Rising threat
22nd May 2006 (Computimes)

CASES involving e-commerce fraud are on the rise in Malaysia.

Last year, a total of 149 reports were directed to the National Information and Communication Technology Security and Emergency Response Centre (Niser) - a majority of which involve online phishing, Internet scams, credit card frauds and online impersonation.

This represented over 400 per cent increase in reported incidents compared to 2003. The actual figure could be higher as many other incidents of fraud are believed to have gone unreported.

Niser's director Lt Col (R) Husin Jazri said there is no sign of e-commerce fraud slowing down in Malaysia as of the first quarter of this year, already a total of 86 incidents were reported to the centre.

While e-commerce fraud has yet to reach a stage where it can dampen Malaysia's e-commerce growth, it is nonetheless a serious threat to the integrity of the e-commerce environment in the country, he added.

"Niser does not have figures on losses incurred through such incidents. However, it is a well-known fact that in terms of e -commerce transactions, the value is continuously growing. For example, people are now able to buy more expensive items through the Internet. As such, future potential losses are expected to be greater," he told Tech&U last week.

Hence, ensuring a secure e-commerce environment is critical for maintaining Malaysia as a desirable destination for business and foreign direct investment, said Husin.

"The onus is on us to be prepared from all aspects - security best-practices, legislation and especially public awareness."

Elaborating further, Husin said e-commerce fraud in Malaysia targets users of online transactions such as e-banking and any Web site that accepts online ordering and payment.

This can be done via malicious phishing activities and spyware infection on users' desktops.

"Users need to be especially wary of phishing sites that appear identical to legitimate online banks or online stores, but which are actually forged. These sites send forged e-mails requesting users' confidential identity information. Then there are fraudulent e-commerce sites conducting illegal sales such as pirated DVDs/VCDs and online betting sites, providing false company contact information," said Husin.

E-commerce fraud also target credit card holders. "For example, credit card information that can be stolen through over-the -counter transactions such as at cashiers can later be used by an unauthorised third party to conduct purchases on the Internet sites that do not conduct proper card owner verification. This is called Card Not Present fraud," he explained.

So, how should this issue be addressed? "Establish guidelines - financial institutions and local business-related agencies can establish guidelines for Malaysian organisations that wish to conduct secure e-commerce transactions. To minimise fraud threat without jeopardising business opportunities, organisations should fulfil the minimum guideline requirements before using e-commerce facilities such as online payment gateways," Husin said.

In addition, the Government needs to enact the Personal Data Protection Bill fast as this can increase the level of trust among online consumers. There should also be proper implementation of MyKad with Public Key Infrastructure (PKI) that can significantly remedy the problem of online authentication for Malaysian consumers, said Husin.

"Requirement on usage of fraud prevention software by site owners and online merchants will enable automatic verification of online orders to detect the possibility of fraud. For example, Visa and MasterCard provide free fraud prevention tools that can help e-commerce merchants detect fraudulent usage," he said.