With Internet fraud on the increase more measures are being put in place to protect consumers
Rupert Jones and Phillip Inman
Credit-card companies are privately slapping hefty fines on rogue websites for misusing people’s card details amid a big jump in complaints about Internet fraud.
Much of the problem centres on “adult” websites and other disreputable merchants, most of which tend to be based in the United States or offshore locations, such as the United States Virgin Islands, that are flee-cing credit-card holders in the United Kingdom and around the world.
Britain is a mecca for credit-card frauds. Incredibly, more than half of all credit-card transactions in Europe take place in the UK and more than half of Europe’s card fraud happens there, too. And the growth of shopping on the Web has the potential to make matters worse.
This week British and US regulators added to fears over Net purchases when they warned Web users to watch out for Internet frauds. Officials said they are taking action against more than 250 cyber conmen, mainly in the US, who have been tricking gullible Web users.
Mastercard/Europay, the international payments organisation, since June has fined about 30 websites, many of them selling pornographic images and goods, which have generated the largest number of disputed online transactions.
Mastercard/Europay carried out research into where credit card disputes – such as alleged fraud and complaints about unsent goods – were arising and found about 50% of them related to e-commerce. About half of these e-commerce disputes related to adult websites.
One of the most popular scams operated by US-based adult sites involves requests for users’ credit card details, either to pay a “one-off” subscription fee or simply to act as proof that customers are over 18. The customers do this, and then find they are being charged $25 to $30 every month by the site – a regular payment they clearly haven’t agreed to. Attempts to get the unauthorised payments stopped run up against toll- free phone numbers that only work in America, with no address to write to.
Other sites, some of them auction and holiday sites, are taking credit-card numbers and passwords and using them to go shopping at major online retailers that might have been visited by the customer. Research shows that people tend to use one password for all their online shopping and rogue sites exploit this. They take the card details and password and visit sites that only need a password before allowing customers to shop. CDs and other goods can be bought in large numbers and sent on to an address in another country.
So what can the victims do? The fact that it may involve porn means some people will be too embarrassed to contact their bank or credit-card company to try to get the matter rectified. Some will simply cut up their card, which is immensely frustrating for the card companies, for whom losing customers is an expensive business.
MasterCard/Europay is now hitting back, and earlier this year put in place a policy where if the number of disputed transactions exceeds a certain amount for two consecutive months, it fines the website’s bank (it can’t fine the sites directly). And these are no token penalties either – the fines start at $5 000 and rise to a hefty $100 000. The October fines were the most severe yet imposed, and are expected to lead to a crackdown on guilty sites.
“Nearly all the people on the list [of those fined] have been what you would call disreputable merchants,” says Paul Lucraft at Mastercard/ Europay.
Lucraft stresses that Mastercard/ Europay is not mounting a moral crusade against adult websites. “It just happens to be that a number of the people who are ripping off the system are hiding behind these sites.” It probably costs the porn sites “a few cents” to post images on the Net and they are collecting perhaps $30 a month from hundreds or thousands of individuals, he says.
Lack of confidence in Net security is deterring millions of people from buying online. Future Foundation, a think-tank, says security topped the list when it asked people what they consider the most important service criteria. It quizzed 1 000 people and found that 76% of non-Internet shoppers say they will want to deal with brand names they trust when they do come to make their first online purchase – not least because of widespread fears about security.
Measures are being put in place to give consumers greater protection against online fraud. UK government rules came into force this week which give new rights to people who shop via the Internet, phone or mail order.
One Web consumer, Ms W, took out an e-shopsafe policy after she bought a book about environmental volunteer holidays over the Internet – but later found her credit-card details had been used by a fraud to buy pornography. Two months later three transactions appeared on her statement for amounts under $30 that she most definitely didn’t recognise.
“When I looked closely I was horrified to see the name of the retailer I had supposedly shopped with. There was no doubt as to what they sold.”
She was eventually reimbursed for the fraudulent transactions but the incident has severely dented her confidence. “I was surprised at how easy it all seemed for the fraudster. It has also made me more vigilant in checking my credit-card statements.”
Parool Patel, a freelance public relations director, was the victim of a similar (non-porn related) incident this year when his statement showed purchases he had not made. He wondered if it might be Internet-related as he had only recently been browsing the Net for books and CDs. He contacted the card company which put the transaction into a “dispute account” and has heard nothing since.
“I presume they have resolved the fraud or absorbed the cost,” says Patel.
In the longer term, a number of further measures are planned to combat card fraud, both online (which accounts for a small but growing percentage of total card-fraud losses) and offline.
The UK banking industry is rolling out a new generation of “smart” credit and debit cards containing computer chips, but it’s proving to be an agonisingly slow process. Though the roll-out commenced 18 months ago, currently only about 10 million of the 120 million cards in circulation have chips.
These new cards are more difficult and costly to counterfeit than traditional cards with a magnetic strip on the back, which are falling foul of a fast-growing problem called “skimming”, where fraudsters copy data from a genuine card on to a blank card without your knowledge.
This might happen in a restaurant or bar where a crooked waiter takes your card away when you pay and secretly copies it. One credit-card user, Adam, had only recently made his first online purchase and believed this to be the source of the fraud, but he now reckons it was the result of a visit to “a particularly dodgy bar” where he had put his card behind the counter and never received a receipt.