Reducing computer fraud

To combat fraud and deception in global e-commerce, law enforcement agencies, criminal, civil, and regulatory, must work together and coordinate their use of all available weapons -- including criminal sanctions, civil penalties and forfeiture -- to provide strong, consistent, and credible enforcement mechanisms for consumers. While market forces and self-regulatory mechanisms can do much to shape the development of e-commerce, the nature of computer fraud strongly suggests that market solutions alone will not suffice to control or halt the use of fraudulent and deceptive practices on the Internet.

The global nature and operation of the Internet, as well as the configuration and accessibility of information relating to the true identity and location of those who purport to offer e-commerce opportunities online, can make it more difficult for consumers or law enforcement agencies to determine the legitimacy of an online business or to take effective action if that business fails to deliver promised goods or services or provides goods or services far lower in value than what consumers were promised.

Technological solutions assist consumers only in reducing the risk of what might be termed systems deception. Systems deception refers generally to techniques, such as data harvesting and intrusion techniques, that are intended to evade computer security measures rather than to direct false or deceptive information at human beings. Such techniques, if used by fraudulent schemes, would be employed to obtain valuable personal data, especially access devices such as credit card numbers, without the knowledge or consent of the consumer to whom those numbers are assigned. In general, personal deception - that is, the presentation of deceptive or fraudulent information to consumers, in conjunction with various influence techniques to secure their trust - is far less amenable to technological remedies. Indeed, in certain circumstances, criminals could combine techniques of systems deception, such as the use of "frame-spoofing" or "Trojan horses," with personal deception to carry out fraudulent or deceptive practices in e-commerce.

Offline merchants in a local community who alienate their customer bases will not obtain repeat customers, and will go out of business, losing their investment in the process. The global reach of the Internet, however, can encourage a dishonest business person, if he is interested only in maximizing short-term profits, to abandon any concern with "good will" or repeat business when millions of potential customers can be contacted with a few keystrokes. In addition, the cost of creating a superficially impressive Web site for that purpose, or abandoning that site after sufficient funds have been obtained from many victims, is extremely low, and therefore poses no real deterence to the dishonest Web site operator's activities.

Legal agencies work with the private sector to encourage, as appropriate, technological approaches that increase the difficulties of committing fraud through the Internet (e.g., biometrics and protocols such as public key infrastructure and secure socket layer software), or that increase the ease with which law enforcement can receive and analyze information about Internet-related fraud (e.g., consolidating disparate sources of complaints and analyzing them). Even though technological solutions cannot by themselves stamp out all fraud on the Internet, they can be useful mechanisms to reduce its incidence and to foster public awareness about the need for appropriate caution in e-commerce transactions.