Report identifies e-crime black hole
Tuesday July 30 2013
Parliamentary investigation finds a lack of effective law enforcement where retail reporting lags behind financial services
The Home Affairs Select Committee today released a long-awaited report, calling for more effective action to tackle both causes and effects of e-crime in the UK.
After a 10-month inquiry, the Committee’s first ever report on e-crime
said there appears to be a ‘black hole’ where e-crime is committed with impunity. It also stated: “Online criminal activity which defrauds victims of money is often not reported to or investigated by law enforcement”.
In evidence given by the British Retail Consortium
(BRC), one of the main problems affecting retailers tackling e-crime was the lack of clarity about case acceptance criteria for reporting online fraud or crime to national agencies.
E-crime goes under radar
The BRC told the Committee that its members often spent time preparing detailed reports expecting the relevant agency to accept the case. But they then find that their case has fallen short of the acceptance criteria and needs to be reported locally.
Responding to Committee questioning during the enquiry Tom Ironside, British Retail Consortium director of business and regulation, also highlighted two areas where improvements could be made to the way in which banks communicate with retailers.
“When a card is flagged as lost or stolen, we find out very rapidly that that is the case and we can take action as a result,” he said. “However, where fraudulent activity is undertaken, the communications links are much slower, and we think there is a clear case for that being addressed and flagged in an appropriate way so that retailers can take appropriate action at the time in question.”
Ironside added that BRC members had also called for “a better or deeper understanding in relation to card-not-present transactions, where again there is an absence of depth of knowledge, which can identify these patterns.” He also said retailers would have to become increasingly aware of the end-to-end process involved in m-commerce to understand exactly where the risks and liability lie for any fraud carried out.
The report called for a “dedicated state-of-the-art espionage response team” for British organisations to report attacks so that effective action can be taken. As part of this reporting structure, it also advised that banks should be required to report all e-crime fraud to law enforcement.
Calling out software bugs
Perhaps the most incisive recommendation in technology terms called for key infrastructure software to be “provably secure, by using mathematical approaches to writing code”. Engineering the Future
, which is an alliance of professional engineering organisations, told the Committee a Europe-wide measure of liability on manufacturers and importers of faulty software should be established for the damage that avoidable defects cause.
Among other recommendations, the Committee said the Director of Public Prosecutions (DPP) should review sentencing guidance and ensure e-criminals receive the same sentences as if they had stolen the same amount of money or data offline.
Despite the report’s conclusions, Ruby Khaira, regional manager for UK, Northern Europe and India for enterprise security vendor FireMon
, pointed out to RetailTechnology.co.uk
cyber criminals will evolve the attack landscape to combat any measures being introduced, by either governments or companies.
“The report makes no mention of the fact that only by understanding the real time security posture, can organisations begin to analyse and identify security gaps and prioritise remediation against attack.”
Tagged as: E-crime | loss | cyber | security | prevention | banks | reporting | software | engineering | Home Affairs | report | BRC | FireMon