Internet fraud is rife – Digital Planet

Julius Cobbett

Julius writes for Moneyweb, focusing on investigations and fund management. He has a special interest in investment scams.

Full Profile

E-mail

Credit-card fraudsters are rife on the internet, says Digital Planet. The online computer store says fraudsters used to target it weekly before it introduced a rather dubious “security” system.

Apparently scamsters were entering stolen credit-card details to purchase expensive computer equipment. By the time the person whose credit-card details were used discovered the money was missing, the crooks were nowhere to be found.

In these cases it is mostly the store who is held liable, says Digital Planet. The person whose card was used usually gets refunded the amount that was stolen by his or her bank.

One sympathises with the plight of online stores – or any other victim of credit-card fraud. But frankly, Digital Planet’s method of countering this scourge is extremely suspect, and in fact increases the risk of your private information being stolen.

This journalist recently tried to purchase an LCD screen from Digital Planet’s store. I entered my credit-card details, which were sent to the bank for verification through a secure encryption process. My bank authorised the purchase and I was sent an SMS informing me of this.

However, the next day I received word from Digital Planet’s credit controller, requesting that I e-mail him a photocopy of my credit card (both sides) and identity book. This is apparently standard policy for any item that costs more than R5 000. I refused this request and my order was cancelled.

Digital Planet’s request raises two serious red flags:

• Firstly, there is nothing to stop Digital Planet’s credit controller from forwarding these details to an accomplice, who would have all the necessary information to commit internet shopping fraud. Of course, the credit controller in question is most likely perfectly honest, but the temptation is unhealthy.
• Secondly, and more dangerously, the very same fraudsters who have been targeting Digital Planet would have received the e-mail I did. Now they know the e-mail address that contains a veritable treasure trove of credit-card information.

Nedbank (JSE:NED) advises its clients to never send their credit-card numbers via e-mail, let alone their CVC numbers, signature and ID book scans. “E-mail is less secure than you may think,” the bank says. “The data can be intercepted, or may even be accessed from your sent mail folder. The same applies for your internet banking details.”

Just last week Personal Finance reported that fraudsters are attempting to intercept one-time passwords (OTPs) that are sent by banks to clients via e-mail. Nedbank executive for information security Peter Seider told Personal Finance that Nedbank only sends OTPs via SMS because it believes that cellphones are less prone to compromise than e-mail.

Comments