Sunday, June 20, 2010

Do you know about "Fraudlabs Fraud detection Web Service"?


The FraudLabs Credit Card Fraud Detection Web Service is a hosted, programmable XML Web Service that allows instant detection of fraudulent online credit card order transactions. The FraudLabs Credit Card Fraud Detection Web Service helps the Internet merchant to avoid loss of revenue, waste of productivity, and increase of operation costs in chargebacks and higher reserved funds as a result of online frauds.

Simply provide FraudLabs several non-intrusive online transaction data such as IP address, email address domain name, delivery address, credit card bank identification number (BIN), area code and ZIP code. FraudLabs Web Service analyzes and scores the transaction information using proprietary FraudLabs algorithm based on known risk factors derived from online fraud patterns. Merchants can automate business decision instantly based on the FraudLabs XML results that are cross-referenced against multiple proprietary databases in real-time.

A fraud validation score is directly proportional to the risk of the input values. The higher the scores, the higher the risk of a transaction.
Benefits

Prevents loss of revenue due to delivery of goods to fraudsters.
Prevents waste of productivity to review all online orders manually.
Prevents increase of operation costs as a result of online frauds chargeback and higher reserved funds.
Integrates via an XML-based Web services interface to any product or platform.
Contains sample code examples for ease of integration.
Provides multiple subscription levels at different prices based on your business needs.

Red Flags Compliant


If you are a business or company that pulls a credit report and/or offers credit or payment plans to consumers you need to become aware of your Red Flags Compliant responsibilities.

What are some of the types of companies that must be Red Flags Compliant?
Retail Stores Carrying Credit
Banks & Credit Unions
Auto Dealers
Equities Brokerage
Telecommunications
Debt Collectors
Credit/Debit Card Issuers
Mortgage Lenders
Check Cashers
Utility Companies
Hospitals
Health Care Companies
Insurance
Foreign Bank Branches
Businesses that do not comply with 2008 FACT Act "Red Flag Regulations" may be subject to fines and civil law suits for breaches of confidential information.

Saturday, June 5, 2010

What's The Department Of Justice Doing About Identity Theft And Fraud?


The Department of Justice prosecutes cases of identity theft and fraud under a variety of federal statutes.In the fall of 1998, for example, Congress passed the Identity Theft and Assumption Deterrence Act . This legislation created a new offense of identity theft, which prohibits knowingly transfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
This offense, in most circumstances, carries a maximum term of 15 years' imprisonment, a fine, and criminal forfeiture of any personal property used or intended to be used to commit the offense.
Schemes to commit identity theft or fraud may also involve violations of other statutes such as identification fraud ,credit card fraud , computer fraud, mail fraud ,wire fraud ,or financial institution fraud.
Each of these federal offenses are felonies that carry substantial penalties in some cases, as high as 30 years' imprisonment, fines, and criminal forfeiture.

Tuesday, June 1, 2010

The Most Common Ways To Commit Identity Theft



As I mentioned in my previous posts ,many people do not realize how easily criminals can obtain our personal data without having to break into our homes. As my lecturer ,Dr. Bahama once told in class ,In public places, for example, criminals may engage in "shoulder surfing" watching you from a nearby location as you punch in your telephone calling card number or credit card number.
Even the area near your home or office may not be secure. Some criminals engage in "dumpster diving" going through your garbage cans to obtain copies of your checks, credit card or bank statements.These types of records make it easier for criminals to get control over accounts in your name and assume your identity.
Also, if your mail is delivered to a place where others have ready access to it, criminals may simply intercept and redirect your mail to another location.
With enough identifying information about an individual, a criminal can take over that individual's identity to conduct a wide range of crimes: for example, false applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent use of telephone calling cards, or obtaining other goods or privileges which the criminal might be denied if he were to use his real name. If the criminal takes steps to ensure that bills for the falsely obtained credit cards, or bank statements showing the unauthorized withdrawals, are sent to an address other than the victim's, the victim may not become aware of what is happing until the criminal has already inflicted substantial damage on the victim's assets, credit, and reputation.
so once again I aware you to be much more careful about your personal information.

Wednesday, May 26, 2010

How does cybercrime affect people?


I brought you here a short story to understand the situation better.
sara' story
Sara is a human resources professional who lives in a small town in malaysia. She has used a computer in her job for more than ten years. At work, her computer is maintained by her organization’s IT department, and she has never experienced any security problems with the computer in her workplace.
sara believes that she is at low risk of online fraud for the following reasons:
1-She never shops online because she doesn't want to risk exposing her credit card information
2-She uses her home computer only for personal email with friends and family
3-Occasionally she looks other things up on the Web, but not often.
sara's situation seems totally safe but Unfortunately it is not.
At work one day last summer, she heard about a new Internet Explorer browser vulnerability;She wanted to be sure her home computer was protected too, so when she got home she went online to get more information about the vulnerability, and determine if she was protected. Using a popular search engine, she found a Web site that offered not only information about the vulnerability, but the option to have a patch for the vulnerability downloaded automatically to her computer. Sandra read the information, but opted not to accept the download since she was taught to download information only from authorized sources. Then she went to the official Microsoft site to obtain the patch.
what went wrong?
Unfortunately, as sara was reading information about the vulnerability on the first site, the criminal who had created the Web site was taking advantage of the fact her computer actually had the vulnerability. In fact, as she was clicking "No" (to refuse the download that was being offered), unbeknownst to her the automatic installation of a small, but powerful, crimeware program was already taking place on her computer.
Simultaneously, the Web site’s owner was already receiving a notification that the keystroke logger had been secretly and successfully installed on Sara’s computer. The program was designed to covertly log everything she typed in from that moment on, and to send all of the information to the Web site owner as well. It functioned flawlessly, too - recording everything Sara typed- every Web site she visited, and every email she sent, passing the stolen text on to the cybercriminal.
Later that evening, Sandra finished up her monthly online banking. As she logged into her personal bank account, the keystroke logger recorded those keystrokes too, including confidential information: the name of her bank, her user ID, her password.
When Sara went to make a deposit the several weeks later and asked for her balance statement, she was shocked to find that her bank account was almost empty. Sara had been the victim of a cybercrime.

Tuesday, May 4, 2010

How Anonymous Are You?


You may think that you are anonymous as you browse web sites, but pieces of information about you are always left behind. You can reduce the amount of information revealed about you by visiting legitimate sites, checking privacy policies, and minimizing the amount of personal information you provide.

When you visit a web site, a certain amount of information is automatically sent to the site. This information may include the following:
1-IP address - Each computer on the internet is assigned a specific, unique IP (internet protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the internet—this is a dynamic IP address. You can determine your computer's IP address at any given time by visiting www.showmyip.com

2-domain name - The internet is divided into domains, and every user's account is associated with one of those domains. You can identify the domain by looking at the end of URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use. Many countries also have specific domain names. The list of active domain names is available from the Internet Assigned Numbers Authority (IANA).

3-software details - It may be possible for an organization to determine which browser, including the version, that you used to access its site. The organization may also be able to determine what operating system your computer is running.

page visits - Information about which pages you visited, how long you stayed on a
4-given page, and whether you came to the site from a search engine is often available to the organization operating the web site.
If a web site uses cookies, the organization may be able to collect even more information, such as your browsing patterns, which include other sites you've visited. If the site you're vising is malicious, files on your computer, as well as passwords stored in the temporary memory, may be at risk.
now the important question is this " How can you limit the amount of information collected about you?"
there are some way to limit the amount of information that you share. can you help me with that?
thank you
sanaz

Sunday, April 25, 2010

How do you know if your identity has been stolen?



Companies have different policies for notifying customers when they discover that someone has accessed a customer database. However, you should be aware of changes in your normal account activity. The following are examples of changes that could indicate that someone has accessed your information:

unusual or unexplainable charges on your bills
phone calls or bills for accounts, products, or services that you do not have
failure to receive regular bills or mail
new, strange accounts appearing on your credit report
unexpected denial of your credit card

now after knowing your identity has been stolen ,comes another important question

"What can you do if you think, or know, that your identity has been stolen? .
Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimize the amount of money you are liable for, but the implications can extend beyond your existing accounts.
dear my friend do you what should you do now? what actions you must have? please give me your ideas .
thank you
sanaz

Friday, April 23, 2010

How are victims of online identity theft chosen?

Identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. Thieves may target customers of certain companies for a variety of reasons; for example, a company database is easily accessible, the demographics of the customers are appealing, or there is a market for specific information. If your information is stored in a database that is compromised, you may become a victim of identity theft.

This is unfortunately happening almost every day.identity theft is not something new. there is no way to guarantee that you will not be a victim of online identity theft. However, there are ways to minimize your risk.
in my opinion one important way is being aware of your account activity.pay attention to what you post on websites the same as your statements.do not let every one to have an access to your personal information ,even your picture! to be sure ,you are secured also check your credit report yearly. get the report from main credit reporting companies .
the other way to protect yourself as I see it ,is to Use and maintain anti-virus software and a firewall.to be secured from viruses and Trojan horses you need an up-to -date anti-virus because those trojans can easily steal data on your own computer.
there must be some other ways to not be victims of online identity theft , do you know them ? please help me with that.

Thursday, April 22, 2010

what is cyber theft ?


Computer crime or cybercrime refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of the crime (Moore 2000). Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child porn, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.
On the global level, both governments and non-state actors continue to grow in importance, with the ability to engage in such activities as espionage, financial theft, and other cross-border crimes sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions, with the International Criminal Court among the few addressing this threat.

cyber thefts nowadays are becoming a big concern .computer viruses are designed to steal the personal information such as bank account numbers, credit cards data.worms and Trojan horses are attaching many computer programs.social networking sites, like Facebook, are among the most commonly targeted because of their huge communities of users .
In my opinion ,these uncertanties and unsecured sites makes people reluctant of using internet and computers as a means of purchasing goods and services.
Experts say Internet users can keep safe by being circumspect about sharing personal information, and making sure their computers have up-to-date anti-virus programs. but can it be really like that? as I see that, even using up-to-date anti-virus programs don't makes us secured . I myself had face a lot of problems even though I use anti-viruses.
What is your opinion?

Monday, April 19, 2010

Tips Preventing Cyber Theft


There are many ways to prevent oneself to be the next victim of cyber theft.

Apart from equipping yourself with relevant legal knowledge, on the technical aspect, you should have the below basic programming knowledge (I got this from an email forwarded by my friend):

The main difference between http:// and https:// is i t’s all about keeping you secure .
HTTP stands for HyperText Transport Protocol, which is just a fancy way of saying it’s a protocol
(a language, in a manner of speaking) for information to be passed back and forth between web servers and clients.

The important thing is the letter S which makes the difference between HTTP and HTTPS.

The S (big surprise) stands for “Secure“.

If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.

This means that the website is talking to your browser using the regular ‘unsecure’ language.

In other words, it is possible for someone to “eavesdrop” on your computer’s conversation with the website.


If you fill out a form on the website, someone might see the information you send to that site.

This is why you never ever ever enter your credit card number in an http website!

But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.

You understand why this is so important, right?

If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://.

If it doesn’t, there’s no way you’re going to enter sensitive information like a credit card number!

second Famous Hacker of All Time-Adrian Lamo


Adrian Lamo: Lamo's claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's, coffee shops and libraries to do his intrusions. In a profile article, "He Hacks by Day, Squats by Night," Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
When he broke into The New York Times' intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.

CYBERLAW


WHAT DO WE MEAN BY CYBERLAW ?
Cyberlaw is a term that encapsulates the legal issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies. It is less a distinct field of law in the way that property or contract are, as it is a domain covering many areas of law and regulation. Some leading topics include intellectual property, privacy, freedom of expression, and jurisdiction.
Cyber Law is the law governing computers and the Internet.

In today's highly digitalized world, almost everyone is affected by cyber law. Let us take a few examples:

1-Almost all transactions in shares are in demat form.

2-Almost all companies extensively depend upon their computer networks and keep their valuable data in electronic form.

3-Government forms including income tax returns, company law forms etc are now filled in electronic form.

4-Consumers are increasingly using credit cards for shopping.

5-Most people are using email, cell phones and SMS messages for communication.

6-Even in "non-cyber crime" cases, important evidence is found in computers / cell phones e.g. in cases of divorce, murder, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit currency etc.

7-Cyber crime cases such as online banking frauds, online share trading fraud, source code theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of service, hacking, pornography etc are becoming common. Digital signatures and e-contracts are fast replacing conventional methods of transacting business.