[ISN] Secret hackers to aid war on internet fraud
wk at c4i.org
Mon Apr 5 02:02:48 EDT 2004
April 05, 2004
By Joe Morgan
FEARS that small online retailers are the weakest link in the fight
against internet fraud have prompted MasterCard, the global payment
scheme group, to set up secret teams of hackers to test security
systems in the sector.
The Times has learnt that the project, named Site Data Protection
(SDP), will go live in May and will target online outlets that fail to
comply with appropriate levels of internet security. SDP teams will be
recruited by the banks that have relationships with online merchants
whose systems do not come up to scratch.
Brian Morris, head of e-business solutions at MasterCard, said that
while large online retailers had robust internet security systems,
small and medium-size enterprises (SMEs) "could benefit from the
Organised criminal gangs are increasingly hacking into the systems of
online retailers and stealing subscribers' credit card and personal
details. The information can then be used to commit "card-not-present
fraud" - fraudulent buying of goods and services from a remote
location, usually by phone or via the internet.
Card-not-present fraud is thought to be one of the world's fastest
growing crimes. Stolen personal details have also been used by gangs
to commit "phishing", sending fake e-mails purporting to be from a
bank or retailer to cardholders to trick them into revealing bank
account details. MBNA and Barclays were recently victims of phishing.
Mr Morris said: "This initiative will help a lot of merchants.
Websites will be tested to see if firewalls are secure enough and
backdoor and trapdoor areas are not susceptible to hackers. We will
also test all routes in and out of sites."
He said that the cost of the services would be determined by the
banks. Medium-size retailers' exposure to fraud could also rise
dramatically following this year's nationwide roll out of chip and
PIN, a new anti-fraud initiative pioneered by the banks. While large
retailers benefit from economies of scale in upgrading to the new
checkout terminals, where customers pay using a four-digit number,
smaller businesses find the costs a heavy burden
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
Help C4I.org with a donation: http://www.c4i.org/contribute.html
More information about the ISN