Cyber Crimes are on an increase with corresponding expansion of Internet, the fastest growing phenomena in the world. Being a global village, today absence of strong legislation and punitive action encourages the cyber criminals globally, resulting in bad reputation on international level.
Security is like making efforts to plugging a dam. Once one hole is fixed, it is often difficult to know where the next leak will appear.
With the exponential growth in computer related crime, effective information security measures are of the prime importance to every enterprise.
Computer crime encompasses a range of activities that may be split into three categories: crimes against machines, such as hacking, traditional crimes such as fraud, and conventional crimes in which a computer is used incidentally, as in the production of counterfeits.
The trend now is towards crimes via computer in online shopping fraud, identity fraud and other ways of gaining financial advantage.
Fraudulent e-commerce transactions tend to be centred on certain countries. A recent survey showed that 09 percent of fraudulent transactions were from Pakistan. Three percent of purchases from Yugoslavia and 10 percent from Romania were fraudulent compared with 1.7 percent from the USA.
Ammar Jaffri, Project Director National Response Centre for Cyber Crime (NR3c), Federal Investigation Agency (FIA) has defined the current trends of Cyber Crimes in the country, which include, DOS and DDOS attacks, phishing a real threat, threatening e-mails, defacement of web-sites, hacking attempts on commercial databases and carding business etc.
Banking industry is still a favourite target, as success has high rewards but chances of being caught are limited due to absence of exact electronic crime laws. Financial institutions being the prime targets of Cyber criminals, worstly affecting the technological progress in the area of e -commerce which in turn slow down the economic progress of a country.
The (NR3c) was established in April 2002 within FIA under Ministry of Interior to establish working co-ordination between different government organisations including law enforcement agencies.
NR3C was setup with the objectives to serve as 'Reporting Centre' for all types of cyber crimes in the country, maintain type wise log, liaison with all national and international organisations to handle the issue of cross border jurisdiction for efficiently handling the cases against the Cyber Criminals, provide necessary technical support, carry out regular R&D activities and providing timely information to critical infrastructure owners and government departments about threats, actual attacks and recovery techniques.
NR3C - (www.nr3c.gov.pk) also provides law enforcement and other Federal and Local government employees training in issues pertaining to Cyber Crimes. Presently, it is offering courses in Cyber Security Foundation, Cyber Security Working, Cyber Security Advance and Cyber Security for Executives/Legislative issues in Cyber Security.
NR3C has its special focus on banking industry, but still the e-banking and e-commerce frauds go on because of the non-existence of legislation for e-banking, EFT, customer and database protection.
There are no provisions in PPC and CrPC pertaining to cyber crimes, nor there has been any conviction by the court of law to any cyber criminal.
The objectives of the Cyber Crime Laws should be to deter actions directed against confidentiality, integrity, availability of computer systems networks, computer data misuse of such systems, networks and data.
These criminal offences may be combated by facilitating detection, investigation, search and seizure and prosecution of such criminal offences.
The most common financial crimes include credit card, debit card, ATM card frauds and switch account balancing. Today most of the banks authenticate their customers by User ID and password over a secured connection (SSL) between customer workstation and Bank's server. But! How secure is this transaction?
Chairman Financial Working Group AFACT, Arif Siddiqui in a presentation recently pointed out the reasons, why threats and risks against e-banking could not be controlled in the country. According to him:
-- Criminal justice system in Pakistan is not prepared to handle high-tech crime.
-- Shortage of trained investigators and analysts.
-- Too much data.
-- No case has been registered under ED ordinance 2002.
-- Other countries may have their own cyber laws.
- Issues relating to time (in case of DOS, if a site is not equipped at that time, nothing may be noticed at all).
-- The use of encryption is becoming common.
-- Most of the crimes were committed by students.
-- And the most important, it easy to commit and its fun.
Credit card generators had been widely used in past and are still being used. These are programs that generate false credit cards numbers that still pass through most checks. Credit card generators are especially good to use when ordering stuff online. These are easily available on various websites and can be downloaded even for free. A couple of largely used and effective generators are 'Credit Card Wizard v1.1' and 'Fraud3r', which even generates a phony address too.
Since prevention is better than cure, the organisations, especially banks, financial institutions and concerns offering online trade, as suggested by head of AFACT, should establish high-profile awareness program and be well aware of the risks. Risk starts once the connection to the Internet is established and the security planning must be initiated the very moment, corporate firewalls are largely recommended in this regard.
The organisations should educate their staff as well as customers, observe strict control before live implementations of the security programs, thoroughly review third party software and use multi-vendor security products.
In order to effectively deal with the threat, lowers forum should be established to help banks MITT and customers. Banks should introduce customers' awareness plan as part of product launch and establish key risk assessment process before launch of any product.
Standard guideline should be prepared for Internet banking, ATM switch and debit card switch while banks should conduct risk assessment on the basis of the guide line.
Standard security guideline should be prepared and implemented with proper control.
Comments
Comments are closed.