Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Popular Australian e-commerce fraud suburbs revealed

Ben Grubb (SMH) | May 4, 2011
New data collated from about 2 million Australian credit and debit cards reveals the popular suburbs in which e-commerce fraud has been attempted, using internet-connected computers.

E-commerce fraud is occuring in some of the oddest places in Australia.

E-commerce fraud is occuring in some of the oddest places in Australia. Photo: Karl Hilzinger

New data collated from about 2 million Australian credit and debit cards reveals the popular suburbs in which e-commerce fraud has been attempted, using internet-connected computers.

E-commerce fraud involves a criminal using a stolen credit or debit card to buy goods online. The computers in the suburbs listed are either being used by an actual fraudster sitting at the terminal or remote fraudsters who have infected machines within that suburb.

The data, released by security company RSA to Fairfax, publisher of this website, showed Queensland was the hot spot for e-commerce fraud in Australia during the January to March reporting period, which used data collected from about 2 million Visa and MasterCard credit and debit cards.

Victoria, New South Wales and Western Australia were the second, third and fourth most popular states after Queensland, RSA data showed. Both MasterCard and Visa were RSA clients, RSA spokesman Mason Hooper said.

In NSW the suburb of Fairfield accounted for 6.9 per cent of the state's e-commerce fraud. Gosford (5.4 per cent), Hurstville (2.1 per cent), North Ryde (2 per cent), Hay (1.5 per cent), Sydney (1.1 per cent) and Mascot (1 per cent) were also among the top-ranked NSW suburbs in which e-commerce fraud was committed.

The Victorian suburb of Sunshine accounted for 3.1 per cent of the state's e-commerce fraud, Melbourne (1.1 per cent), Sunbury (0.7 per cent), Burwood East (0.3 per cent) and Burwood (0.2 per cent).

In Queensland the suburb of Sandgate accounted for 2.6 per cent of the state's e-commerce fraud followed by Brisbane (1.6 per cent), the Sunshine Coast (0.8 per cent) and Ipswich (0.6 per cent).

Popular goods attempted to be purchased using stolen credit or debit card details often included iPhones, iPads, laptops and other computer hardware, as well as plane tickets, Mr Hooper said, adding: "We see a lot of fraud in the air travel space."

A person's credit or debit card information was usually stolen by a fraudster "phishing" for it or a victim unknowingly installing what is known as a "Trojan" virus on their computer.

Phishing can occur when a fraudster sends a victim an email that appears to look as though it's come from a bank. It usually asks the victim to "verify" their details by clicking on a link and entering their credit or debit card details. Banks will never ask customers to supply these details online.

If the details are filled out and submitted, the victim essentially hands over their details to the fraudster instead of to their bank, allowing the fraudster to perform what is known as a card-not-present transaction to buy goods using the internet with the card information they have obtained.

A Trojan on the other hand, such as Zeus or SpyEye, can be used by hackers to steal information from a compromised computer. It usually takes advantage of security flaws in web browsers when a victim visits a compromised website that is used to install the Trojan.

Trojan-infected computers are also used by fraudsters to render a credit or debit card transaction anonymous, which is why many of the top-ranked suburbs were not necessarily crime hot spots, but where victims of Trojan-infected computers lived, Mr Hooper said.

Tapping into a Trojan-infected computer allows a fraudster to become untraceable, using the victim's IP address - the unique sequence of numbers assigned to each computer, website or other internet-connected device - instead of their own.

"So we find out via IP address location [of suburbs]," Mr Hooper said. "Which ... means that it could be the actual fraudster sitting at the end of that IP address or it could be someone proxying though an infected machine. And there's no real way to break that down."

Mr Hooper said there was "definitely a correlation between high-crime areas and online fraud". He said he expected that "a lot" of the 6.9 per cent of e-commerce fraud being committed at Fairfield during the reporting period was "genuine" and not fraudsters using victims' computers in that suburb "because there's a lot of ... crime out in [Sydney's western suburbs] ... so it's not surprising to see genuine fraud attempts out in those areas".

He also said Mascot, which is near Sydney Airport, would be where "you'd get a lot of fraud attempts on public machines", especially on internet cafe computers at the airport.

"If you're a fraudster then you don't want to be caught, so it's better if you're going to commit fraud ... to do it from public Wi-Fi or from a public machine," Mr Hooper explained.

"So at airports it's not surprising to see a lot in those sorts of areas and in universities where they've largely got free and open access to the internet."

In the case of universities being a hot spot for e-commerce crime, Mr Hooper pointed to North Ryde, where 2 per cent of NSW's e-commerce fraud had been committed and where Macquarie University is situated.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.

Building a better WAN: Detmold takes a leap of faith

Don’t overlook the hidden treasure in your middle and back-office

Project management: 5 tips for managing your project budget

How to create a company culture that can weather failure

GCIO Forum 2017: Public-private partnerships key enabler of digital governments

The 3-step game plan to secure your journey to the cloud

Equinix to open its 5th IBX data centre in Hong Kong in fourth quarter of 2017

Building a better WAN: Detmold takes a leap of faith

Dell EMC addresses increasing demand for hyper-converged infrastructure in Singapore

Eaton opens office in Singapore

Malaysian university UTP marks 20th anniversary with new stride into cloud transformation

33 Malaysian websites hacked following SEA Games error: Experts reaffirm security musts for Sysadmins

This is how we'll help 5G transform Malaysia’s communications landscape and smart cities, says new partnership

Malaysia's Mesiniaga enterprise cloud mandated by PCI DSS certification

Digital Malaysia: Penang teacher centre transforms into Digital Maker hub