homepage Welcome to WebmasterWorld Guest from 54.204.231.253
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
Identity theft more prevalent offline than online
ergophobe




msg:648041
 4:51 am on Feb 20, 2005 (gmt 0)

Headline: New Research Shows That Identity Theft Is More Prevalent Offline with Paper than Online

SAN FRANCISCO, January 26, 2005 - The 2005 Identity Fraud Survey Report - released by the Better Business Bureau

[bbb.org...]

A recent study form the Better Business Bureau shows that only 11.6% of identity fraud are computer crimes. Most result from stolen wallets or from friends and family who have access to personal information.

So trust Amazon, but not cousin Larry!

 

Essex_boy




msg:648042
 10:11 am on Feb 20, 2005 (gmt 0)

I have a problem here in Colchester - someone goes through the bin bags and take personal papers.

bank and credit card statements, I think teh press push teh inline side of things due to its unknown nature, just another variation on the big bad web.

1milehgh80210




msg:648043
 10:21 am on Feb 20, 2005 (gmt 0)

"11.6% of identity fraud are computer crimes"
The amount of money that changes hands online is still a fraction of that offline.
Plus one hacker or phishing scheme could potentially steal thousands of id's. (hard for a dumpster diver)

Of course it sucks to be a victim no matter how you were victimized!

ergophobe




msg:648044
 4:37 pm on Feb 20, 2005 (gmt 0)

You're definitely right that there are a lot of uncontrolled variables in those numbers.

- relative numbers of transactions, as you point out (though keep in mind that computer fraud includes ATM fraud and is not just internet commerce; online transactions only account for about 2-3% of fraud in this study). That does make it hard to evaluate relative risk.

- the numbers concern only those who ultimately figured out how the attack happened. It's not clear to me how that would skew the numbers.

- one category is "online transaction" which could overlap with the category where information is misused by and individual at the company who obtained it.

On the second point, though, it doesn't matter whether phishing attacks can net thousands at once or not. What matters is your exposure to risk.

Every plane crash front page news. Since the numbers involved at once are (or can be) large, it tends to dominate our attention. Strangely, though, this is even true for plane crashes that only kill 20 or so. Meanwhile, a full 747 worth of women are killed by their boyfriends and husbands every month, generally without major headlines, while roughly a 747 full of people are killed on the highways every three or four days. Sure, lots more people are driving or have husbands and boyfriends at any time, but that's sort of the point - we tend to not fear that which is comfortable and familiar, regardless of the true risk (this is also one of the major factors in avalanche fatalities - people tend to be skiing/snowmobiling slopes they've done before).

Of course, because of problems with the data just mentioned, the analogy does run into trouble. We know that adjusted for relative exposure, the per hour risk from flying on a commercial aircraft is lower than the risk of driving in a car, so we can categorically say that the obsession with aircraft accidents is irrational. Since we don't have good control data, we can't make the same sorts of conclusions from the BBB study. It may in fact be the case that online transactions are more dangerous.

What I think is interesting, though, is that there is still a prevalent fear of giving out CC numbers online even on the part of people who otherwise hand out their CC willingly at grocery stores and gas stations and throw out their bank statements and tax information without shredding them. Even if e-comm is slightly less safe (and that's just for argument's sake), for most of these people the exposure to risk is far higher through other channels, yet the fear is lower. There is a disconnect there. Despite the problems already noted with the data, the BBB study is a means of answering those fears in a way similar to the transportation risk data. Unfortunately, crime statistics are notoriously hard to get good controls for, so we can never expect the same sort of quality as transportation data.

The main point, though, is that if people want to reduce their risk, the answer is to be careful who gets their CC number, online and off, and that means checking for an SSL connection and scanning for spyware, as well as shredding statements and keeping track of their wallets.

For those folks who depend on e-comm revenue (not me actually) and have to face skeptical customers, it is also useful information to allay the fears of customers and I think justifiably. Personally, I trust Amazon to handle my credit card info more carefully than I trust a given waiter who I don't know either and who dispappears into the back with my CC for 10 minutes.

Where I think the mass attack scenario is worrisome is when you're looking at it from the standpoint of a company who might be liable for thousands of compromised CCs as a result of lax security on your site. That is a legitimate concern, because there one attack has the chance of destroying a business. However, many businesses have been destroyed by fraud on the part of one bad employee as well. Security needs to be comprehensive.

walkman




msg:648045
 6:38 pm on Feb 20, 2005 (gmt 0)

just bought a nice cross-cutting shredder. CIA might figure it out what the page was, but definitely not worth for the average crook.

yosmc




msg:648046
 11:17 pm on Feb 21, 2005 (gmt 0)

The headline on the front page is wrong - if 11.6% or fraud are online and the rest are offline, then online identity theft is a whopping 13.2% of offline!

Not that it matters, but if I hadn't posted it, somebody else would have. ;))

pendanticist




msg:648047
 7:22 am on Feb 27, 2005 (gmt 0)

It does not help when folks like Slashdot ChoicePoint [yro.slashdot.org] have to be forced into admitting they had a major breakin.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved