Will spam, phishing kill e-billing?Published on 08 Aug 2004
As much as we need to stay ahead of the positive advances in technology, we increasingly have to stay on top of the new and intensifying scourges of the digital communication age.
A Gartner report published this year tells us that technology-driven fraud using channels such as email and the Web is now the fastest growing form of consumer theft in the US. This form of fraud is estimated to have scooped a whopping $2.4 billion during the last 12 months.
Phishing is a relatively new form of Internet fraud, in which criminals pose as reputable companies, providing links to false Web sites and asking for confidential (usually banking) information. This information is then used to gain access to bank accounts and credit card numbers.
While most average Internet users have not fallen prey to a phishing scam, every regular email user I know is complaining about masses of unsolicited commercial email, offering everything from specials on blue pills, to dubious computer protection devices, or promising to enlarge various parts of the anatomy. And always at a special price.
The spam problem isn’t just about those unwanted emails in your inbox, it’s about privacy, the illegitimate use of personal details, and the enormous drain on resources throughout the delivery chain.
The potential effects of both problems are devastating, not only financially, but for the collective trust in online transactions.
For the e-billing industry, the question is: will the advance of technology also be the death of it?
As fast as criminals develop their scams, so the big guns are producing ways to thwart the promoters of spam and phishing. In the face of a degradation in consumer trust, and the serious risk posed to multibillion-dollar industries such as banking, software, connectivity, online transactions, retail and the like, at least we can rest assured that huge amounts of research and development spend is being routed into combating these issues.
Email functionality such as digital signatures and sender ID are adding levels of authentication that previously were not required, or available, in email communication. These advances will fortunately address both issues as they attack the same problem: concealment of ‘spoofing’ of the sender’s identification.
For the e-billing industry, there are many points in the process that need tightening up.
The biller needs to protect its customers, brand and revenues in every way it can. Billers need to change the way they communicate with their stakeholders, specifically the avoidance of practices that have been previously used to commit fraud.
An agreement needs to be struck between the biller and customer on the standards of their electronic interaction. This is already being done by many global organisations, tightening up their processes, while simultaneously advancing their technologies. Some have issued statements such as “The bank will never send you a Web link in an email”, while others focus on educating the customer about authentication procedures and good online practice.
Much attention has been paid to the use of multiple channels to verify identities. The expectation is that if criminals are using one channel to pose fraudulently as the organisation, it’s unlikely they are able to manipulate a second channel as well. Email, Web and SMS strategies are starting to overlap in order that one can verify the other.
Some of the responsibility for safeguarding one’s online identity and sanity lies with the user. As customers, we also need to understand how to protect ourselves. This involves being aware of methods used by criminals, such as Web links to false sites, and avoiding using processes that could put us at risk.
There are also a few golden rules to avoiding spam: be careful of signing up with sites on the Web, check their privacy policies before you send them your details. Publishing your personal email address on a Web site is guaranteed to get you into the spam cycle. Spammers these days are not relying on stealing the odd email address here and there. They are rather effectively ‘harvesting’ the Web, using sophisticated content sniffers that can smell an email address from many servers away.
Industry players also need to join in the fight against these issues. This includes Internet service providers, software developers and the email administrators of each business that accepts inbound email. Introducing spam filters will assist in decreasing the amount of unsolicited email that reaches the desktop, but unfortunately that email has already wasted resources travelling from its originating server through many loops to the recipient’s server.
And in some cases decreases the efficiency of doing business using email.
The e-billing industry will not be able to escape the knock-on effect that scams and spammers will have on the online community in general. Luckily, the investment likely to be made by the billion-dollar players will not escape us either.