Identity theft in E-commerce

Leave a comment

Now, cybercrimes have a big effect on online business. But if users be more awareness and companies use global security ways, more persons will prefer to do online business.

Identity theft is another form of crime that decreased of the success of e-commerce. This crime happens while a person`s information has stolen and commits crime. It is happening throughout e-commerce that is not safe and, security is simply breached. Usually, when identity theft happens the customer is often does not inform till it is too late. Many times the credit card is still in person possession when it uses unlawfully by unknown persons. It is hard to follow online criminals, but it is less likely they succeed in comparison of use conventional methods to do identity theft.



The eBay Community Model and E-Auction Fraud

Leave a comment

Online auction sites are amongst the top destinations for e-business and e-commerce trading. There are more than 250 online auctions so far. The most well-established being: eBay, Yahoo, and Amazon auctions.

It is worth noting that over 1.3 million transactions a day take place on Internet auction sites, nevertheless only a small percentage of this figure result in fraud. However, the number of fraudulent transactions should not be undermined, as online auction fraud ranks top of all cyber fraud complaints. The US Federal Trade Commission (FTC) stated that in 2002 auction fraud constituted the largest category of internet related complaints in the FTC’s Consumer Sentinel database, which logged more than 51,000 auction complaints in that year. Similarly, according to a recent survey by the National Consumers League (NCL) 63% of Internet fraud resulted from online auctions where the average loss was $ 478 per person. In 2003, the US FTC released a report on Consumer Fraud and ID Theft, where Internet auctions fraud alone accounted for 48% of Internet-related fraud complaints, which resulted in the loss of $ 437 million in one year only. Before examining the various forms of Internet auction fraud and its raison d’être, it is necessary to state that online auction fraud is not exclusive to consumers or buyers; businesses and sellers also could be victims of online auction fraud. However, consumer buyers represent the major category of victims of auction fraud. With respect to forms of online auction fraud, there are several activities which constitute fraudulent behavior including:

Non-delivery: involves the seller placing an item up for bid when, in fact, there is either no item at all or the seller has no intention to sell. As a result, the item is never delivered to the buyer after he/she purchases the item.

Misrepresentation: Occurs when the seller’s purpose is to deceive the buyer as to the true value of an item by listing false information or using fake pictures of the item.

Non-payment: Involves a buyer placing the highest bid and winning the auction, and as the merchandise is delivered no money is paid. The victim in this case is actually the seller.

Triangulation: Involves three parties: the perpetrator, a consumer, and an online merchant. The perpetrator buys merchandise from an online merchant using stolen identities and credit card numbers. Then, the perpetrator sells the merchandise at online auction sites to unsuspecting buyers. Later, the police seize the stolen merchandise to keep for evidence, and the buyer and merchant end up the victims.

Fee stacking: Involves adding hidden charges to the item after the auction is over to obtain more money. Instead of a flat rate for postage and handling, the seller adds separate charges for postage, handling, and shipping. As a result, the buyer has to pay more than anticipated.

Black-market goods: These goods include copied software, music CD’s, videos, etc. The goods are delivered without a box, warranty, or instructions. Auction sites such as eBay try to stamp out selling such items by prohibiting the selling of unauthorized copies of software, games, music, or video. Multiple violations of eBay’s unauthorized copy policy could result in the suspension of your account.

Multiple bidding: This occurs when a buyer places multiple bids (some high and some low) using different aliases. The multiple high bids cause the price to escalate, and scares off other potential buyers from bidding. Then, in the last few minutes of the auction the same buyer withdraws their high bids, only to purchase the item with their lowest bid. On eBay, it is not permitted to use secondary User IDs or other eBay members to artificially raise the level of bidding and/or price of an item. Equally, retracting bids is not allowed as a rule on eBay, as all bids are binding, except: sales of real estate or businesses, sales of items that are prohibited by law or by eBay’s User Agreement, and other exceptional circumstances (typographical errors, significant change in the description of the item, inability to reach the seller, and unauthorized use of the buyers ID and password)

Shill bidding: is the intentional sham bidding by the seller to drive up the price of his/her own item that is up for bid. This is accomplished by the sellers themselves and/or someone that is associated with the seller making bids to purposely drive up the price of the seller’s item.

Shield bidding: occurs when the buyer uses another email address or a friend (the shield) to drive up prices and discourage bids on an item she wants. At the last minute, the shield withdraws the high bid, allowing the buyer to win the item at a lower price. Most auction sites forbid retracting a bid once it’s made, and on eBay shill and shield bidding is clearly prohibited. Although one or more forms may be prevented under the auction site policies, the main concerns for online auction fraud lies in the non-delivery, delivery of defective goods or late delivery, failure to disclose all relevant information, and non-payment. In the second part of this paper some of the anti-fraud measures that could be used to stamp out fraud will be analyzed.

My comment:

Very good fraudulent behavior, I want to add that the best method to protect in front of ripped off by online shopping and sales are to use of an online escrow company ( I know that it will increase costs but will decrease doubts for doing transaction.


Notifications about Hacking In E-Commerce

Leave a comment


 In this post I want to have another note about Hacking in E-commerce. One of the safety factors for e-Commerce hosting is the ability to get notices from the hosting supplier about account changes. If hacker can enter to the control panel of an e-commerce website hosting account, it can destroy all online business in minute.

Hacker then can fill website with bad things, delete all information and data, send domains to other site and do some other things that owner of the website can normally do in control panel. To stop this kind of happens, I recommend that owner of website have a hosting account that automatically send alerts from email every time that change is happened in account.

Unfortunately in today`s world sellers sell hacking software and magazines write articles about how to break into Web sites then “BE CAREFUL”.


Proposed Law to Fight Phishing

Leave a comment

Anti-Phishing Act of 2005 allows for prison time and hefty fines.

WASHINGTON — A bill introduced in the U.S. Senate last week would allow prison time of up to five years and fines of up to $250,000 for people who design fake Web sites for the purposes of stealing money or credit card numbers. The Anti-Phishing Act of 2005, introduced by Senator Patrick Leahy (D-Vermont), would outlaw “phishing,” in which scam artists design Web sites to look like real banking or e-commerce sites, then e-mail spam to people saying they need to re-enter their account or credit card numbers at the bogus site. The bill, similar to one that failed to pass in 2004, would allow law enforcement officials another tool to fight phishing scams, by creating an opportunity to prosecute before the actual fraud takes place, says Julie Katzman, a legal advisor to Leahy on the Senate Judiciary Committee. The bill is intended to deter phishing scammers, she adds.

Phishing and Pharming

Leahy’s bill would also extend the same penalties to so-called “pharming,” in which scammers redirect computer users’ browsers and direct them to spoofed banking or e-commerce sites. Leahy, in a statement, notes that the average phishing Web site is active for less than six days.

“Some phishers and pharmers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded,” Leahy says in a statement. “For most of these criminals, that leaves plenty of time to cover their tracks. Moreover, the mere threat of these attacks undermines everyone confidence in the Internet. When people cannot trust that Web sites are what they appear to be, they will not use the Internet for their secure transactions.” The number of new phishing messages climbed by an average of 38 percent a month during the last six months of 2004, according to the Anti-Phishing Working Group. The number of phishing e-mails grew by 42 percent, and the number of unique phishing Web sites grew by 47 percent in January, according to the group.

Leahy’s bill requires that the spoofed Web sites be designed with the goal of committing fraud or identity theft. Parody Web sites, both commercial and political, are exempt from the penalties in the bill.

My comment:

I think that something has to be done to finish the increasing of phishing in the Internet and technological changes must be at the first of any act. The Anti-Phishing Act of 2005 provides some help for fighting with phishing. Technological changes cause hope of providing very good and long term solution to the phishing distribution.


Phishing a threat in e-commerce

Leave a comment

As I mentioned in my previous posts, there are a lot of e-commerce crimes in the Internet that in this post I want to talk about Phishing. It is a general kind of threats in e-commerce. Phishing is a method that the person tries to steal personal information such as username, passwords and credit card numbers by referring receiver to visit false websites. It is a kind of Theft. Today, it is a important criminal action in the internet, specially happen by sending e-mail. Also it always done in famous web sites for example, eBay, Yahoo and MSN

An example of phishing:

  • eBay phishing email

Performer send email and use eBay logo to add reliability and tricked which billing is not working and need eBay member to login and confirm again. Then they can tries to steal personal data. Here is an example of the eBay phishing email:

 You can find some avoidance techniques to prevent from phishing here that I recommend to you:

1-    Don’t answer to e-mails or fill the forms in e-mails which immediately ask for personal financial data.

2-    Don’t click on the links in doubtful email

3-    Check the events with your bank that if your bank has sent email to ask information.

4-    Regularly check your credit card about all transactions

5-    Make sure the address is typed correctly and make sure you are in the right website

6-    You can use strong password for your account and change it regularly

Today crimes in internet are increasing. By using the data above, I hope you have more information about the phishing and learn to avoid of it.


Cyber law and e-commerce in India

Leave a comment

In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects. The Indian e-commerce law has only provided that one statutory authority be established, namely adjudicating officers.

In the present global situation where cyber control mechanisms are important we need to push cyber laws. Cyber Crimes are a new class of crimes to India rapidly expanding due to extensive use of internet. Getting the right lead and making the right interpretation are very important in solving a cyber crime. The 7 stage continuum of a criminal case starts from perpetration to registration to reporting, investigation, prosecution, adjudication and execution. The system cannot be stronger than the weakest link in the chain. In India, there are 30 million policemen to train apart from 12,000 strong Judiciary.

Police in India are trying to become cyber crime savvy and hiring people who are trained in the area. Many police stations in Delhi have computers which will be soon connected to the Head Quarters. Cyber Police Stations are functioning in major Cities all over the Country. The pace of the investigations can become faster; judicial sensitivity and knowledge need to improve. Focus needs to be on educating the police and district judiciary. IT Institutions can also play a role in this area. We need to sensitize our investigators and judges to the nuances of the system. National judicial Academy at Bhopal (MP) and State Judicial Academies are also running short-term Cyber Courses for Judges but much more is needed to be done.

My Comment:

I believe that India is one of the main countries that have e-commerce laws. India is a good example of growing legal systems during time. But there are still need notice and attention in e-commerce laws. The cyber laws have impact for e-businesses and the new economy in India. Then India need to grow cyber laws about e-commerce according to the developments in the world.


Stealing personal data and information in E-commerce

Leave a comment

By pharming:

Pharming is a kind of domain name crime which cause users think that they are in original site with the right URL, but they go and direct to a false website. Then users begin a transaction on that web site, that most of them is about giving personal information, credit card details or account code numbers. So the person that is behind the fake and false website can get personal data of customer and use it for his benefit and bad field.

By phishing

Phishing is tricking customer to give personal information in a false type in the internet. For example this act will let a cracker to steal the personal data and information and get illegal access to his data like personal accounts, PIN codes and so on.


Older Entries