Banks and retailers need to be able to share more information so they can fight back against Internet fraudsters.
UK payments industry body Apacs has warned that data protection laws are hindering data sharing which could alert banks and retailers to fraud attempts.
Riten Gohil of the fraud control division at Apacs told ZDNet UK sister site silicon.com: "The difficulties are that there are lots of antiquated data protection laws that make domestic data sharing hard and beyond [national] boundaries it's even harder."
He added: "It's a real barrier. It's one of our big challenges — the criminals don't have human rights laws and don't have the same restrictions that we do."
The successful implementation of chip and PIN has left fraudsters looking for easier targets — such as card-not-present fraud — using stolen cards online or over the phone. As a result Apacs is looking to build awareness of anti-fraud initiatives such as verified by Visa but is also looking at the rollout of two-factor authentication technologies across the industry — but these aren't likely to be widely available until 2007.
Gohil said fraudsters are learning new types of fraud as the banks tighten their defences: "[Criminals'] education is improving as much as anyone else's. We are talking about a global phenomena here — information is a hot commodity for the criminal these days."
Katherine Hutchison, director of retail products and strategy at payments company eFunds warned: "Ecommerce is the weakest link because you can try [frauds] over and over again and you probably won't get caught or even detected."
She said a fraud industry has developed where specialists trade skills and information to attack weaker targets.
Hutchison added: "It's become this cottage industry where they sell each other their goods and services. You used to have to be able to do it all. In the last year they've broken out of that model and they are starting up an underground industry and selling services to each other."
Talkback
The situation requires a reconciliation of privacy rights on one hand and securing sound law enforcement on the other. The privacy rights must neither be taken too lightly as to cost the valuable data and nor they should operate as a veil for hiding the criminals. Once it was quoted that “on Internet none knows you are a dog”. This problem of anonymity along with a sound knowledge of the Internet environment by the offenders makes the tracing of these offenders very difficult. Thus, privacy laws must be given a logical shape. There are reasonable restrictions upon every right and no right is absolute in nature. This equally applies to privacy rights. Thus, as a balancing act, the law enforcement machinery must be in a position to get the relevant information from the banks particularly if a ‘warrant’ to that effect has been issued by a court of competent jurisdiction. On the technical side, the banks must use the latest technologies and ensure proper safeguards to prevent violations through Internet. At the legislative level, the State can make laws that allow defensive mechanisms to be adopted to take care of such violations. Finally, there is nothing that restricts the courts to give an updating, ongoing and purposive interpretation to the existing privacy laws so that a just situation can be ensured.
http://www.blogger.com/profile/8339811
I don't go along with the article. I'm afraid its all too easy to blame the privacy laws. They do not have effect to protect the criminal. But they do protect the rights of the innocent against loose procedures. In any event this issue diverts the focus of attention away from the Banks' primary duty in relation to its own security. No amount of privacy laws will make the task any harder than it already is.
Graham Ross
www.TheMediationRoom.com
Online Dispute Resolution