AN ANALYSIS OF THE TWO MOST IMPORTANT TYPES OF FRAUD COMMITTED OVER THE INTERNET

Oscar Wasmosy - Melinda Baldwin - Dango Allen

Pittsburg State University

May 2004

TABLE OF CONTENTS
ABSTRACT ........................................................................................................................ 2 INTRODUCTION .............................................................................................................. 2 INTERNET AUCTION FRAUD ....................................................................................... 3 General Information about Internet Auction Fraud ........................................................ 3 Facts ................................................................................................................................ 4 Types of Internet Auction Fraud and Prevention ............................................................ 5 Non-Delivery .............................................................................................................. 5 Misrepresentation ........................................................................................................ 7 IDENTITY THEFT ............................................................................................................ 8 General Information about Identity Theft ....................................................................... 8 Preventions against Internet Identity Theft ..................................................................... 9 Consumers should: ...................................................................................................... 9 E-Businesses should: ................................................................................................ 10 A typical Case of Identity Theft Using the Internet ...................................................... 11 Analysis of the Case...................................................................................................... 12 Business Issues.......................................................................................................... 12 Government Issues .................................................................................................... 13 Social Issues .............................................................................................................. 13 CONCLUSION ................................................................................................................. 13 REFERENCES ................................................................................................................. 15

1 / 16

ABSTRACT
According to the IFCC 2002 Internet Fraud Report, misrepresented and nondelivered products (Internet auction frauds) accounted for 46.1 and 31.3 percent respectively of all the complaints submitted to the center in 2002. Credit/debit card fraud (theft of identity) accounted for 11.6 percent in the same year. The purpose of this paper is to analyze the two most important types of fraud committed over the Internet (auction fraud and theft of identity) from three perspectives, business, government and society.

INTRODUCTION
The Internet is a great invention since it enables individuals to communicate more effectively and have access to rich sources of information that were previously very difficult to have. Furthermore, the internet presents consumers with an exciting new mean to purchase goods and services faster and at low prices. However, all of the good attributes of the Internet dont come alone. The growth of business online coupled with the general low level of understanding security procedures creates an environment for fraud. Thanks to the Internet, anyone can travel around the world in seconds and this creates an opportunity for fraudulent people to appear suddenly, commit fraud on-line and then disappear without anyone knowing their true identity or location. In so many instances even the law agencies lack the technical expertise and equipment to conduct an investigation and prosecute cyber criminals (Tan, 2002).

2 / 16

During the last four years, identity theft and Internet auction frauds have been the two most common consumer complaints submitted to the Federal Trade Commission (FTC). In fact, identity theft and Internet auction frauds accounted for 42 percent and 15 percent of all consumer complaints submitted to the FTC during 2003 (FTC, News Releases, 2004, January 22). The FTC didnt mention how much identify theft was committed online, but the Internet Fraud Complaint Center (IFCC) did provide more detailed information regarding fraud committed over the Internet. According to the IFCC 2002 Internet Fraud Report, misrepresented and nondelivered products (Internet auction frauds) accounted for 46.1 and 31.3 percent respectively of all the complaints submitted in 2002. Credit/debit card fraud (theft of identity) accounted for 11.6 percent in the same year (IFCC, 2002). The purpose of this paper is to analyze the two most important types of fraud committed over the Internet (auction fraud and theft of identity) from three perspectives; business, government and society.

INTERNET AUCTION FRAUD

General Information about Internet Auction Fraud
Millions of potential buyers view Internet auction items. An Internet auction is conducted in the same way as a physical auction. The items are listed, described and bids are taken. One of the draws of auctions is the opportunity to get high-quality merchandise for a very minimal price. This is also the case for Internet auctions.

3 / 16

A major motivation to search for items at an auction is the hope of being able to purchase the merchandise for less than the suggested retail value. For this reason, individuals often overlook small details that may greatly affect the value and usability of the item up for bid. A fraud complaint is Internet-related if the Internet is utilized in any way for the advertising, sale or customer response regarding a product ordered or sold (Consumer Sentinel Report, January 2004). The governments current view on Internet activity is to leave it alone and not regulate it for fear of restricting the freedom of speech. With the vast size of the Internet, it would be next to impossible for any one agency to regulate it entirely. As a result, there is only one FTC rule pertaining to Internet fraud. It simply states that false advertising is not acceptable. As an alternate method of governance, the FTC encourages online businesses to each take on the responsibility of monitoring their own transactions. The FTC also strives to provide education for consumers (Federal Trade Commission, Internet Auction Fraud Targeted by Law).

Facts
Internet auctions were introduced in 1995 (Internet Auction Fraud, May 2001). Of all Internet fraud reported in 2003, 15% was Internet auction fraud. 89% of the 166,617 cases recorded reported the average amount lost of $1,341 (Consumer Sentinel Report, January 2004). Internet auction fraud seems like a new form of fraud, but really, the Internet just provides another venue, which criminals may utilize to commit fraud. The Internet is convenient and easily accessed by millions of people, but it has resulted in the need for

4 / 16

methods to fight this type of crime. The window of opportunity for solving a case of fraud on the computer is much shorter than for other forms of fraud because most electronic records are erased after a few weeks time (McQuillen, U.S. Arrests 130, Seizes $17 Million in Internet Fraud Cases). Over 1.3 million transactions a day take place on Internet auction sites resulting in less than 1% of fraudulent transactions. The daily occurrence is not large, but when added together every day for a year, the amount of fraud occurring seems exponentially large (Internet Auction Fraud, May 2001). In 2001, eBay reported that only one in 40,000 of its auctions resulted in reported fraud. 48% of Internet fraud is auction fraud, so it may be deduced that minimizing online auctions would significantly reduce the occurrence of Internet fraud (Curry, Online Auctions: Deal or Steal ?).

Types of Internet Auction Fraud and Prevention

The schemes that Internet auction fraud involves may be lumped into two main categories: non-delivery and misrepresented goods. These schemes will be discussed in the following paragraphs along with ways to avoid being a victim (Internet National Fraud Information Center Watch, Fraud Trends 2003).

Non-Delivery
When a buyer wins an item off an Internet auction and pays for it but never receives it, a case of non-delivery has occurred. Many times, there is no item to begin with and the auction is just a set-up to extort funds from unsuspecting auction bidders (Internet Auction Fraud, May 2001). Multiple individuals are usually contacted, told that 5 / 16

they have won the product and are asked to send money immediately. The seller then changes his e-mail address and auction ID in an attempt to dissapear into cyberspace (Curry, Online Auctions: The Bizarre Bazaar). Michael R. Deppe, a 19-year-old working out of his house, tricked customers out of $30,000. He failed to deliver auction products won such as a Rolex watch, a digital video recorder, a plasma television, sports memorabilia, six tickets including airfare and lodging at Caesars Palace and a digital camera. He obtained names of potential buyers from collectables magazines and e-mail addresses. This is a case brought to court in 2004. A trial date has yet to be set, but there are plenty of angry victims waiting to testify as soon as possible (Computer Crime Research Center, Teen Charged in internet Fraud Case). Between 80 and 90% of all complaints received by the FTC pertain to nondelivery (USA TODAY, Internet Auction Fraud Increases). It is recommended that buyers research a seller before bidding on an item. Looking at the past performance ratings of a seller, it can be determined whether the seller is honest, reliable and delivers products in a timely manner (Curry, Online Auctions: The Bizarre Bazaar). Comments and other feedback may be falsified, but there is likely to be some truth in them (USA TODAY, Internet Auction Fraud Increases). Money orders or personal checks are the payment methods used by 80% of fraud victims. Checks cannot be traced, so buyers are encouraged to use credit cards for payment. Funds transferred to a seller may then be located in order to demand a refund if goods purchased never arrive. The only downfall is that when using a credit card, the

6 / 16

fraudulent seller obtains your credit card number, name and address (Internet Auction Fraud, May 2001). People should not buy from a seller who will only accept cash. This is a sure sign that the seller is likely to take a buyers money and run. Show preference to sellers who accept payment through online services such as Paypal or escrow accounts (Curry, Online Auctions: The Bizarre Bazaar).

Misrepresentation
Buying items on the Internet is tricky because you cannot physically see or touch them. This makes it difficult to determine whether or not an item is being truthfully represented. False information may be listed, pictures of an item may be altered or substitute images of a like item may be used to represent what is up for bid (Internet Auction Fraud, May 2001). Sometimes misrepresentation is intentional, though sometimes it is not and results only because a breakdown of communication between the buyer and the seller (Curry, Online Auctions: The Bizarre Bazaar). In misrepresentation, a good is shipped that is different in condition from the one described. For instance, one man took pictures of cars that he did not own and placed them on eBay auction. The buyers never received the cars. Many such complaints are reported, but few cases are ever prosecuted. If the sum lost is less than $5,000, the FBI refuses to investigate. Misrepresentation and non-delivery often take place simultaneously. Misrepresentation must take place if an item is not shipped to a buyer (Internet Auctions, Schemes, Scams, Frauds).

7 / 16

There is really no way that misrepresentation on Internet auctions can be avoided entirely. Individual sellers provide listing information. Auction sites can specify what kind of information should be provided, but they have no way of verifying as to the truth of the validity of the seller (Curry, Online Auctions: The Bizarre Bazaar). The best way to avoid being a victim of misrepresentation is to ask the seller questions until the item is indisputably defined without question in your mind. If this cannot be accomplished, it is recommended that the item be passed up (Curry, Online Auctions: The Bizarre Bazaar).

IDENTITY THEFT
General Information about Identity Theft
One of the most common ways to commit fraud is by stealing other peoples personal information. Identity theft consists in using another persons name, address, Social Security number, bank account number, or any other personal information to commit fraud. For example, an identity thief can use another persons information to open a new credit card account, to take out auto loans or to establish wireless services. When they open the account, they usually change the mailing address for the credit card account, so that the victim will not notice there are strange charges in his or her name. The most common methods used by identity thieves to steal personal information are: stealing records from their employers, bribing employees that have access to personal information, hacking into personal computers, searching for personal information in the trash, stealing wallets and purses that contain personal information and

8 / 16

credit cards, completing change-of-address forms and stealing bank statements and preapproved credit card offers from mailing boxes (FTC, ID THEFT). Prior to 1998 identity theft was not considered a crime by itself but just a tool used to commit other crimes (Arnold, 2000, p. 4). However, since the Identity Theft and Assumption Deterrence Act of 1998 was passed, the Federal Trade Commission (FTC) has been assisting identity theft victims to resolve their problems and maintaining a nationwide database of ID theft complaints which are available to law enforcement agencies. It also provides important information related to identity theft for consumers, businesses, and law enforcement agencies (FTC, News Releases, 2003, September 3). Due to recent advances in computer and Internet technology, it is now much easier to steal an identity and to commit fraud with stolen identities. For example, the Internet reduces the chances to capture the criminal since he or she doesnt need to be present when committing the fraud. It also helps the criminal to act quickly when opening a new account, placing orders and disappearing. Moreover, prosecution against identity thieves is less severe than prosecution against common robbers since identity theft is just considered fraud, which is a white collar crime (Arnold, 2000, p. 4).

Preventions against Internet Identity Theft

This section provides some recommendations for consumers and businesses on how to prevent theft of identity over the Internet.

Consumers should:
Know why they are giving personal information and who is receiving that information. 9 / 16

Only provide the minimum information needed to complete the transaction. Check their credit report sporadically. Use only one credit card online and check the statement every month. Not allow merchants to remember credit card numbers unless the merchant has sufficient technology to protect that information.

Only provide personal information in secure forms. A form is secure if there is a key or lock symbol (not broken or open) on the browsers status bar. Clicking on the lock symbol should bring up information about the merchant from an independent certificate authority.

Put the affected account on hold and report the incident to the Federal Trade Commission (FTC) and the Internet Fraud Complaint Center (IFCC) in case of identity theft.

E-Businesses should:
Develop a privacy policy and post it on-line. Train employees to follow the privacy policy. Employ a person to be in charge of the security and privacy of the company. Investigate and respond to consumer complaints. Only ask customers essential information to complete the transaction.

10 / 16

Keep only essential information in databases. Payment information is not necessary to have in databases.

Restrict access to payment application software and databases containing personal information of customers and monitor the employees who have access to those databases and software.

Have a clear procedure to follow in case of a breach in the security system. Any procedure should prevent future attacks without destroying evidence that could be used to find the perpetrators (Arnold, 2000, p. 8-9).

A typical Case of Identity Theft Using the Internet

This case doesnt mention real names to protect the victims. In October 1999, a public document from the US Congressional Record was posted on a public Web site. The document contained a list of US command officers with their respective serial numbers which were in fact Social Security numbers (the US Army has been using SSN as serial numbers for soldiers during the last 25 years). One of those officers was Lieutenant Colonel James Jones. A criminal took a copy of that list and used the names and Social Security numbers to obtain credit cards and instant credits on stores that offered that service. The criminal used addresses from different private mailboxes to receive the goods that were bought over the Internet. When the criminal tried to take a cash advance for the second time from Jones account, the bank tried to contact him but it was found that the phone number and address 11 / 16

were false. The bank then ran a credit report for Jones SSN and found his real phone number. After the bank had contacted Jones, he ran a credit report on himself and found out that he owed more than $50,000 for strange charges. Jones then contacted the local police which later contacted the US Secret Service. When Jones decided to buy a new car the dealer refused to give him credit and asked him to pay on cash. Since then Jones had to spend several hours clearing his report. By the time this case was written (June 2000) the suspect continued free, opening new accounts online and damaging the credit reputation of many other people (Arnold, 2000, p. 5).

Analysis of the Case

Business Issues
Companies that provide credit to buy on-line should be very careful when analyzing applications since identity theft is, by far, the most common type of fraud. Jones case could have been avoided if merchant companies required more personal information than just a Social Security number to approve the credit. In addition, companies should verify that the information provided by the customer is real and accurate. Merchant companies should be concerned if a customer provides a phone number and address that is not consistent with the information obtained from credit reports and other active credit accounts. Another effective method to prevent this type of fraud is by checking if the phone number provided corresponds with the name and address of the applicant (Arnold, 2000, p. 14).

12 / 16

Government Issues
The Government should provide more security to customers since it is currently very easy to steal identities and to commit fraud. There are Government agencies, such as, the Federal Trade Commission (FTC) and the Internet Fraud Complaint Center (IFCC) that assists customers in case of Internet fraud but it is not clear how the Government will prevent future cases of identity theft. A database system that could store sufficient information about Internet predictive variables would be very useful to evaluate credit applications. Such a database should be hosted by an Internet fraud detection agency and available for merchant companies that need to check if the same set of Internet environment values has created other accounts using different names (Arnold, 2000, p. 15).

Social Issues
Identity theft is a serious problem in our society and people should know how to prevent this type of fraud and what to do in case someone steals their identity. It is the societys role to demand more security against new crimes that arise as a result of advances in computer and Internet technology. If a person knows there is personal information about them on public Web pages, they should demand the deletion of that information to prevent cases like Jones case.

CONCLUSION
The Internet as a form of communication offers various business opportunities with several advantages over traditional methods. Despite these advantages, the Internet

13 / 16

can also be used as a tool to commit crime. The use of the Internet for business and also fraudulent practices on the Internet are growing on a simultaneous basis. Controlling these fraudulent practices presents a very big challenge. The government through its agencies protects consumers against such unfair and deceptive practices but it cannot be efficient in this direction if companies and the people do not contribute their quota. Business organizations should do all it takes to protect themselves and the consumers against such fraudulent practices. Businesses can do this by at least educating the consumers about these fraudulent patterns. Furthermore, the business community should work hand in hand with the law enforcement agencies to prevent the two most common frauds committed on-line, Internet auction fraud and theft of identity.

14 / 16

REFERENCES
Arnold, Tom (2000, June). Internet Identity Theft - A Tragedy for Victims, SIIA (Software & Information Industry Association), from http://www.siia.net/sharedcontent/divisions/ebus/id_theft.pdf Curry, Sharon, Online Auctions: A Bizarre Bazaar. Retrieved April 20, 2004, from http://www.scambusters.org/onlineauctions.pdf. Curry, Sharon, Online Auctions: Deal or Steal?. SCAMBUSTERS. (March 29, 2001). Retrieved April 20, 2004, form http://www.scambusters.org/Scambusters43.html. FTC, ID THEFT. Understanding Identity Theft, from http://www.consumer.gov/idtheft/understanding_idt.html#1 Federal Trade Commission. Internet Auction Fraud Targeted by Law Enforcers. Retrieved April 20, 2003, from http://www.ftc.gov?opa/2003/04/bidderbeware.htm. Federal Trade Commission, Internet Related Fraud Complaints: 2003 Report, CONSUMER SENTINEL. Retrieved April 20, 2004, from http://www.consumer.gov/sentinel/. Federal Trade Commission (FTC), News Releases, (2003, September 3). FTC Releases Survey of Identity Theft in U.S. 27.3 Million Victims in Past 5 Years, Billions in Losses for Businesses and Consumers, from http://www.ftc.gov/opa/2003/09/idtheft.htm Federal Trade Commission (FTC), News Releases, (2004, January 22). FTC Releases Top 10 Consumer Complaint Categories in 2003, form http://www.ftc.gov/opa/2004/01/top10.htm Internet Auction Fraud, (May 2001). Retrieved April 20, 2004, form http://www.ifccbi.gov/strategy/AuctionFraudReport.pdf. Internet Auctions: Schemes, Scams, Frauds. Retrieved April 20, 2004, form http://www.crimes-of-persuasion.com/Crimes/Delivered/internet_auctions.htm. Internet National Fraud Information Center Watch. Internet Scams: Fraud Trends January-December 2003. Retrieved April 20, 2004, form http://www.fraud.org/2003internetscams.pdf IFCC, 2002 Internet Fraud Report, January 1, 2002 December 31 2002, from http://www1.ifccfbi.gov/strategy/2002_IFCCReport.pdf Kong, Deborah, Internet Auction Fraud Increases. USA TODAY. (June 23, 2000). McQuillen, William. U.S. Arrests 140, Seizes $17 Million in Internet Fraud Cases, BLOOMBERG NEWS, (May 17, 2003).

15 / 16

Tan, H.S.K (2002 Apr). E-Fraud: Current trends and International developments, Journal of Financial Crime, 9, no4, p. 347-354.

16 / 16