PREMIUM SEARCH Search by job title, geography and build a list of executive contacts
In the dark realm of cyberfraud, ink-jet cartridges are a hot commodity. Sound strange? Not to criminals. These cartridges are small but pricey (in the $20 to $50 range), easy to ship, and easy to resell. They're also not expensive enough to trip fraud alarms in the payment-processing systems of banks and online merchants. So criminals using fake or stolen credit-card numbers face little risk of raising the alarm. It's a tempting scam.
Delve a little deeper, and this tale goes international. Chances are, the address that the fraudster has the illicit cartridges shipped to belongs to a freight forwarder, such as Mail Boxes Etc. This forwarder then unwittingly ships them to an address in the fraud capitals of the world, including Ukraine, Indonesia, and a new hotspot for cybercrime: Malaysia. (For the full list, see the table below.)
According to fraud statistics put together by online-payment software provider ClearCommerce, a full 6% of all online orders originating from users in Malaysia prove to be fraudulent. Similar rates occur in Israel, which squeaked in at number 12 on ClearCommerce's list of the top countries plagued with online fraud.
SHIFTING TARGETS. The rise of printer-cartridge rip-offs and international scam artists illustrates the ugly truth about cybercrime. High-tech criminals are getting more savvy -- and their operations are spreading. Their methods morph quickly to circumvent protection measures put in place by merchants. "The fraudsters keep on changing what they do. As soon as they understand how the filters work, they change the characteristics of their transactions," explains Jeanne Capachin, research director at tech consultancy Meridien Research.
The numbers are stark. ClearCommerce and partner Quova culled the geographical locations of the Internet protocol [IP] addresses of computers that placed fraudulent orders from among tens of millions of valid transactions. These IP addresses serve as identification tags for computers, printers, and other devices connected to the Internet.
In the last quarter of 1999, international fraud amounted to less than 10% of all fraudulent orders. During that same period, international orders accounted for about 10% of all the orders. By the third quarter of 2000, however, international orders accounted for less than 5% of all orders -- but 40% of the fraudulent orders.
More recent numbers are still being crunched. But the rate of international fraud has probably increased even more, according to Julie Fergerson, vice-president for emerging technologies at ClearCommerce. While some of this increase comes from marquee crimes, such as highly publicized heists of credit-card numbers from e-commerce sites, a majority of the increase results from security breaches the public never hears about. Says Fergerson: "Just this past year, we have seen the movement of organized crime starting to attack sites."
PRIVACY ISSUES. The effect on online businesses can be devastating. U.S. merchants reported $1.6 billion in losses from Internet crime in 2000, according to Meridien. Not only do the merchants eat the cost of the lost goods or services -- something called a chargeback -- but they also get whacked with a penalty fee from Visa or MasterCard. Rack up enough fraudulent transactions over a few months, and credit-card companies will sometimes cut a merchant off.
To fight back, ClearCommerce, HNC Software, and other companies have introduced software that can track the geographic location of the IP address for computers placing orders online. That allows merchants to give closer scrutiny to any transaction in real time.
Some privacy considerations come into play here. The more closely companies track buying habits in geographical terms, the more they might be able to learn about individual consumers, who sometimes can be connected to specific IP addresses at their home computers.
HIGH ODDS. That said, you can't blame the merchants for wanting the info if it means they'll lose less money. For example, when an order is coming from a computer based in Ukraine, it has a 1-in-5 chance of being fraudulent. Those are pretty high odds on being ripped off.
So merchants might want to do check the identify of the person placing the order a little more thoroughly before trustingly mailing off those printer cartridges to a Mail Boxes Etc. address, which in turn forwards them to a Malaysian crime syndicate for black-market resale in Kuala Lumpur. The advice used to be "Buyer, beware!" These days, thanks to the Internet, sellers need to be pretty careful, too.
Top 12 Countries for Cyberfraud The worst offenders from a list compiled ClearCommerce. The research tallied the percentage of fraudulent requests out of all requests initiated by computers located in specific countries
1. Ukraine
2. Indonesia
3. Yugoslavia
4. Lithuania
5. Egypt
6. Romania
7. Bulgaria
8. Turkey
9. Russia
10. Pakistan
11. Malaysia
12. Israel
Salkever covers computer security issues twice a month in his Security Net column, only on BusinessWeek Online Edited by Douglas Harbrecht
Get BusinessWeek directly on your desktop with our RSS feeds.
Add BusinessWeek news to your Web site with our headline feed.
Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.
To subscribe online to BusinessWeek magazine, please click here.
Copyright 2002, Bloomberg L.P.
Printer-Friendly Version
