ISAF issues warning to retailers to tighten up on security procedures

This article is brought to you by Retail Technology Review: ISAF issues warning to retailers to tighten up on security procedures.

Figures released in October by APACS, the UK payments association, show that Card-not-present fraud rose by 18 % in the first six months of 2008.  A leading member of the Information Security Awareness Forum (ISAF) has issued a further warning after cybercriminals ordered a laptop on credit and had it delivered to her home in an attempt to carry out a fraud.

The fraud was detected  says Margaret Smith, a member of the Institution of Engineering and Technology chapter and of the ISAF, when the Sony Vaio laptop was actually delivered whilst she was at home, rather than being intercepted by the criminals in her absence.

"The cybercriminal's modus operandi is that they order an easily-disposable - and expensive - electrical item such as a laptop for home delivery then, when the courier arrives, they intercept the driver and claim they are you," said Smith, adding that in the absence of the legitimate account holder whose identity has been stolen, many drivers simply ask for a signature.

According to Smith, in the unlikely event the driver asks for ID, the thieves can easily produce a forged document that they have run up on a PC and printer.

In her blog on the saga - which is becoming all-too-common in the online world - Smith said the incident is not the first fraud on her identity, but that she was surprised at the routine handling of her report of an obvious fraud.

"I immediately rang the company named on the advice note. Because of an automated response system it took a while to speak with someone," she said, adding that the fraudsters had opened an account in her name using her address and date of birth.

It was, she said, quite tricky to get across to the firm that she had not ordered the laptop and, after reluctantly arranging a return, they wanted to put her through to the fraud department, who are "very busy at the moment."

Smith went on to say in her blog that other frauds have been carried out in her name owing to her surname being one of the most common, and that she fully expects other frauds to occur - also in her name - in the future.

Commenting on his members' unfortunate, but increasingly commonplace experience, Dr David King, ISAF's chairman, said the sheer volume of identity thefts is now such that all mail order businesses need to ramp up their anti-fraud and security procedures to prevent these types of scams occurring.

"There is obviously some pressure, especially in these credit crunched times, to process a sale when it lands on your Web site, but I also think there is a duty of care on retailers to check - and check again - that an order is not fraudulent," he said.

"The repercussions on the innocent person whose identity has been stolen could be severe, as, in this case, the ISAF member's credit rating might have been impaired, which could have been catastrophic when she later applied for a new mortgage or car loan," he added.

The Information Security Awareness Forum (ISAF) was founded in February of this year as a cross-industry initiative by the ISSA-UK to formally raise awareness of information security.

The forum was borne out of the ISSA-UK Advisory Board which, at its meeting in September 2007, identified the need for co-ordination activity within security awareness.

The ISSA-UK advisory board fully supports the role of the ISAF in its efforts to explore the agenda and identify specific actions that could be undertaken to make a difference.

Founding members of the forum include ASIS International , the BCS, CMA, the Cybersecurity Knowledge Transfer Network, eema, EURIM, Get Safe Online, IAAC, the Information Technologists' Company, Infosecurity Europe, the Institute for the Management of Information Systems (IMIS), the Institution of Engineering and Technology , the International Underwriting Association of London (IUA), ISACA, (ISC), ISF, ISSA, the Institute of Information Security Professionals, the Jericho Forum, the National Computing Centre, the National e-Crime Prevention Centre (NeCPC), the Police Central e-Crime Unit, and SASIG.

For more on Margaret Smith's identity theft: http://www.infosecurityadviser.com/view_message?id=79

For more on the ISAF: http://www.theisaf.org