How serious is Internet fraud? To quote Verisign, a company that delivers critical infrastructure services that make the Internet and telecommunications networks more intelligent, reliable, and secure, “The threat of online fraud is so pervasive that the government has begun mandating security requirements for businesses that handle financial information online.” Although currently such regulations only apply to the banking community, e-commerce businesses access the financial networks for each transaction made on their website. Thus, security at the point of sale is an increasing concern for not only governments, but also for credit card associations.
These sobering figures show how prevalent Internet fraud has become:
Gartner Group estimates that fraudulent transactions make up 1.06% of total online transactions versus only .06% of offline transactions. Gartner also estimates that in 2003 alone, online transaction fraud will reach $1.8 billion.
The FBI reported that in 2002 Internet fraud complaints tripled from the year before; and, sadly, 2003 complaints are above the level reported for the same time period in 2003.
Although any e-commerce site can be at risk and a single fraud incident may be serious enough to put a merchant out of business, some websites are at greater risk for certain types of fraud than others. Some of the higher than average risk categories include e-commerce sites that:
There are steps you can take to significantly reduce your exposure to fraud. These steps are separated into three levels: the individual transaction level, the account level (i.e. protecting access to your payment gateway account), and the network level. However, to protect your business from fraud, you must address each of these levels in an integrated manner.
Transaction Level. This is where you ensure that each transaction you process is a valid transaction. To do this you must authenticate the customer and screen order for fraud patterns.
Account Level. At this level you ensure that only authorized users have access to your payment gateway account. Also put in place a system whereby you can be alerted for suspicious account access patterns. For instance:
Network Level. This is where you ensure your network or “perimeter” is defended against unauthorized access. As described in this chapter’s “Common Website Security Measures” section, protection at this level includes: