August 24, 2006

Fraudwatch - how much a Brit costs, how to be a 419-er, Sarbanes-Oxley rises as fraud rises, the real Piracy

A BBC programme reported the cost of Brit identities as extracted from recycled PCs:

Bank account details belonging to thousands of Britons are being sold in West Africa for less than 」20 each, the BBC's Real Story programme has found.

Which comes as the EU moves to total passenger tracking:

BIOMETRIC testing is set to be introduced at European airports under plans for stringent new security measures revealed yesterday in the wake of last week's alleged terror plot. Passengers would have their fingerprint or iris scanned under the measures proposed by EU interior ministers, which would also use passenger profiling to try to identify potential terrorists.

Here's some stats on Nigerian 419 scams, another deception with higher risks for the consumer but not the retailer:

He sent 500 e-mails a day and usually received about seven replies. Shepherd would then take over. "When you get a reply, it's 70% sure that you'll get the money," Samuel said. ... By 2003, Shepherd was fleecing 25 to 40 victims a month, Samuel said. Samuel never got the 20%, but still made a minimum of $900 a month, three times the average income here. At times, he made $6,000 to $7,000 a month.

Samuel said Shepherd employs seven Nigerians in America, including one in the San Francisco Bay Area, to spy on maghas and threaten any who get cold feet. If a big deal is going off track, he calls in all seven.

"They're all graduates and very smart," Samuel said. "Four of them are graduates in psychology here in Nigeria. If the white guy is getting suspicious, he'll call them all in and say, 'Can you finish this off for me?'

"They'll try to scare you that you're not going to get out of it. Or you're going to be arrested and you will face trial in Nigeria. They'll say: 'We know you were at Wal-Mart yesterday. We know the D.A. He's our friend.' "

"They'll tell you that you are in too deep - you either complete it or you'll be killed."

Anyone want to hazard when crooks will be able to buy European biometric data in Africa? More from the BBC.

Once in a blue moon, using dodgy identity cards seems not to work (dead link):

A Toronto man who wanted a fraudulent driver's licence added to his collection of counterfeit ID was foiled by a sharp-eyed employee with the Ministry of Transportation in Hamilton. .... The convicted man provided a Canadian citizenship card in the name of Rohan Omar Kelly when he showed up with a friend on June 12 to write a driver's exam at the ministry's Kenilworth Avenue office.

The employee took a long, hard look at his identification and discreetly slipped away to call the police.

Meanwhile, his friend presented a credit card to pay for the fictitious Kelly's fee. The card, as it would turn out when the pair was arrested a short time later, was a pirated copy. The same was true for a Canadian social insurance card seized from Thomas and a second citizenship card that police found on the dash of the friend's Chev Malibu parked outside.

I wouldn't suggest you do that at home, folks! Fraud responds well to natural selection; the dumb crooks get caught, leaving the smart ones. Actually, the smart ones get caught too, but not before training two more up.

Laws on fraud enjoy no such control, they just get bigger and dumber. CompliancePipeline reports on the anti-climax of Sarbanes-Oxley:

The top-level findings show that even in the more heavily regulated business environment, the incidence of fraud continues to increase. Sixty-seven percent of the respondents indicated that institutional fraud is more prevalent today than five years ago, and another 27 percent said there has been no change level of fraud activity.

Probably, Sarbanes-Oxley supporters will say that they just need to try harder, write more rules, bust more companies, etc etc. Perhaps they should create identity trails as part of their data? New figures suggest identity theft is becoming more valuable, but that's no reason not to store massive amounts of identity information:

Nearly 10 million consumers were victimized by some form of identity theft in 2004 alone. That equals 19,178 people per day, 799 per hour and 13.3 per minute. Consumers have reportedly lost over US$5 million, and businesses have lost an estimated $50 billion or more.

A few years back the accepted figure for identity theft in the USA was around $10bn; maybe it is being revised upwards to 50bn or more (?) with inclusion of internal (unreported) corporate costs.

And, let's close with a curious comparison: Cubicle reports on stats on the real Piracy!

there is very little financial incentive for both governments and shippers to deal with this crime. Piracy is costing shippers $.32 for every $10,000 of goods shipped estimates David N. Kellerman of Maritime Security. Not only is the economic cost inconsequential to companies, so it is to some governments.

Sound familiar? If I知 the corporate owner, the cost is inconsequential. If I知 a sailor on one of these ships, though, the cost is a little more significant:

Merely one year before, in September of 1998, a smaller Japanese-owned freighter named the Tenyu had gone missing soon after departing from the same port of Kuala Tanjung with a similar load of aluminum, and a crew of fifteen. Three months later the Tenyu was discovered under a changed name and flag in a Chinese port, but the cargo was missing, as was the original crew, all of whom are presumed to have been killed.

Ship owners can transfer the risk of Piracy with insurance, but sailors only have two options. They can either avoid the risk by finding a new vocation (not sailing on vessels which travel through pirate-prone regions is not really an option) or hope that the shipowners mitigate it by implementing anti-piracy safeguards such as anti-boarding defenses or armed guards, at least for passing through piracy-prone areas.

Somehow, identity theft seems a little more comfortable.

Posted by iang at August 24, 2006 11:55 PM | TrackBack

The fact that the government entities already have the information suggest that they are selling the information to create a screen for their self funding operations. The theft of ID and banking information can be directly correlated to the illegal monitoring by governmental entities. Once the information is obtained by the governmental entities they recoup their cost by selling it whole sale into exploitative markets.

Posted by: Slicker at August 23, 2006 07:02 PM

recent item

Commission Proposes Radical Change To Data Protection Rules For ISPs And Telcos

from above:

Contained in a "Staff Working Document"1 the Commission states (without giving its source) that "the market has so far failed to address security problems to the satisfaction of users". To remedy this problem it proposes to require providers of electronic communications networks and services to:

* notify the relevant national regulator of any breach of security that led to the loss of personal data and/or to interruptions in the continuity of service supply. The regulator would then be able to inform the general public of the breach if they considered that it was in the public interest to do so; and

* notify their customers of any breach of security leading to the loss, modification or destruction of, or unauthorised access to, customer personal data.

... snip ...

for other topic drift ... i was co-author of the x9.99 financial standard ... and as part of that work put together a merged privacy taxonomy and glossary ... drawing on multiple sources (eu-dpd, glba, hipaa, etc)

Posted by: Lynn Wheeler at September 10, 2006 03:43 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.