Today, I read an article by James B. Kelleher from Reuters, which demonstrates the need for more of this legislation (worldwide). These laws can go a long way towards prosecuting the cyberscum that create 9 million victims a year in the United States alone.
Kelleher quoted two security experts from Visa USA and Mastercard International:
Speaking at the Bank Card Conference here, John Shaughnessy, senior vice president for fraud prevention at Visa USA, and Suzanne Lynch, vice president for security and risk services at MasterCard International, said that organized crime rings — with the help, in many cases, of former Soviet KGB cryptographers — were successfully using the Internet and "crimeware" software programs to circumvent the defenses credit card issuers erected against them.Another root cause of the problem are corporations, who put profitability ahead of their customers:
"While the criminals are increasingly savvy, Shaughnessy and Lynch said that in many cases they were inadvertently helped by sloppy security policies within the payment chain and by slip-ups by merchants, third-party processors or the credit card companies."
Both experts agree that the end is nowhere near in sight.
It's going to be difficult to build technical defenses, especially when some of these gangs (notably those from the former Soviet Union) are known to employ highly educated technical experts. There have also been reports that the gangs are working in collusion with each other, or networking.
For every measure created to address their activity, they seem to have the experts to come up with a countermeasure.
To attack the problem, we need to figure out why this activity is so lucrative. One answer is that the laws are lax and the chances of getting caught are minimal.
Creating laws with strict penalties is a step in the right direction!
For the story from Reuters, click on the title of this post.