Can new fraud squad beat cybercriminals?

12-10-2007

by Ciara O'Brien

Cybercrime, while not a new phenomenon, is becoming an increasing issue for Irish consumers and businesses.

These days, cybercrime is a business -- and a global one -- and Irish firms are increasingly finding themselves targeted by phishing scams, viruses and other malware as cyber criminals become more organised.

A report released earlier this year painted a gloomy picture of how online crime is affecting businesses. Conducted by the Information Systems Security Association and UCD, it found that the majority of Irish firms have been hit in some way by cybercrime, with 90 percent affected by viruses and other malicious software and 88 percent hit by misuse of systems. Almost two-thirds have been the victim of asset theft, while 56 percent have experienced phishing attacks.

These attacks had varying financial impacts. More than half of the companies reported losses of more than EUR25,000 as a result of the cybercrime attacks, while more than three-quarters of respondents said the incidents had cost more than EUR5,000 to correct. Some 22 percent of organisations, meanwhile, were hit with bills in excess of EUR100,000 as a result of the attacks.

Aside from the financial impact, these incidents resulted in negative impacts such as loss of productivity, loss of data, and staff changes as a result of termination or resignation.

With an increasing number of people doing business on the web, the increase in cybercrime is not unexpected. Euromonitor figures indicate that online shopping in Ireland is growing every year, from about EUR114 million in 2003 to almost EUR420 million in 2007. That doesn't take into account the number of people who use the internet to control their financial transactions, such as online banking, share dealing etc, leaving a large market for fraudsters to tap into.

However, a new initiative may help stem the tide of cybercrime somewhat. The launch of the Irish Fraud Bureau, an industry-led initiative to tackle financial fraud in Ireland, in September is hoping to cut such crimes.

According to figures from the newly-formed Irish Fraud Bureau, reported financial crime is believed to be about EUR25 million, a figure that is vastly eclipsed by unreported incidents, which could be as high as EUR155 million.

Cybercrime makes up a proportion of these figures. While the internet has opened a huge global marketplace for Irish businesses, it also creates the possibility for fraud on a large scale, and leaves Irish firms open to such threats as fraudulent credit card transactions, identity theft, or theft of financial details such as online banking passwords.

The IFB allows both consumers who fear that fraud may have been perpetrated against them and businesses who discover fraudulent transactions to take out a protective registration with the bureau.

This means that should anyone apply for a loan or other financial product, or even try to make a large transaction on a credit card, for example, a warning will be generated by the IFB's database alerting the business to seek further verification before concluding the transaction.

The bureau is not claiming that it will stamp out cybercrime, but it is hoping to put the brakes on it. "Fraudsters are always one step ahead of the posse," said chairman of the IFB James Treacy. "We're trying to make it as difficult as possible. We're never going to prevent it altogether."

The IFB is now in talks with the Data Protection Commissioner, who is concerned about the sharing of such information between financial institutions. "It's an ongoing process," explained Treacy.

In the meantime, there are certain aspects of the Bureau that can get up and running. The deceased database, which aims to prevent fraud being perpetrated using the details of those who have recently died, can be searched by IFB members.

Treacy warned that deceased fraud, while not a major problem currently in Ireland, has been a popular choice for fraudsters in the UK.

"Once the loopholes are closed in the UK, fraudsters will move to Ireland if it's seen as a soft touch," he said.

Before that happens Irish legislation will need to be beefed up to tackle cybercrime more effectively. The Government's strategy up until now has concentrated mainly on illegal child pornography, but it seems that new legislation is in the pipeline to tackle cybercrime more effectively.

According to the Department of Justice, phishing is the most common internet crime, which includes debit and credit card and is already tackled under the Criminal Justice (Theft and Fraud Offences) Act 2001. Ireland has also signed up to the Council of Europe's Convention on Cybercrime, which aims to foster international co-operation against cybercrime, including the distribution of child pornography on the internet, infringements of copyright, computer-related fraud and violations of network security.

With this in mind, a new Cybercrime Bill is now being examined by the various government parties, although a date for submission to the government is not known at this stage.

In the meantime, the Irish Fraud Bureau is well-placed to make a positive impact on the growing threat of cybercrime.