ELECTRONIC
COMMERCE FRAUD, COMPUTER, INTERNET AND VIRUS REFERENCES
A few web sites of interest to Procurement Professionals that I
have used or referenced in my presentations.
The only thing growing
faster than electronic commerce is electronic fraud.
Here are some references and ideas to help you be prepared.
index:
B2B E-Commerce Computer Fraud & Scams(How to find out & who to
report to) Computer Virus Computers & Internet Security
& PrivacyArticles Purchasing
References (new page) EC References (new page) Mailing
Lists
|
ID Theft Resources |
|
|
|
|
|
||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
|
||||||||
|
Purchasing
Cards and E-Commerce |
|
Some thoughts on using Purchasing Cards for Internet Ordering. Many people have been hesitant to allow use of company Purchasing cards for Internet ordering. The Internet tales of credit card theft, fraud and loss are not all wrong . There have been and still are problems with using credit cards on the Internet. However, also consider that there are also many problems using credit cards in person and on the telephone. Do the benefits of using credit cards outweigh the risks? Obviously! We continue to use our credit cards a lot. Internet ordering is becoming a big business and there are many advantages to allowing a user to make the purchase while they are already on the Internet locating the source. Does that mean we can jump in and start using credit cards for Internet ordering without a worry? NO! Companies should have a healthy concern for Internet security and privacy risks. While caution is needed, I think there are ways to mitigate the risks and take advantage of this important tool. We can take steps to evaluate the issues, address concerns and train users. At a minimum we should provide information and training to employees before letting them use credit cards on the Internet. The worst mistake we can make is to assume that everyone will use common sense or read the fine print. Here are a few topics for your training programs: Security: The biggest issue with credit cards on the Internet is not that someone will overhear you say your card number, but that someone will "overhear" your card number electronically. When you send a message via the Internet, many computer servers between you and the supplier touch and store the message. Strings of numbers that look like credit card numbers can be intercepted, downloaded and posted in newsgroups for everyone to use. The big risk is not just an interception of your card number, but of many hundreds or thousands of numbers from an Internet server or vendor's computer. Is this a real threat? Just ask one of the bigger Internet Service Providers (Netcom), who several years ago lost thousands of card numbers to a hacker. [Read a great book about Internet hacking: Take Down, the True Story of the Capture of Kevin Mitnick, ] On the other hand, stop and think for a moment about what happens to your credit card information when placing a phone order. The highly-paid(?) telephone sales clerk enters your card number into a computer which may transmit it electronically to several locations for processing and storage. Once that company has your card number the risks are about the same between using the phone and using the Internet. The real trick is to avoid a problem between your computer and the sales company. You can mitigate this risk by only sending your credit card number when communicating with a "Secured" web site. Web sites can be configured to transmit and receive encrypted information using a Secured Socket Layer (SSL). SSL makes it much harder for anyone to intercept and decode information. If you are using a recent version of Netscape or Internet Explorer, your software will show you when the link is "secured" by displaying a message and an icon of an unbroken key or locked padlock. When the key or padlock is closed, the link is reasonably secure. When transmitting a credit card number using an SSL protected web site, the message is encoded so a criminal will have a much harder time stealing the number. Privacy In addition to credit card numbers, hackers and scam artists can use information about individuals and companies in many ways to cause problems and cost us money. Information collected about buyers by web sites is a valuable commodity that is often sold to the highest bidder. Junk email , free offers, un-ordered shipments, and telemarketing calls are some of the results of information leakage. Remember the old telephone scam that went something like this; "... your president Mr. X ordered a case of our super duper light bulbs and asked that I call you for the PO number...." In more fraudulent cases, scam artists use their knowledge of company officials and ordering processes by attempting to collect for shipments that were never sent, sell cases of poor quality merchandise at inflated prices, leverage lower level employees into thinking that manager whatshisname had agreed to the request and worse. Tell someone your bank account and social security numbers and they can order credit cards in your name or apply for loans and leave you stuck with the bills. Whenever a web site asks for information about us, our company or our processes, we should ask several questions: 1) Why do they need the information? 2) What else could it be used for? 3) Do I trust this company to not disclose or sell the information? 4) Is the information business sensitive? Before placing an order, signing up for a free drawing or responding to a survey, we should stop and think. Much of a buyer's "instinct" about what not to say has been learned the hard way during many years of hard knocks in the buying profession. First time "buyers" (credit card holders) on the Internet may not realize what they could be getting into. We can mitigate this risk by making sure users deal with reputable and established companies. That the vendor web site has a clear and, complete privacy policy. (example: We don't distribute information about our customers to anyone.) Purchasing people should also share their experience and knowledge about possible scams and frauds with all employees who will be involved with Internet ordering. Credibility People who are not familiar with how the Internet works can easily assume that only large companies will have large and fancy web sites. NOT TRUE! In this medium, you can't judge the size and reputability of a company just by the appearance. It's not like comparing a store-front shop to a high-rise office building. Appearance means nothing. Twelve year old kids have large and fancy web sites. One-person sweatshops with many impressive pages of pictures and catalogs exist all-over the Internet. Hackers can borrow a company logo from a legitimate web site and create a look-alike Internet location that is nearly impossible to detect. In addition, web sites can exist anywhere in the world and look just the same as if they are next door. How can we protect ourselves and make sure we are using a credible and reliable company? Check references. Notice details like lack of a street address or contact person on the web page [Maybe they don't want to be contacted or have a shipment returned]. Look for words or phrases that are out of place [ "Our circuit breakers are really gnarly"] Cross reference the company to other known sources of information like the Thomas Register or Dun and Bradstreet. People should also be reminded to review warranty and return policies. If the vendor doesn't clearly post it on the web site, then it may not exist. Liability Liability for loss and fraud in one of the other issues that we should address in training users. What should they do when a card is lost or they suspect there is a problem. Give them clear direction, guidance and reporting requirements. Even if they only suspect there is a problem, timely action should be taken to investigate and protect your company's rights. What should they do if a strange charge shows up on the reconciliation report? What problems have other people had that should be shared with all users? Speaking of protecting your company's rights; when the credit card agreement is first negotiated, we as buyers should make sure that liability for fraud or misuse is clearly addressed as part of the contract. Other issues to consider discussing with the credit card issuer include security of the files, records, help in investigating fraudulent vendors and assistance in training users. |
|
Scambuster |
|
One of the big growth areas of Internet Commerce is Internet fraud. As more money is spent online, it attracts scam artists. Just as in the "paper" world, Internet fraud can take many forms. Pyramid schemes, bait-and-switch marketing, credit card fraud, shoddy merchandise, phony companies and more. Each fraud is made just a little easier because people are impressed by the bells and whistles of the multimedia Internet and forget the basics. On the Internet, a company, which doesn't exist, can look legitimate, appear impressive and attract a lot of attention. Many twelve-year old kids can create web sites with logos, pictures and cute graphics that look every bit as good as those created by million-dollar corporations. Don't believe me? Try this: www.fortunecity.com/millenium/rollingacres/399/index.html As purchasing people know, the best way to protect yourself against a scam artist is by making sure that you are always dealing with an established and reputable company. Fortunately, the Internet makes the job of checking a company's credentials a lot easier. Unfortunately, the Internet also makes it much more important. Here are a few ways to use the Internet to check on the authenticity of vendors.
All of these are ways to validate the identity of your new supplier and protect yourself against scam artists, but be careful. No search is foolproof. As we learned in purchasing 101; Caveat Emptor. Here's a different way to say it: “A century ago,
P.T. Barnum said a sucker is born every minute. |
Mailing Lists |
|
|
|
Mike maintains a few mailing lists for purchasing and supply management professionals. They are free and anyone can signup. Just follow this link to sign up. |
| BUYTRAIN For newsletter editors and purchasing instructors, (and anyone else) Purchasing news, articles and information for purchasing and supply management professionals. Articles and ideas that can be shared in association newsletters. Visit the BuyTrain Archive | |
| CLICKNOTES For web authors (and anyone else). Used to share cool web sites, interesting web site tricks, notes and comments that are of interest to amateurs who are designing and running web sites for organizations. Visit the ClickNotes Archive | |
|
