“As the countdown to Christmas continues”, explains Mark Reeves, a senior vice-president at Entrust, “the Media in Retail Group predicts that in the UK £3.72bn will be spent online over the next two weeks. Online sales offer convenience and the chance to track down some great promotions and deals; but”, he adds, “shoppers need to be vigilant to ensure the web experience is as secure as possible.”
There are three prongs to our annual defence against the fraudster: the user, the company and the State. Firstly, we all need to be more vigilant. “It’s important for users to know how they can distinguish a legitimate website from a fake one. For example, the green bar in the address indicates an independently verified site; also, respectable organisations will display the site seal of their SSL certificate provider either on their home page or during the checkout process.”
Secondly, Reeves points to the need for companies to stay on top of the explosion of BYODs (bring your own device) in the workplace. With this “blurring between corporate and personal use of devices, it’s crucial for CISOs to keep on top of who is accessing the corporate network, and how they can put appropriate security in place to buff up the basic infrastructure.” He points to the use of behavioural fraud monitoring, out-of-band transaction verification, and mobile transaction verification as new technologies that will help both company and staff avoid the fraudsters.
Thirdly we have the role of the State; and few would object to law enforcement taking a more active role in closing down the bad guys. In the UK, the Serious Organized Crime Agency (SOCA) instigated a debate with Nominet, the .uk top level domain registry, with a view to making it easier to remove illegal and fraudulent websites. In November, the Metropolitan Police announced the take-down of 2000 fraudulent sites, commenting “Online shoppers are less likely to fall foul of internet fraudsters this Christmas after more than 2,000 fraudulent websites were suspended following action by the Met’s Police Central e-Crime Unit (PCeU).”
In the USA, the FBI has an ongoing project with the U.S. Immigration and Custom Enforcement's (ICE) Homeland Security Investigations, the National Intellectual Property Rights Coordination Centre, and the U.S. Department of Justice: ‘Operation in our Sites’. The purpose is the active removal of fraudulent websites; and on Cyber Monday it conducted a raid that took down 600 sites – and raised a few eyebrows. Entrust’s CTO, Jon Callas, warns that law enforcement should not become over-zealous. “In the past, a number of luxury goods makers have not only gone after true counterfeiters, but also vendors that sell what we'd more properly call 'outlet goods,' which include factory seconds and overstock items. They have also targeted broad sellers such as eBay.
“The timing of the raid would make sense if there was a public safety issue associated with the sites. But babies aren't dying because of fake Chanel products. This looks more like a raid timed to make a point rather than exercise the due process of law. The counterfeiters need to be shut down, there's no doubt about that. But the true criminals have the wherewithal to have backup plans with other domains and web sites waiting in the wings to take over once some are taken over. The ones who truly suffer from a wide dragnet of 600 sites are the honest outlet stores that get caught up in the ire of the luxury labels.”