Leon Perlman
The Internet, introduced to the world by the United States military as a method of ensuring uninterrupted global communication, is providing a benevolent peace dividend — as a unique conduit for international commerce. But while many companies vacillate over whether to commit to the new business paradigm, a new enemy has emerged — high- tech snoopers who hack into the Internet to steal credit card numbers.
Globally, pervasive credit-card fraud costs both banks and retailers an estimated R6- billion annually. Internet commerce is a growing proportion of this amount. In the latest scare, organised high-tech Cyber- fraudsters worldwide are using so-called “sniffer” programs, which they run on computers that route data over the Internet, to capture credit card numbers when people order goods over the ‘Net. Because the US government has restricted the use and export of encryption programs, the card details are not protected.
The Cyber-fraudsters ask the sniffer programs to search data routed through the Net for 16 digit numbers — the standard length of credit card numbers — separated by spaces. Another technique is that of “reverse engineering” of credit card numbers, where a program is used to randomly generate patterns of numbers matching those of a credit card. They then use the numbers for fraudulent online ordering.
Credit card numbers are often used to order expensive and untraceable items — especially from computer mail order companies, where most computer components lack serial numbers. Mail order facilities will usually provide on-screen forms for all credit card details. The order is then processed as if the user had signed on the dotted line.
Cyber-fraudsters also make credit checks harder by moving the card details between countries. In one case in Britain, a user who filled out a mail order form on the Web to order a R37 bottle of chilli sauce from a California company using his Mastercard credit card was called a month later by Mastercard to ask if he had ordered some R7 500 worth of computer equipment from a British computer
Many South Africans are using the Internet to order mail order goods from US-based Internet shopping bureaux, despite official Reserve Bank discouragement of the practice of unauthorised foreign exchange dealing.
But the Cyber-fraudsters both here in South Africa and in other countries, are well aware of the loopholes in the way in which the US banking system does checks of credit card details: a card number is only deemed unusable if the card itself — but not the number — – has been reported stolen by the legal user. Also privacy laws means US banks refuse to let mail order companies check addresses of card owners. Under US law, the mail order company is obliged to provide the “owner” of the card number with the goods ordered.
With this fraud problem burgeoning worldwide, some measures are being implemented. Netscape, one of the main providers of Net access software had its transaction security code broken not two days after releasing a “secure” version of its Netscape Navigator software. The Microsoft Network (MSN) is also in the process of developing a secure transaction system for on-line commerce. Some local Internet service providers are investigating using MSN as a secure conduit for local online
Antenna