AAMGA Special Section
Cyberfraud: The need for action
Online schemes and scams abound, and losses cost billions
By Phil Zinkewicz
|
“Given the anonymity of the Internet, anyone can become a multi-national, multi-million-dollar cyberfraudster from the comfort of the recliner in his or her family room.”
—Bernie Heinze |
Insurance fraud accounts for more than $100 billion in losses each year. To this total, we must add the growing cost of cybercrimes in the United States. The Federal Bureau of Investigation estimates that more than 2,000 potentially malicious threats of cybercrime will emerge in 2006, amounting to over $400 billion in potential losses. In 2005, indemnity payments by domestic and international insurers for cyberfraud amounted to $141.5 million alone in the following types of claims. A breakdown of these insured cyberfraud losses is shown in the table below.
The sophistication of both foreign and domestic perpetrators will certainly cause these and other kinds of cyberfraud to increase substantially in the near term. As an example, a joint effort by the U.S. and Canadian governments called Operation Firewall recently resulted in the arrest of 28 people from six countries engaged in a global cyberfraud ring. They operated a Web site to buy and sell information that had been stolen from more than 1.7 million credit cards, thereby allowing the criminals to assume false identities and profit with a bounty of over $4.3 million.
Other online scams can be grouped into the following categories:
• Auction fraud
• Boiler room scams
• Debt elimination
• Disruption of service
• Employment/business opportunities
• Escrow services fraud
• Extortion
• Identity theft
• Investment fraud
• Lotteries
• Money laundering
• Nigerian letter or “419”
• Parcel courier e-mail schemes
• Phishing/spoofing
• Planned viruses
• Ponzi/pyramid schemes
• Reputation damage
• Reshipping
• Spam
• Third-party receiver of funds
The chart (below, right) shows the percentage breakdown of the ways in which online fraud is committed in the United States.
The latest scams
The increasing use of credit cards to make online purchases of everything from books, clothes, and electronics to insurance and other services has already accounted for $60 billion in fraud, according to research firm Financial Insights. One of the most common scams now in use is taking place in restaurants. At the time of payment, a waiter exchanges the diner’s credit card for one that looks just like the original. The waiter processes the charge in the back room, then hands the diner the fake card with the receipt wrapped around it. The diner puts the fake card in his/her wallet or purse without looking at it, while the actual card is being used to make online purchases, and its personal information is being e-mailed to India, Indonesia, Romania, Nigeria, and other countries in which cyberfraudsters have established their operations.
Another new area of cyberfraud opportunity involves personal digital assistants (PDAs) and cell phones with Internet access. Hackers have developed the means to dial in to the device via either a phone call or nondescript e-mail that will extract the information stored in the device, such as phone numbers, Social Security numbers, photographs, PINs, and so on. The risk of fraud further increases with the growing use of voice over Internet protocol (VoIP) and wireless Wi-Fi networks.
Consider the ease with which two amateur high school-aged hackers recently pulled into the parking lot of a home supply store and were able to hack into the store’s wireless network, stealing its customers’ credit card information and even changing the prices of certain items.
Given the anonymity of the Internet, anyone can become a multi-national, multi-million-dollar cyberfraudster from the comfort of the recliner in his or her family room.
Increased anxiety about the possibility of a cyber attack has led to a substantial change in the behavior of some consumers. A recent IBM study found that more than 53% of Americans hold themselves most responsible for protecting themselves from cybercrime and against cyberattack.
For example:
• 85% destroy all documents that contain personal information, or they attempt to securely store the information
• 70% use only Internet shopping sites that display a security protection seal
• 64% do not conduct online transactions on a shared computer
• 50% do not use shared wireless networks such as in a coffee shop or airport
• 38% do not bank online
• 37% do not use credit card information online
Challenge and opportunity
The facts and statistics about cyberfraud are grim, to be sure—but they represent a corresponding opportunity for the insurance industry. Agents and brokers are becoming more sophisticated and educated about where the larger risk exposures reside, based on the types of businesses involved. Insurers also are responding with special coverages to protect against identity theft, denial of service, destruction of data, business interruption, computer viruses, protection of networks and peer-to-peer facilities, and the manipulation or stealing of confidential information, all to protect the balance sheets, savings, and reputations of those affected.
Similarly, state and federal regulators and legislators are enacting new laws to catch and deter the cyber criminals. The Internet Crime Complaint Center (IC3), www.ic3.gov, was established as a partnership between the FBI and the National White Collar Crime Center. It serves as a central repository for cyberfraud and investigates the many organized schemes in existence. The G-8 countries have also developed national points of contact for cybercrimes.
The use of encryption and authentication technologies for cyber transactions will make matters more difficult for the perpetrators. However, we have a long way to go before we can live in a world of inpenetrable databases and information warehouses filled with valuable and confidential data.
If the statistics tell us anything about the future, it is that cyberfraud is not going away; that the insurance marketplace can work in conjunction with technology providers to provide security, risk management, and indemnity protection for individuals and companies alike against cyberfraud; that training for agents on the nature and extent of coverage available is essential; that the sharing of crucial information on the methods used by these criminals is critical to catching the thieves; and that we must support our state and federal law enforcement officials as they seek larger financial appropriations and tougher laws to impose appropriate financial penalties and mandatory prison time commensurate with the damage inflicted by those who engage in cyberfraud. * |