information belonging to me, my family and friends, neighbors and co-workers is being sold, in bulk, in what seems like a dehumanizing way. The trouble with these examples is that this information can be purchased by those intending to defraud others, giving them ample information regarding interests and lifestyles of many individuals. This information can easily be used to present fraudulent schemes to those who would likely be interested.
Security becomes a concern when spyware retrieves personal information, or when a user provides personal information over an unsecured connection. This can lead to unauthorized access to accounts, identity theft, or unauthorized use of bank accounts or credit cards. When deciding to make a purchase or enter personal information anywhere online, it is essential that the user verify there is a secure, or encrypted, connection. Information that is passed across the internet can be intercepted and viewed by others if there is not valid security on the webpage. Entering information such as bank or credit card information, social security number, or passwords can put you at risk. Checking for https:\\ instead of http:\\ verifies a secure connection as well as the appearance of a closed lock on your web browser page. If you question the security of a web page is best not to release information. Calling the business and placing an order over the phone is often an option, and reduces the risks of interception. Payments made for purchases online should be made with a credit card whenever possible; this offers the best consumer protection. It should also be known that a reputable company will never ask for verification of account information via e-mail. If this request is received, information should not be provided.
When making a purchase online, the seller should be evaluated. If it is a business that you trust, you can feel safe placing an order, but when it comes to unfamiliar businesses or internet auctions, there may be cause for concern. Some of the best deals are found in these situations and it would be unfortunate to lose out on them because you just don’t know if it is safe. In the case of unknown businesses, confirm there is an actual physical address and phone number for the business. P.O. boxes should cause worry. Calling the phone number and speaking to a representative may help determine the validity of the business. Read any terms and conditions provided, including warranty liability, and any arbitration or suing restrictions. Look up online reviews of the seller, including a reliability report from the . If it is an internet auction, check ratings of the seller and read any comments posted. Auctions are a very common place for fraudulent activity, so if an offer seems too good to be true or the purchase is large take extra caution. Make sure in all online purchases you read all information available about the product so you know exactly what you are getting. In other words, don’t buy a camera that is an amazing deal because it doesn’t come with the $100 battery that it needs for operation. Check return and refund policies as well as shipping and handling prices. If this information is not provided, contact the seller before committing to the purchase. If everything checks out, print or save all information about the business and the transaction including address and phone number, terms and conditions, product and warranty information, anyone you may have spoken to or e-mails sent or received. Be sure to pay with a credit card. When you get the item, inspect it immediately to be sure there are no problems, and if there are, contact the seller immediately.
What happens when all does not go well? The Uniform Electronic Transactions Act (UETA) has established legal guidelines for electronic transactions. This gives electronic signatures validity and makes them enforceable as if they were paper signatures. Contracts for commerce are regulated primarily by Article 2 of the Uniform Commercial Code (UCC). If there is a violation of a contract, it should be reported to law enforcement immediately. If this problem is related to business, it can be reported to the Better Business Bureau at . If you were defrauded by a business, or made a purchase from a business that never existed, complaints can be filed with the FBI’s Internet Crime Complaint Center or IC3.
Unapproved spending on a credit card or bank account gets a bit more serious. In these cases, action must be taken immediately to prevent further charges. This should immediately be reported to law enforcement as well as one of the three major credit reporting agencies to place a fraud alert. Obtain a copy of your credit report and report any discrepancies immediately. Contact somebody within a security or fraud department for all personal accounts that may have been used or created and cancel them immediately. You will have to fill out forms for all disputed charges so they can be investigated. Putting a stop to identity theft early is the best way to resolve the problems. A complaint should also be filed with the FTC and submitted to the police department with which the original report was filed. Going through these steps and continuously checking credit reports for a significant period of time after these incidents will assist you in getting marks incurred permanently wiped off your credit report and will help you maintain your correct credit score.
The Fair Credit Billing Act makes credit card purchases the safest way to shop online. This federal law applies to all disputes pertaining to billing errors and unauthorized charges. It limits consumer responsibility to $50 and can include charges that were fraudulently made, charges for items that were not delivered as agreed, math errors, fees incurred through payments and credits that were not posted to the account, or charges posted with wrong amounts. The Credit Card Fraud Act is another form of consumer protection that expanded definitions of credit and debit cards to any "access device" which may also include account numbers. It recently increased maximum penalties and detailed harsh repeat-offender penalties. If the perpetrator is found, they will be liable for their actions based on state and federal statutes. Laws governing identity theft are generally governed by state, and have different names, degrees, and penalties.
The US Code has established laws regulating online conduct such as unsolicited advertisements, child protection, unfair or deceptive methods of competition, and interception of communications; however, there does not appear to be many in depth regulations when it comes to online purchases. Ultimately, using caution in choosing conduct in an online environment and ensuring proper security of personal data eliminate opportunity for fraud. As with fraud within businesses, opportunity is the easiest part of the fraud triangle to eliminate. Pressures and opportunities are impossible to control in a global atmosphere full of strangers.
Costs of e-commerce fraud are different depending on the situation. Costs to merchants include tools used to deter fraud, such as the Address Verification Service (AVS) which compares address input with the address listed by the card’s issuing bank. Money is still lost due to fraudulent payments, also presenting a cost to the company.
Costs to credit card companies who suffer from unauthorized use of credit cards and the Fair Credit Billing Act can be substantial, and may involve the loss of money as well as employee labor used to resolve the situation and lawyer fees when necessary. Losses an individual may suffer can be due to stolen funds in bank accounts or other fees incurred by someone who steals personal information. Thousands of dollars in lawyer fees may be required to rectify identity theft situations as well as the possibility of permanent damage to a person’s credit report. Fraudulent phishing scams or other schemes may induce sacrifice of personal information and loss of funds. Consumers may pay for products never received and be forced to eat the costs personally. Ultimately, the FBI recorded $183 million dollar loss to Americans in 2005 alone, with trends that expect to continue to increase.
2005_Internet_Fraud_Report. (2006, March). Retrieved 2/15, 2008, from National Internet Fraud Watch Information Center: http://www.fraud.org/2005_Internet_Fraud_Report.pdf
Cybersource Corproation. (2008, January). 2008 Edition Online Fraud Report. Retrieved 2/12, 2008, from www.cYBERSOURCE.COM: http://www.cybersource.com/resources/collateral/Resource_Center/whitepapers_and_reports/CYBS_2008_Fraud_Report.pdf
Federal Trade Commission. (2008, February). FTC Consumer Alert. Retrieved 2/12, 2008, from Going Shopping? Go Global! A Guide for E-Consumers: http://www.ftc.gov/bcp/conline/pubs/alerts/glblalrt.shtm
National Conference of State Legislatures. (2008, February). Identity Theft State Statutes:. Retrieved 2/20, 2008, from National Conference of State Legislatures: http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm
OnGuard Online.gov. (2008, February). OnGuard Online. Retrieved 2/12, 2008, from http://onguardonline.gov/spam.html
U.S. Department of Justice. (2007, March). Retrieved 2/12, 2008, from FRAUD STATISTICS:: http://www.straightshooter.net/fraudstats.htm
U.S. Department of Justice. (2008, February). common fraud schemes. Retrieved 2/12, 2008, from Federal Bureau of Investigation: http://www.fbi.gov/majcases/fraud/fraudschemes.htm#advance
Uniform Law Commission. (2008, February). Retrieved 2/19, 2008, from http://www.nccusl.org/Update/
www.fraudaid.com. (2007, December). Retrieved 2/13, 2008, from What is spyware and adware and what to do about it:: http://www.fraudaid.com/security_products/articles_information/spyware.htm#badguys