Number of victims of online fraud could be much higher than reported

Claims that ten per cent of the online UK population have been victims of fraud could be under-estimated. Commenting on last week's Online Fraud Barometer report by VeriSign Authentication, Richard Brain, technical director of ProCheckUp, said that he suspected that it is probably more than ten per cent, as the majority of interceptions in the past few years would have been undertaken primarily for financial gain.

He said: "The intent is to capture user credentials which are commonly used across other sites. I have seen cases recently where credentials are sold for more money than credit card numbers with CVV and postcode.

"Credit card numbers are getting more difficult to obtain due to the PCI DSS standard being implemented, so black hats are now harvesting accounts on Web 2.0 sites with message boards to gain access to financially connected websites.

"I recently performed forensics on a popular website with about 100,000 subscribers. The first thing the hackers did after obtaining shell code injection was to download all of the usernames and passwords registered, I suspect these were then sold on using bulletin boards. Consequently I then read of people with eBay and PayPal accounts who despite having strong passwords, wholose control."

Dave Jevans, CEO of IronKey, said: "Over a quarter of the UK population (28 per cent) today are still not shopping online because of identity theft and fraud. In reality it is a long way off from the government's plans for a truly digital Britain.

"Unfortunately, until businesses understand they are responsible for their customer's security, whether in the shop or online, the growing lack of confidence will continue to slide down, hurting profits in an already tough economy."

Matthew Bruun, EMEA sales director for VeriSign Authentication at Symantec, stated: "It is vital for consumers to appreciate how skilful these criminals are and take the appropriate measures to protect themselves online. Before inputting any personal details on a website, whether it is their address, date of birth or credit card information, consumers must take the time to check a site's security policies and credentials. Look out for security certificates and seals and don't let security standards slip, or they could be in for a nasty surprise.

"Equally, all online businesses have a responsibility to protect their customers. With 80 per cent of UK online consumers stating that they would never interact with a website that does not display enhanced security credentials, if companies are not encouraging trust through measures like strong authentication or EV SSL, which turns the URL bar green to indicate a secure site, they risk losing customers to websites that are more proactive when it comes to security.

The following article appears on SC Magazine. You can click here to read it in its original source.