Are you really YOU online?
Cifas have published Fraudscape, their annual survey of 277,000 fraud cases from 245 members spanning a range of UK sectors. With cyber security issues topping the chart of risks for business in 2014/15, ID fraud is becoming the largest emerging threat as cyber criminals turn their attention to using other people’s identifies or creating new false identities, as increased vigilance by business and consumers has begun a decline in accounts being hacked or taken over. It is estimated that there are 758 frauds occurring every day at a rate of 31 per hour in the UK (Cifas members alone) and the Department of Health estimates there were an eye watering 30 million cases of prescription fraud in 2014.
The survey findings report:
• 41% of all frauds recorded in 2014 involved criminal abuse of personal data or ID details to impersonate someone or create fictitious ID to steal money.
• 113,839 cases of ID fraud were recorded in 2014, up by 5% on 2013.
• Average victim’s age was 46
• Men are twice as likely as women to have their ID stolen.
• Emerging trend for young adults (21-30) being targeted (up 51% since 2011 to 14,850), reflecting this group’s increased use of financial products.
• The 55+ age group has witnessed a 15% rise in ID fraud victims from 2013 reaching 25,346 in 2014.
Read the full survey at: https://www.cifas.org.uk/fraudscape_latest
Cifas CEO Simon Dukes described ID fraud as being on an industrial scale, “The frauds we are recording point to increasingly sophisticated, predatory and organised criminals”. Cifas acknowledge that the stats may be the tip of the iceberg as this is only what has been reported by their members and is on public record.
The true extent is expected to be far greater, as the UK stats which create the starting point for data gathering, are understandably challenging and much goes unreported. The Department for Business, Innovation and Skills figures records the following baselines:
• There were 5.2 million private sector businesses in the UK at the start of 2014.
• 180,000 charities (England and Wales)
• 560 central government bodies
• 400 local authorities
• 150 NHS Trusts
Then there are the individuals who have suffered fraud. Collating reports therefore from across 5.4 million organisations and identifying how many out of 60 million people have suffered fraud requires some degree of estimation (and the figures do not include SMEs in the private sector which according to the Federation for Small Businesses accounts for over 99% of all private sector business in the UK and almost 50% of private sector employment).
But the warning bells are there for us all. The last recorded stats from the now disbanded National Fraud Authority (NFA) put the cost of fraud to the UK economy at £15.5 billion in 2013. The Cifas fraud cases route to the City of London Police. But few of Cifas’ members know the point at which an ID has been compromised which would help target prevention efforts.
WHAT TO DO? Any organisation which has not taken steps to increase resilience by improving its firewalls, beefing up id authentication, encyption and having sound antivirus and malware software in place could be placing it and its customers at unnecessary risk. Reporting ID fraud and data breaches as standard has the potential to strengthen national security learning if government and industry can work closer together. Added to this, education and awareness training amongst employees and consumers is a must as we find ourselves in an ever more cynical world surrounded by criminal intent.
Threat to Safe Harbour Agreement in Euro court
Europe’s highest court, the European Court of Justice’s (ECJ) will shortly be reviewing how European’s data is shared with US companies in a landmark case which questions the effectiveness of the US Safe Harbour Agreement.
Brought by activist Max Schrems off the back of Edward Snowden’s whistleblowing, the lawyer’s complaint is that companies such as Facebook (by being complicit in Prism, an NSA surveillance system), are ignoring privacy practices and that the Safe Harbour Agreement should be scrapped in favour of local regulators acting to protect European’s data.
The Safe Harbour agreement (in place since 2000), allows US firms to collect data on their European users and store them in US data centres as long as certain principles around storage and security are upheld (eg. Giving notice to users and advising them on how the data can be accessed and by whom).
UK data regulator Ofcom are reported to have said at the hearing that scrapping Safe Harbour would “risk disrupting trade that carries significant benefit for the EU and its citizens”.
If upheld, the decision would have severe repercussions for any US firm dealing with Europeans’ data, including giants such as Twitter, Google, Microsoft and Yahoo. Twitter commented they would be forced to build datacentres in Europe to hold separated info. Facebook has not responded formally, although the BBC has quoted that the social media behemoth would welcome an update of the Safe Harbour rules post Snowden.
For UK organisations where the issue of sovereignty is important, let alone the level of data protection required, the issue is likely to drive them to seek to preserve and protect their customers data by having it only reside in various UK datacentres to avoid the risk of losing control of the data at any time and having to deal with local regulators and data laws.
Microsoft’s future career as a carrier
Microsoft has been delivering text, voice and video services for many years to both consumers and businesses across phones, tablets and PCs. Their current offerings are Skype and Lync, with the latter soon to be rebranded Skype for Business. Currently over 100 million people now use Lync to communicate at work. This week Microsoft announced that Skype for Business would include an enterprise-grade PSTN connection to Office 365 Skype for Business.
Microsoft’s strategic partners (including AT&T, BT, Colt, Equinix, Level 3 Communications, Orange Business Services, TAT Communications, Telstra, Verizon and Vodafone) will be working together with Microsoft to deliver secure and direct connections to Office 365 Skype for Business customers through Azure ExpressRoute for Office 365. Azure ExpressRoute leverages partners’ networks to provide a private, dedicated and high bandwidth connection that bypasses the internet – essentially making Office 365 an extension of your on-premise environment whether you’re on site or not.
Skype for Business can handle all an organisations’ communications and with Azure ExpressRoute and their partners providing a direct connection rivalling traditional communication companies, Microsoft is essentially placing themselves into the carrier business.
This will offer businesses a one-stop-shop for a secure communication package, which is where Microsoft is aiming this offering – for now. In principle this technology could be used on a commercial device. The user, instead of buying a phone, minutes and texts from a high-street carrier, could order a Windows 10 phone with a subscription to Office 365 that includes minutes and texts through Skype direct from Microsoft.
Whether Microsoft does or doesn’t tie these devices and services together in such an offering, its potential does highlight the importance of Microsoft’s strategic partnerships which benefits all – not just Microsoft going forward.
When browsing the internet – or even securing your own website, you will likely only worry about a few TLDs (top level domains), with the most common being .com, .net and .org. In recent years there has been an explosion of new TLDs with the number now available rising to over 650.
One of the most recent TLD’s ”.sucks” has been stirring up trouble. It’s easy to see how this new domain could be a serious nuisance as all it takes is for someone to take your company’s name and register the new “.sucks” domain and they have the perfect, virtual home in an ideal location to poke mischief and maliciousness at your brand, with the potential of you losing big business.
The initial answer for most will be simple; to buy the domain before anyone else can and cause trouble, but this is where it gets ugly. The group who purchased the rights to sell “.sucks” called Momentous is charging astronomical fees of $2,500 for ”.sucks” domains. To major organisation, this could be small change and amount to no more than regular IT admin housekeeping, however for SMEs or professional individuals, the cost is extortionate – and every business will need to calculate the risk of a 3rd party taking over this domain and the potential cost of damages to its brand in doing so.
ICANN, the international body that supervisors all things internet, including the creation and approval of new TLDs clearly decided that “.sucks” was fit for purpose. Whether ICANN is fit for purpose itself in thinking that such a domain name could be positive in any way for business is risible.
Organisations are now left with a wholly unnecessary headache and unwanted financial outlay if they are to insure against potential negative outcomes. Hopefully a sharp backlash from disapproving businesses will make ICANN recognise their folly – and in future only permit the release of sensible domain names that add value to the internet.