Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
morekba786@yahoo.co.uk
mazizurrahman@gmail.com
mahdimddelwar@yahoo.co.uk Abstract
Internet is the main tool for e-business. E-transaction is made faster by Internet. With the increase of e-transaction internet fraud or e-business fraud is increasing. Credit fraud in the banking sector is a growing concern. Few sort of card (debit/credit) fraud is decreasing by providing detection and prevention system from banks and government. But card-not-present fraud losses are increasing at higher rate because of online transaction as there is no chance to use Chip and PIN as well as card is not used face-to-face. Card-not-present fraud losses are growing in an un-protective and un-detective way. This paper seeks to investigate the current debate regarding the credit fraud in the banking sector and vulnerabilities in online banking and to study some possible remedial actions to detect and prevent credit fraud. The research also reveals lots of channels of fraud in online banking which are increasing day by day. These kinds of fraud are the main barriers for the e-business in the banking sector. Keywords: Credit Fraud, On-line banking, Internet, EBusiness.
1.
Introduction
2.
Background
E-business is the important applications of Internet. Internet is the main tool for e-business and banks have changed their business model with the help of internet. Banks extended their facilities via online and thereby etransaction has increased rapidly in the banking sector. The growth of on-line transaction gives a tremendous opportunity to banks and consumers. But credit fraud detection and prevention system in the banking sector is still remained unsecured. Banking represents the mirror of economy; fraud brings huge losses that shock all the performing activities. Internal banking fraud constitutes an aggressive presence in this sector. Therefore, temptation is ever growing and circulating throughout the entire banking system. The size of e-fraud was very small in the very beginning of e-banking activity. Though the banking system is one of the most rigorously regulated sectors to prevent fraud to operate. Bank professionals can detect potential internal fraud. Security awareness can bring about behavioural change, reduces employees vulnerability, and protects against potential threats of fraud. Banks should protect all the sensitive data providing strong detection system by using Internet Technology and also adopting fraud awareness programme. So with regard to Internet, main important issue is security [1]. Anti-virus and anti-spyware programmes, firewalls and some other methods try to achieve enhanced security.
978-0-7695-3953-9/10 $26.00 2010 IEEE DOI 10.1109/ICDS.2010.45 232 238
In order to have a better understanding of the whole process of Credit Fraud and fraud detection in the Banking sector, we carried out a comprehensive review of the principal themes in the literature [3], [4], [5], [6], [7], [8], [9], [10], [1]. Taking these works as references, we can define the concept of credit fraud (CF) in on-line, as the process of creating and making a clever understanding between buyers (consumer) and sellers (false e-retailer) / efraudsters or clients through on-line activities that exchange a false ideas and offer a big winner that make clients to be a victim of fraud.
Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.
understood and so commonly used that they are considered to be generic terms for a range of different crimes [3].
3.
Data collection
Primary data collection from the field survey was the main method of data collection. We distributed questioners to the clients of different banks, college and university students. We also sent email to different consumers to know their attitude, behaviour, activities and internet usability. We asked consumers how they make their decision when banking and shopping online in order to avoid the risk of credit fraud. E-mail addresses were collected from yahoo group and facebook. For field survey we selected some renowned educational institutions in London. During the data collection, we had to carefully consider the ethical factors of respondent that made sure their privacy would keep secret strictly and confidentially. Also in the questionnaire we did not include any question that can make respondents vulnerable to risk. A total of 1600 questionnaires were distributed for both online and field survey. 800 questionnaires were sent through website and e-mail, and the other 800 questionnaire were distributed for the field survey. Total 744 feedbacks were received and analysed.
4.
Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.
bankers access their main current account and over 10.5 billion transactions were made on UK cards in 2008, a total value of 603 billion [23]. Card spending on Internet has risen over the last five years. Card-not-present fraud losses are rising up to 13% in 2008 by Phone, Internet and mail order [23]. This is the largest type of card fraud in the UK. From 2000 to 2008 card-not-present fraud losses rose by 350%; over the same time period, the total value of online shopping alone increased by 1,077% up from 2000 to 2008 [23]. Figure 1 shows how the card-not-present losses increase over the years.
with the increase of e-transaction this kind of fraud is growing up to 54% in 2008 [23]. In UK, face-to-face retail fraud was getting up by 35% in 2008 where in the UK high street has declined by 55%. Face-to-face total card fraud losses year-on-year is decreasing, though in 2008 it has increased [23]. However it is possible to minimise with the help of Chip and Pin and password authentation.
4.3 Phishing
A fake version of genuine bank websites send out thousands or even millions of spam emails trying to convince people to click on a link that will send them to the fake website. There were 43,991 phishing websites targeted against UK banks and building societies in 2008 [23]. Indeed the rising number of phishing incidents has undoubtedly helped to raise online banking fraud losses. We also know that online banking customers are increasingly being targeted by malware attacks. Spyware is a type of computer virus that can be installed on ones computer without your realisation. Spyware is sometimes capable of acting as a 'keystroke logger', capturing all of the keystrokes entered into a computer keyboard. The emails are normally related to internet banking and try to dupe people into visiting or clicking on the link. Most of the fraudsters behind on-line banking scams are located overseas, and they need an accomplice with a UK bank account to act as a money transfer agent, to launder the funds obtained as a result of on-line scams.
(a)
(b) Figure 2: Card-not-present-fraud losses spilt by type (as percentage of total losses) [23]. Where card usage and transaction volume continue to increase, plastic card fraud losses against total turnover are still significantly less than in 2001 (before the introduction of Chip and Pin) [23]. Figure 2 (a) and (b) show that how card fraud is getting changed over time and how fraudsters are changing their technique and style with the help of technology. Figure 2(a) shows that in 1998 card-notpresent fraud was only 10% and Figure 2(b) shows that
Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.
the internet using places where they use internet for banking and shopping (field survey).
their opinion that focus on the research topics when conducting this research. 4.7 Attacked by phishing or scam e-mail in life We asked the respondents that how many times they were attacked in their life by scam e-mail? In Figure 6, it is clear that one time attacked in life by scam e-mail is 14% respondents, two times attacked in life by scam e-mail is 27% respondents, three time attacked in life by scam email is 19% respondents, four times attacked in life by scam e-mail is 7%, five time attacked in life by scam email is 5% and more than five time attacked in life by scam e-mail is 4% respondents (field survey). Here none means respondents never attacked in their whole life by phishing or scam e-mail because they do not use online banking or shopping.
235 241
Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.
4.13
Consumers were asked if they think banks need to provide more security protection for consumer to stop credit fraud in online. In response to the question, 9% respondents straightway said no, only 43% said yes that means banks need to provide more security protection than the existing one. And also 48% said yes but banks need to provide more security protection to save consumer and simultaneously need to increase more security awareness programme. With the increase of e-transaction, e-business fraud is increasing. But card-not-present fraud losses are increasing at higher rate because of online transaction. It is because there is no chance to use Chip and Pin, and also card is not used here face-to-face (see Figure 2). Though Chip and Pin, based on password authentication, is a top security measure to detect and protect fraud. But in online transaction there is no chance to use password. That is why Cardnot-present fraud losses are growing in an unprotective and un-detective way in e-business. Figure 8: Length of using online banking
When shopping online, before submitting card details one can ensure that the locked padlock or unbroken key symbol is showing in the browser which is an indication of secure sites. The retailer's internet address will change from 'http' to 'https' when a connection is secure. One can then print out the order and keep copies of the retailer's terms and conditions, return policy, delivery conditions, postal address (not a post office box) and phone number (not a mobile number).
5.
Conclusions
In the age of globalisation, world is getting closer and smaller by eliminating constraints of time and distance by the help of Internet [6] and ICT. Banks and retailers are spreading their activities in online to facilitate consumer. Customer can shop in online shopping mall from remote area. They can operate banking activities from wheelchair. Online banking and shopping is much easier than doing physically (in branch or store) but risk of credit fraud is greater in online than branch or store. One of the main applications of internet is e-commerce. Though the credit
Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.
fraud is increasing continuously, at the same time etransaction is increasing at a high rate in retail business (for shopping) and in the banking sector in online. So many ways, such as phishing, spyware, malware, money mule recruitment, lost or stolen card, mail-non-receipt, counterfeit card, card-not-present, card ID theft, cash machine and bodies (e-retailers) are involved in Credit fraud in the banking sector. Many employee frauds will still be going unprotected and unreported, which is the key danger sign for banking sector. National Fraud Reporting Centre (NFRC) is the main authority for monitoring banking fraud and reporting to the police [18]. Also several public organisations such as Serious Fraud Office (SFO), National Crime Squad (NCS), Serious Organised Crime Agency (SOCA), National Hi-Tech Crime Unit (NHTCU), National Criminal Intelligence Service (NCIS ) are working against credit fraud. British Bankers' Association (BBA) is working with the cooperation of all the above organisations to detect and prevent Credit Fraud [18], [24], [25]. The Get Safe On-line campaign was the first internet security awareness campaign, organised by the government along with SOCA, BT, eBay, HSBC, Microsoft and secure Trading. Banks need to take necessary steps by initiating fraud awareness programmes both for customer and staff, and staff training programmes that will help to remove staff vulnerability to fraud. E-business will be successful when all the e-retailer, e-marketers, banks and financial institutions will come in a one platform to detect and prevent fraud. In the light of this research, banks and government need to pay more attention to control card-notpresent fraud losses in e-business as it is increasing rapidly (see Figure 2).
at: http://www.jtaer.com/, [accessed on 14-6-2009]. [9] Phillip B., Blaise J. B. and Charles R. V. (2004), Internet Fraud: A Global Perspective; Journal of E-Business, June, vol.4, Issue 1, available at: http://www.journalofe-business.org/ [Accessed on 18-06-2009]. Okenyi, P. O. and Owens, T. J. (2007), On the Anatomy of Human Hacking; A Global Prospective, Information Security Journal: [online], available at: http://bura.brunel.ac.uk/ [accessed on 20-06-2009]. Tim Hughes (2003), Marketing Challenges in eBanking: Standalone or Integrated? Journal of Marketing Management, V. 19, pp.1067-1085. Keldon B. and Scott E. H (2005), The Effect of Heterogeneous Risk on the Early Adoption of Internet Banking Technologies; Journal of ebanking, 10, August, [online], available at: http://papers.ssrn.com/, [accessed on 25-06-2009]. Hanson W. (2000), Principal of Internet Marketing, Cincinnati, Ohio: South- Western college Publishing. Turban E., Lee J., King D. and Chung H. (2002), Electronic Commerce a Managerial Perspective, Prentice Hall International Inc.: New Jersey. Turban E., King D., Lee J. and Viehland D. (2004), Electronic Commerce a Managerial Perspective, Prentice Hall International Inc.: New Jersey. Chaffey D. (2004), E-Business and E-Commerce Management, Second Edition, London: Prentice Hall. John, V. B. and Robyn, W. (2002), Barriers to Purchasing on the Internet, Journal of EBusiness, Vol. II, No.1, June; [online], p.27. Available at: http://www.journalofe-business.org/, [accessed on 27-06-2009]. BBA (2008), British Bankers Association Annual Report 2007/08, 24 July, [online], Available at: www.bba.org.uk/, [Accessed 29-06-2009]. Ordnance Survey (2008), BBAs 6 th Annual Financial Crime Conference, 25 -26 Nov. [online], available at: http://www.bba.org.uk/ , [accessed on 24-06-2009]. Chris H., Keith H., Azrini W. and Emma W. (2009), Criminology; second edition, chapter-13, Steve Tombs, Oxford University Press, p. 342. NCL (2009), National Consumers Leagues, Available at: http://www.nclnet.org/news/2007, [accessed on 17-06-2009]. BIS (2009), Department for Business Innovation & Skills; Fraud and Scams, [online], available at: http://search.berr.gov.uk/ [accessed 24-06-2009]. Fraud (2009), Fraud The Facts 2009, [on-line], available at: www.apacs.org.uk/, [Accessed on 22-08-2009]. SFO (2009), Serious Fraud Office, [on-line]; available at: https://www.sfo.gov.uk/ [Accessed on 29-06-2009]. SOCA (2009), Serious Organised Crime Agency, [on-line], available at: http://www.soca.gov.uk/ , [accessed on 29-06-2009].
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
References
[1] Gonca T. Y. and Faruk K. (2009), User Rating System for the Internet (URSI) and Central Authority for Internet Security (CAIS); Journal of ebusiness, Vol. V, 2; Vol. VI, 1; [online], Available at: http://www.journalofe-business.org/, [accessed on 25-06- 2009].
[2] [3] Neuman, R. (1991), The future of the mass audience, Cambridge, MA: Cambridge University Press Bologna, J. (1984), Corporate Fraud; the basics of prevention and detection; Butterworth Publishers; p.1,15 Brian, W. (1995), Serious Fraud Office, Little, Brown and company, Introduction page. Hewer, P. and Howcroft, B. (1999), Consumers channel adoption and usage in the financial services industry: A review of existing approaches; journal of financial marketing, 3, 4, pp. 344-358. Kothari, V. and Kothari, M. P. (2001), E-Business: What have we learned; Journal of e-business, December, [online], Vol. 1, No. 2, p. 5. Available at: http://www.journalofe-business.org/ , [accessed, 27-06-2009]. Williams G. & Kikalas T. (2005), Operating systems Worm Targets, IGGeS submission; Journal. Heike N. and Thomas S. (2006), Digital Coins: Fairness Implemented by Observer; Journal of Theoretical and Applied Electronic Commerce Research, April, [on-line], Vol. 1, Issue 1, available [20] [18]
[19]
[4] [5]
[21]
[22]
[6]
[23]
[24]
[7] [8]
[25]
237 243
Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.