Wednesday, December 19, 2007

Gartner - Financial Impact of Phishing Scams

Your friendly Mpayy blogger has just returned from a quick jaunt to Cabo San Lucas, Mexico (highly recommended), and is back to spread the gospel of Electronic & Mobile Payments...

Gartner Reports on Financial Impact of Phishing

Avivah Litan published "Phishing Attacks Escalate, Morph and Cause Considerable Damage" at Gartner (subscription required) on December 13, 2007. Litan points out that the number of users who think they received emails attempting to extract users' personal information rose by 14% in 2007, and "118% in three years from a total of 57 million in 2004 to 124 million in 2007." Litan's numbers are based on a survey of 5,000 adults.

"The average dollar lost per incident declined to $886 from $1,244 lost on average in 2006 (with a median loss of $200 in 2007), perhaps because of more-widespread fraud detection systems. But because there were more victims, a whopping $3.2 billion was lost to phishing in 2007, according to surveyed consumers." This is on top of an increase to 3.3% of those attacked ended up losing money.

Spoofing & Mpayy

Litan's survey demonstrates that PayPal and eBay are the number 1 and 2 brands on which phishers rely to attempt to extract user data. Further, the data they are attempting to extract is debit and check card because of the lax anti-fraud protections that exist for those payment instruments.



Mpayy fully expects that the first users (immediately following friends, family and members that learn of us by word of mouth) will be those attempting to use the service to launder or steal money. An interview I read recently with co-founder of PayPal, Max Levchin, indicates the financial institutions that company spoke to before they launched warned them of this phenomenon, but it was not until they were losing $10 million per month that they realized the magnitude of the problem.



Mpayy's relationship with its world-class US banking partner will help provide many of the anti-fraud measures necessary. Further, in our attempt to establish the most secure payment processing system, Mpayy will use 128-bit TDES encryption and PCI compliance standards should help address this. Other measures are being taken including the low-tech, but hopefully very effective step of creating a "Digital Signet" that will validate all communication - text and email - to users.

add to del.icio.us saved by 0 users
Posted by Trace Johnson at 12:17 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)