American E-business Struggles with Global Fraud

Forty percent of U.S. credit card fraud traced to handful of criminals from just five foreign countries; risk of punishment not a deterrent

A whole range of legislative measures has been taken to detect and prevent the activities of those members of the American computer underground who are seeking financial gain. In spite of this, the number of incidents connected with fraud and other criminal activity in the sphere of electronic business continues to grow, as recent events in the American e-business world bear witness.

Credit card operations remain of prime interest to those committing fraud, and the vast majority of those involved are usually located thousands of miles from the scene of the crime. According to analytical data provided by research firm Cybersource, approximately 40 percent of credit card fraud in the U.S. is committed by those from the former Yugoslavia, Nigeria, Rumania, Pakistan, and Indonesia. On-line operations made by émigrés from these countries are, more often than not, illegal. Criminals living in the former Yugoslavia, for example, make approximately 13 percent of all fraudulent on-line transactions. American citizens account for only 1.7 percent of such illegal activity.

Such depressing figures mean that on-line businesses are starting to reject transactions made by residents of other countries, offering their services only to U.S. citizens. The growth of cyber-crime means that any on-line transaction is now 300 percent more likely to be fraudulent than a transaction made to to three years ago. As yet, no effective measures to combat Internet fraud have been taken.

There’s a simple way for businesses to defend themselves against such crimes—by blocking computers from specific countries from accessing the site. However, such methods are fruitless if fraudsters attack users’ computers in other countries and then use these machines to place orders. According to a representative of CardCops.com, a company specializing in monitoring fraudulent credit card transactions, many Internet fraudsters won’t even attempt to place an order from east European countries such as Byelorussia—they know that such countries have been blacklisted. Instead, they locate proxy-servers in other countries. The result: it looks as though the person making the transaction lives in the country where the proxy server is located.

Criminal activity on the Internet is now so widespread even the biggest and best-known Internet traders have been affected. The trial that recently began in Nashville, Tenn. clearly reflects this trend. Jacob James Bornick was indicted by the Davidson County grand jury for felony theft: he had used eBay, the Internet auction site, to sell 660 non-existent lots.

The Nashville trial is the first legal action taken in the U.S. in connection with Internet fraud, and looks to be a major action. It is alleged that between May and September, Bornick managed to sell non-existent goods, most of them sports souvenirs, amounting to $22,800. Victims came from 48 American states, the District of Columbia, Puerto Rico, Canada, Australia, Italy, Brazil, and England.

Whatever the verdict in the case, it’s clear that cyber-crime is so profitable that the risk of being detected and punished is not a deterrent. A Welsh court recently sentenced a 33-year-old Nigerian, Peter Okoeguale to 20 months in prison for his part in a 419 scam, among the most notorious and most widespread type of cyber scams. Messages are mass mailed in the name of a highly placed government official of one of a range of African countries, announcing that an extremely large amount of money is being held in a bank account. The message then goes on to explain how this money can be transferred out of Africa, and promises a substantial commission to anyone who helps. All that has to be done to receive the commission is to make a “small” advance payment. Once the victim has paid several thousand dollars, the self-styled government official disappears, taking the victim’s money and the promised commission with him.

The legal actions cited above unfortunately remain the exception rather than the rule. The architecture of the modern Internet means that any criminal can remain undetected, as long as he or she is knowledgeable about programming and network technologies. By manipulating IP addresses, using computers which have been zombiefied by Trojans, and other people’s bank details, criminals cause both material damage and also damage which is financially unquantifiable, significantly affecting the e-business industry as a whole. It may well be that the near future will see a decline in e-business, as both customers and investors become unwilling to take the risks involved in doing business on the Internet.

About the Author

Eugene Kaspersky head of Anti-Virus research at Kaspersky Lab. He is a member of the Computer Anti-virus Researchers' Organization (CARO), among whose members are the world's leading anti-virus experts.