TORONTO (djc Features) – It was an irresistible offer. John Batdorf thought buying a pair of rare vintage guitars in an eBay auction was the “deal of a lifetime.” Last October, Batdorf sent a $9,100 (US) cheque to the merchant — but he alleges the acoustic guitars never arrived and he hasn’t heard from the seller again.
“I was so gullible and naïve, but I’ve learned a very expensive lesson,” says the Los Angeles music composer, admitting he didn’t double-check the address of the individual who claimed to have the guitars. He says it turned out that the person he sent the payment to didn’t have the same address as the registered merchant. The alleged crook had illegally taken the real seller’s identity.
With the holiday season approaching, the security of online shopping becomes a major concern for consumers who don’t want to end up a fraud victim like Batdorf. There is good reason to be wary about shopping on the Web: The rate of Internet fraud in 2002 reportedly doubled over the year before. Meanwhile, online sales by Visa cardholders in Canada surged to $772 million (with 6.4 million transactions) from the 2002 holiday season, 103 per cent more than from Oct. 1 to Dec. 31, 2001, according to Visa Canada. This dramatic growth in e-commerce activity, especially during the peak holidays, suggests how cyber-swindlers now have a larger pool of potential victims to prey on.
Rob Dowler, assistant deputy minister of the Toronto-based Ministry of Consumer and Business Services (MCBS), says the number of online shopping-related complaints to the MCBS increased from zero a few years ago to as many as 400 complaints recently. The complaints range from billing disputes to serious fraud allegations. “The incidence of complaints are rising as more people go to the Internet for convenience,” Dowler says.
Some police authorities also say they get a significant number of complaints from consumers who believe they have become victims. “The biggest problem we hear about is online shopping. This is a new type of crime now,” says Detective Garry Hickey from the Toronto police’s fraud squad unit.
Hickey says the fraud squad deals mostly with complaints about shady merchants on eBay. “It seems the buyers send money and are not getting the product,” he says. Fraud in online auctions is a growing problem because you are dealing with individuals rather than reputable companies.
Authorities say another way an online shopper can be a victimized is through identity theft, a burgeoning problem on the Internet. An example of identity theft, or stealing someone’s private data to assume that person’s identity, is when the miscreants (also called dot-cons) use a process called cross-site scripting. This occurs when they plant a piece of Java code into their victims’ Internet browsers, often by sending an e-mail to entice the unsuspecting person to click on a link to an online bank or shopping site. The undetected code then catches the victim’s authentication information, such as a password, and forwards this to the criminal. Other dot-cons opt to ensnare victims with a phony website to collect payments or personal information.
Then there is credit card theft, which commonly occurs when a hacker gains access to an e-commerce site’s server, enabling him to view the database containing the usually unencrypted customer information. Merchants can be victimized themselves with “e-shoplifting,” which can happen when hackers enter a site and drastically reduce the prices of products they want to buy.
There may be more complaints about crimes against online shoppers and even merchants, but experts say the number of victims is low compared to the total population of Internet consumers. Even Batdorf acknowledges that before he was scammed, he didn’t have any problems buying products online through eBay and retail sites like Amazon. As industry analyst Rick Broadhead says, “It’s a risk, but it’s a very small percentage of online sales that succumb to fraud.”
The low rate of fraud isn’t the only reason why people can breathe easier when making purchases online, Broadhead says. Unlike the late 1990s, when emerging Internet vendors had no security standards, Broadhead says online retailers are now putting their customers’ security as a top priority, with vastly improved technology to make online shopping safer. He believes current security measures and technology are “very effective,” particularly with the improved safety of credit card transactions. “It’s safer for people to do Internet transactions than ever before,” says Rick Nugent, CEO of InternetSecure Inc., which provides a secure online credit card processing system for merchants.
Among the technology used to provide online customer security is encryption, which scrambles sensitive information sent on the Internet so that only the authorized people can view the decoded data.
Broadhead is especially impressed with “Verified by Visa,” introduced in the United States in 2001 and rolled out this year in Canada, which uses sophisticated encryption technology requiring a special password in addition to the client’s credit card number and expiry date in an online transaction. Another example is MasterCard’s “SecureCode,” a similar payment system designed to authenticate the identity of the cardholder. As for the auction sites’ fraud problem, eBay spokesperson Kevin Pursglove asserts that eBay has taken more steps in trying to thwart fraud. For instance, he says eBay has developed tools that monitor the site and provide security during user registration. Some online retailers like Amazon have their own systems requiring user names and passwords. Merchants also use an address verification service that checks the submitted address against the registered card address, though this technology is only sluggishly gaining interest.
But even sophisticated fraud-prevention technology can’t hinder all cyber-crooks, who may have a better chance of eluding police in the unregulated realm of the Internet. Among the barriers in prosecuting dot-cons include the difficulty of finding sufficient evidence and witnesses since online shoppers don’t deal with the merchant in person, as opposed to in a store where others are present. What’s more, the Internet purchase doesn’t involve signing actual documents, and it’s hard to prove who was operating a computer involved in the crime since computers can be hijacked without the owner’s knowledge.
Authorities admit their ability to prosecute online criminals is further complicated when suspects are from another country. Those who are caught can be given anything from fines to jail sentences. “Because the Internet can reach across the world … it’s like buying something in the dark,” Detective Hickey says. “Prosecutions do take place, but it takes time because it’s difficult to pinpoint who is behind the scams,” adds Sergeant Keith Allen of the RCMP’s Economic Crime Branch.
For the victims, this means their troubles aren’t over even after the crime. Batdorf and many others feel the authorities, including eBay, don’t do enough to help them when they file complaints about being bilked. Batdorf says he not only contacted eBay, but also the Indiana police and the FBI with no luck in getting them to act quickly. ”I don’t think Internet fraud cases are taken seriously by the authorities,” adds Glen Gaffney from Sudbury, Ont., who was himself a repeated victim of online shopping fraud, including an incident in which the hacker stole his credit card information to rack up a $1,400 purchase.
Police authorities and companies say the onus should also be on consumers to take the necessary precautions. “I think some people don’t take the advice and just get carried away with a good deal,” Detective Hickey says. “A lot of people are taking too many chances when buying things online.”
TIPS FOR ONLINE SHOPPERS:
- Deal with known, reputable online retailers or merchants.
- Research the people you are doing business with.
- Verify the name, address and phone numbers of any Internet vendors you deal with.
- Avoid sending money to a mail drop, or a P.O. Box address. (Experts say it’s safer to use a credit card.)
- Use an anti-virus program on your computer to check for Trojan Horse soft ware, which can expose private data.
- Update your browser with new security upgrades or patches, and make sure that it at least supports 128-bit encryption.
- Shop at sites that have strong encryption (128 bits versus the standard 40 bits), or check for a policy that indicates use of strong security technology such as SSL.
- Before entering any personal information, make sure a closed lock icon appears on the bottom of the browser and check to see that the website address has been changed to HTTPS (instead of HTTP).
- Shop at sites with “Seal of Approval” icons from certification authorities.
- Avoid choosing the “Remember Password and Username” option in some sites and browsers.
- After shopping, delete all information stored in “Temporary Internet Files” and “History” folders, and clear the browser’s cache to eliminate transaction records.
(Victims of Internet fraud or related crimes should contact their local police, OPP PhoneBusters at 1-888-495-8501 or info@phonebusters.com, or the Competition Bureau of Industry Canada at 1-800-348-5358 or compbureau@ic.gc.ca).
