I keep meaning to add new entries on here and have failed to do so for far too long… and so to kick things off again here is an item which I recently wrote for E-Finance & Payments Law & Policy:
What a year it has been and we are only mid-way through February! January saw the usual set of predictions from the likes of Deloitte, just aπ inch of snow brings the UK to a halt (once again), the ICO fine Sony £250k following the PlayStation network hack in April 2011, Twitter suffers a hack with 250,000 users affected, and I have decided to give up horse meat for lent.
I shook my head in disbelief when I read in DataGuidance that Sony intends to appeal the ICO fine. The hack against them was the 4th biggest of all time with 77 million compromised accounts, so I make that 0.32p per account. OK I am being a little unfair, after all the population of the UK is only 62.5m so clearly they were not all UK accounts but it puts things into perspective don’t you think?
Last month also saw the launch of the new EC3 (European Cybercrime Centre) at Europol. We have all known for a long time that cybercriminals act across multiple borders and jurisdictions which put individual LEAs (Law Enforcement Agencies) at a disadvantage, and the criminal gangs at an advantage. The new EC3 could prove to be highly beneficial in the co-ordination of investigations that cut across multiple EU states, and further afield with counterparts in the US and Russia.
A key challenge however will be in training and retaining specialist resources at the EC3. Specialist units in the UK have always suffered from this problem and just yesterday the National Audit Office warned that the number of IT and cyber security professionals has not grown in line with internet usage. Retention is the biggest issue for the likes of SOCA as key specialists are frequently poached by the private sector as they can often offer more attractive packages for such staff.
Cabinet office minister Francis Maude said that attacks on government departments ‘continue to increase’, and according to foreign secretary William Hague, computer systems supporting the London Olympics were attacked every day during the Games. It seems no organisation is safe or immune from attack.
I would like to think that 2013 will be the year that we finally sort out the problem of identity and authentication for online payments. The tools are actually available right now; there are some very cool new start-ups that offer a range of approaches to this thorny issue including:
- Social media network analysis and fingerprinting to reduce manual reviews for online retailers, enabling a greater level of confidence for both home based and international online transactions.
- The ability to create a verified online ‘passport’ which can be used to increase trust for online transactions, to prove ones age when making use of dating and gaming sites, or allow you to pass KYC checks when opening new accounts online.
- Biometric based authentication via webcams or smartphone cameras. This has obvious benefits for fraud prevention and for improving web based customer contact. Imagine being able to cross match facial images to prevent identity fraud across multiple organisations (yes this is possible right now!)
- Ability to secure your online credit/debit payments by asking the cardholder to wave their card in front of a webcam or smartphone camera.
Which solution(s) will prevail? Well, if I knew for sure then I would not be spending time writing this! I wouldn’t like to bet on any one single approach or vendor but if you want to get a head start on improving controls for the way you do business online then now would be a good time to investigate the latest tools and get a head start over your peers. Or, better still; collaborate with your peers to solve a common problem that impacts us all.
Just remember there are a lot of bad snakes out there, you don’t want to be the one who gets bitten!
About Darren Hodder
Darren is the director of Fraud Consulting Ltd, which was incorporated in July 2009 to provide vendor neutral fraud consultancy services to clients covering financial services, banking, telecommunications and insurance industries, both in the UK and internationally.
His experience ranges from working on single portfolio in-house solutions through to national fraud bureaux and data sharing initiatives. Prior to his current position Darren worked for Experian Decision Analytics (EDA) where he held various roles within the Fraud & Identity Solutions and Global Technology groups over a 10 year period.
Darren is an active member of the Fraud Advisory Panel, IAFCI and the ACFE. He is also a member of the editorial board for E-Finance & Payments Law & Policy published by Cecile Park Publishing.
Follow Darren on twitter: @FraudAssist