Cyber fraud is big business here

Financial fraud is big business, contributing to an estimated $20 billion in direct losses annually. Industry experts suspect that this figure is actually much higher, as firms cannot accurately identify and measure losses due to fraud, says the ASSOCHAM–PwC(PricewaterhouseCoopers) report titled ‘Current Fraud Trends in the Financial Sector’.

The report attributes increasing technology-driven transactions in the financial sector as the main reason for growing cyber frauds. Exploiting technology vulnerabilities has become the weapon of choice for fraudsters. Yet another ASSOCHAM – PwC report ‘Evolution of eCommerce in India: Creating the Bricks Behind the Clicks’ says, eCommerce has grown at a compound annual growth rate (CAGR) of 35 per cent in the past few years. The overall eCommerce business, which is valued at $17 billion now, is expected to cross $100 billion over the next five years.

As it expands, so will be the incidence of cyber frauds. As of now, the country’s eCommerce industry is relatively small compared with  its size in countries such as the US and China. A big market with high value eCommerce transactions is a rewarding marketplace for cyber criminals. You have to look at some of the cyber-attacks such as Target and Home Depot that have happened in recent months to understand the magnitude of the cyber threats. These attacks are aimed at obtaining data that was subsequently used to defraud companies/consumers individuals operating online bank accounts, holding credit/debit card through fictitious transactions including eCommerce transactions.

In the case of Target — the second largest discount retailer in the US — hackers stole data such as names, phone numbers, and email addresses of about 70 million shoppers and credit card information of around 40 million shoppers. While hackers gained, credit card companies had to issue cards at huge costs.  The attack resulted in enormous damage to Target’s reputation and loss of confidence among its clients. In the case of Home Depot,a big retail chain dealing with home improvement and construction products and services, the cyberattack that happened in September last year had resulted in the breach of around 56 million cards.

Because online business transactions in India are yet to reach large proportions, similar incidents have not happened in the country. Incidents such as “…. bought a watch….When the product was delivered to me I found the watch damaged and not in a usable condition,”  “….Holiday package with promotional offer of ……mobile phone. I did the payment but still not got any hotel booking confirmation or mobile phone” are frequently taking place in India, but are not reported as no formal mechanism exists that mandates reporting of such occurrences to a cybercrime response team in India.

The country’s shortcomings in tackling such eCommerce frauds is not limited to reporting them alone. It has not even created the necessary awareness among the people and companies about the seriousness of the cyber threats and the enormity of its consequences. There is almost complete lack of information about remedial measures to counter cyber frauds.

In the US, the Federal Trade Commission (FTC) regulates some of the electronic commerce activities such as the use of commercial emails, online advertising, and consumer privacy. In India, the Information Technology Act, 2000, governs the basic eCommerce activities but lacks teeth. However, in recent weeks some forward-looking statements have come from the government and the NASSCOM.While the government has made a budget provision to create the National Cyber Coordination Centre, NASSCOM has announced that it is setting up Cyber Security Task Force that will focus on cyber security solutions, developing cyber security R&D plan, and develop a skilled workforce of cyber security experts. Hope these initiatives are comprehensive.

Information technology has vulnerabilities that cyber criminals are able to exploit for fraudulent purposes.There are a host of firms that prosper from the proliferation of eCommerce crimes. While most often, they offer solutions to known cyber vulnerabilities, cyber criminals are a few steps ahead of them; they keep discovering  new vulnerabilities to exploit. The solution lies in going back to the drawing table with a commitment to build robust and secure information technology platforms. Till then we have to learn to live with patches and firewalls. Paradoxically, numerous firms see thriving business opportunities in such an ambience!

Cyber criminals can defraud almost all eCommerce stakeholders. Fraudsters may be lurking even among eCommerce companies.  They may collude with cyber criminals to cheat all other stakeholders. Presently, the going is good for some of the large eCommerce firms partly because of the high valuations they command. Few major fraud incidents can shake the investor confidence, consumer exuberance, and other stakeholder expectations. 

(The writer is an independent industry analyst/columnist and automation consultant.)