NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

limitations. Estimating cybercrime still remains an inexact science and all statistics in this field should be treated with caution. 1.3 Credit card fraud trends High frequency of credit card transactions and the wider range of available methods of payment are rapidly increasing the incidence of credit card fraud. Credit card fraud includes the illicit use of stolen credit cards, credit card numbers, CVV2 numbers (the security code on the back) and credit card ‘dumps’. 31 This information can be obtained by means such as card skimming, phishing schemes, or stealing information in personal computers or database systems (using Trojans or hacking). According to the latest Symantec Security Threat report (2008), 32 credit card information was the most advertised category on underground economy servers, ranking the highest in terms of supplied and demanded information for 2007-08. The reasons for their high popularity are: The frequency of credit card transactions: Consumers have almost completely switched from traditional types of payment such as cash and cheques to debit and credit cards. APACS recently reported 1.9 billion plastic card purchases made in the UK in the third quarter of 2008 totalling £93.7 billion. The number of purchases was 8.6 per cent higher than in the third quarter of 2007, and spending was 7.3 per cent higher. 33 The ‘credit crunch’ may slow this growth but the overall trends indicate a clear move away from paper to electronic payments. A growing preference for online transaction: The number of adults shopping online has trebled from 2001 to the present in the UK (from 11 million to over 30 million), and these figures are consistently rising. The growth in e-commerce increases the the company observed in underground markets. This figure can be easily questioned, since it does not account for the number of cards that were cancelled or inoperative, or the high variation of the amounts stolen from credit cards. Estimated by Symantec (2008), “Symantec Report on the Underground Economy”. 31 ‘Dump’ is a slang word for stolen credit card information and usually contains among other things: name and address of cardholder, account number, expiration date, verification/CVV2 code. 32 Symantec (2008), “Symantec Report on the Underground Economy”, July 07–June 08. 33 This increase is mostly materialised on debit cards, which accounted for 73.8 per cent of all plastic card purchases compared with 72.0 per cent in the third quarter of 2007. Page 16
opportunity for online theft of credit card information. Internet sales by UK businesses reached £163 billion in 2007, an increase of over 30 per cent on the 2006 figure of £125.2 billion. 34 The greater frequency of credit card transactions through Pin Entry Devices, online or phone payments increases the opportunities for criminals to capture data. These later are supplied on underground servers. 35 As a consequence, credit card fraud has increased rapidly, reaching £535.2 million in 2007 in the UK alone, according to APACS. International credit card fraud for 2007/2008 has been estimated at £3.35 billion. 36 Figure 1 shows that the latest increase in UK card fraud follows a temporary slowdown during 2005 and 2006, which coincided with the introduction of chip and pin technology. Average growth has been 16 per cent a year since 1997. Figure 1 Source: Calculated from APACS, “Fraud: the facts” (2008). 34 The Office for National Statistics (ONS) database. 35 Symantec (2008) “Symantec Report on the Underground Economy”, July 07–June 08. 36 Estimated by Symantec (2008), “Symantec Report on the Underground Economy”, July 07–June 08. However the accuracy of this figure can be questioned since it was calculated by multiplying the average amount of fraud perpetrated on a stolen card, $350 (£234), by the amount of credit card details Symantec observed being offered for sale, including those potentially invalid or cancelled. Page 17
Page 1 and 2: Research report: July 2009 Crime on
Page 3 and 4: ‘official’ statistics exist yet
Page 5 and 6: Dynamic Capabilities The second com
Page 7 and 8: economics (finance, micro-, macro-)
Page 9 and 10: 2.3 Cybercrime business models 73 2
Page 11 and 12: we focus on financial cybercrime. O
Page 13 and 14: measure all other statistical outpu
Page 15: fraud. Their methodology is still b
Page 19 and 20: However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25 and 26: The rise of online and telephone ba
Page 27 and 28: ecruitment marketplace for cybercri
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33 and 34: Nigerian criminal gangs in North Am
Page 35 and 36: the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63 and 64: origin or signature or a presence o
Page 65 and 66: few simple words and a web link, wh
Page 67 and 68:
web 2.0 sites (such as, social netw
Page 69 and 70:
Source: John Leyden, “Trojan traw
Page 71 and 72:
Cybercriminals find e-gold a conven
Page 73 and 74:
ecosystem at various levels, creati
Page 75 and 76:
expertise they need to perpetrate o
Page 77 and 78:
are often offered for bulk purchase
Page 79 and 80:
Crimeware-as-a-Service (CaaS): Para
Page 81 and 82:
no dominant force. Unlike tradition
Page 83 and 84:
is taken, priority is understandabl
Page 85 and 86:
particularly good one, since consta
Page 87 and 88:
outreach needs to be evaluated to e
Page 89 and 90:
some of these firms may have adopte
Page 91 and 92:
esilience must now surely be of con
Page 93 and 94:
7) Click fraud: also called pay-per
Page 95 and 96:
20) Pharming: is a scamming practic
Page 97:
Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

Create successful ePaper yourself

Delete template?

Save as template?