ewebsecure.com - Industry News

Industry News

Thursday, Jan 18, 2007
CIBC loses data on 470,000 Talvest fund customers

(CBC) - CIBC Asset Management says a backup computer file containing information on almost half a million of its Talvest Mutual Funds clients has gone missing.

The company says the missing data was in a file that disappeared "while in transit between our offices." The file had personal and financial details on current and former clients of Talvest Mutual Funds, which is a CIBC subsidiary.

The information may have included client names, addresses, signatures, dates of birth, bank account numbers, beneficiary information and/or Social Insurance Numbers.

Talvest says there's no indication that the missing backup file has been "inappropriately accessed," but says CIBC will be taking a number of precautions.

"We are in the process of contacting affected Talvest clients by letter to advise them of this issue and to detail the steps we are taking to safeguard their information," said Steve Geist, president of CIBC Asset Management.

Computer fraud expert Thomas Keenan from the University of Calgary said there's good reason for the company to alert their customers. "Because what's on there the missing file is everything you need to know to do identity theft," he told CBC News.

The privacy commissioner of Canada, Jennifer Stoddart, announced that she is launching an investigation.

"Although I appreciate that the bank notified us of this incident and that it is working co-operatively with my office, I am nevertheless deeply troubled, especially given the magnitude of this breach, which puts at risk the personal information of hundreds of thousands of Canadians," Stoddart said in a statement.

Talvest has set up special phone lines for clients who want more information.

The report follows news of a potential corporate privacy breach that could affect as many as two million Visa credit card holders in Canada.

The owner of Winners and HomeSense stores warned Thursday that hackers gained access to its computer system and credit card numbers may have been improperly accessed.

http://www.mytelus.com/news/article.do?pageID=technology_home&articleID=2518218

Cyber Crime Hits the Big Time in 2006
Experts Say 2007 Will Be Even More Treacherous
By Brian Krebs
washingtonpost.com Staff Writer
Friday, December 22, 2006; 9:51 AM

Call it the "year of computing dangerously."

Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products. Few Internet security watchers believe 2007 will be any brighter for the millions of fraud-weary consumers already struggling to stay abreast of new computer security threats and avoiding clever scams when banking, shopping or just surfing online.

One of the best measures of the rise in cyber crime this year is spam. More than 90 percent of all e-mail sent online in October was unsolicited junk mail messages, according to Postini, a San Carlos, Calif.-based e-mail security firm. The volume of spam shot up 60 percent in the past two months alone as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases. As a result, network administrators are not only having to deal with considerably more junk mail, but the image-laden messages also require roughly three times more storage space and Internet bandwidth for companies to process than text-based e-mail, said Daniel Druker, Postini's vice president of marketing.

"We're getting an unprecedented amount of calls from people whose e-mail systems are melting down under this onslaught," Druker said. Spam volumes are often viewed as a barometer for the relative security of the Internet community at large, in part because most spam is relayed via "bots," a term used to describe home computers that online criminals have compromised surreptitiously with a computer virus or worm. The more compromised computers that the bad guys control and link together in networks, or "botnets," the greater volume of spam they can blast onto the Intenet.

At any given time, there are between three and four million bots active on the Internet, according to Gadi Evron, a botnet expert who managed Internet security for the Israeli government before joining Beyond Security, an Israeli firm that consults with companies on security. And that estimate only counts spam bots. Evron said there are millions of other bots that are typically used to launch "distributed denial-of-service" attacks -- online shakedowns wherein attackers overwhelm Web sites with useless data if the targets refuse to pay protection money.

"Botnets have become the moving force behind organized crime online, with a low-risk, high-profit calculation," Evron said. He estimated that organized criminals would earn about $2 billion this year through phishing scams, which involve the use of spam and fake Web sites to trick computer users into disclosing financial and other personal data. Criminals also seed bots with programs that can record and steal usernames and passwords from compromised computers

Crime-Dot-9-to-5

Another interesting measure of the growth of online crime is data showing that criminal groups have shifted their activities from nights and weekends to weekday attacks, suggesting that online crime is evolving into a full-time profession for many. Cuptertino, Calif.-based Internet security provider Symantec Corp. found that the incidence of phishing scams dropped significantly on Sundays and Mondays in the United States. Symantec found similar trends when it examined the pattern of new virus variants being compiled and released by attackers.

"The bulk of the fraud attacks we're seeing now are coming in Monday through Friday, in the 9-5 U.S.-workday timeframe," said Vincent Weafer, director of security response at Symantec. "We now have groups of attackers who are motivated by profit and willing to spend the time and effort to learn how to conduct these attacks on a regular basis. For a great many online criminals these days, this is their day job: They're working full time now."

Criminals are also getting more sophisticated in evading anti-fraud efforts. This year saw the advent and wide deployment of Web-browser based "toolbars" and other technologies designed to detect when users have visited a known or suspected phishing Web site. In response, many online scam artists place phishing Web sites targeting multiple banks and e-commerce companies on the same Web servers, then route traffic to those servers through home computers that they have commandeered with bot programs.

In such operations, each individual scam page is assigned to a Web site that, for a short time, is tied to an Internet address of a compromised computer that the criminals control. When a would-be victim clicks on a link in a phishing e-mail, he or she is routed through the drone PC to the correct scam page.

The result is that even if law enforcement or security experts manage to take down the infected PC responsible for relaying traffic to one of the scam sites, the effect of that takedown is only temporary, as the attackers can simply substitute another computer they have gained control over. Such scams make it far more difficult for security experts to find the true location of phishing servers.

"We seen a pretty big evolutionary jump in tactics used by phishers over the past year, and I believe it's because some of the toolbar makers and the good guys who work to get these scam sites shut down have really done a good job at preventing them from being successful," said Dan Hubbard, vice president of research for Websense, an online security firm based in San Diego, Calif.

Software Insecurity

These past 12 months brought a steep increase in the number of software security vulnerabilities discovered by researchers and actively exploited by criminals. The world's largest software maker, Microsoft Corp., this year issued software updates to fix 97 security holes that the company assigned its most dire "critical" label, meaning hackers could use them to break into vulnerable machines without any action on the part of the user. In contrast, Microsoft shipped just 37 critical updates in 2005. Fourteen of this year's critical flaws were known as "zero day" threats, meaning Microsoft first learned about the security holes only after criminals had already begun using them for financial gain.

This year began with a zero-day hole in Microsoft's Internet Explorer, the browser of choice for roughly 80 percent of the world's online population. Criminals were able to exploit the flaw to install keystroke-recording and password-stealing software on millions of computers running Windows software.

At least 11 of those zero-day vulnerabilities were in the Microsoft's Office productivity software suites, flaws that bad guys mainly used in targeted attacks against corporations, according to the SANS Internet Storm Center, a security research and training group in Bethesda, Md. This year, Microsoft issued patches to correct a total of 37 critical Office security flaws (that number excludes three unpatched vulnerabilities in Microsoft Word, two of which Microsoft has acknowledged that criminals are actively exploiting.)

But 2006 also was notable for attacks on flaws in software applications designed to run on top of operating systems, such as media players, Web browsers, and word processing and spreadsheet programs. In early February, attackers used a security hole in AOL's popular Winamp media player to install spyware when users downloaded a seemingly harmless playlist file. In December, a computer worm took advantage of a design flaw in Apple's QuickTime media player to steal passwords from roughly 100,000 MySpace.com bloggers, accounts that were then hijacked and used for sending spam. Also this month, security experts spotted a computer worm spreading online that was powered by a six-month old security hole in a corporate anti-virus product from Symantec Corp.

Tom Liston, a senior security consultant at Washington, D.C.-based IntelGuardians, said the increasing focus on attacking flaws in other software is a reaction to growing security awareness among small business owners and home computer users.

Dim Prospects for 2007

Websense's Hubbard predicts that 2007 will see the evolution of malware designed to take advantage of presently unknown security holes in browser-based anti-phishing toolbar programs, such as the ones embedded in Mozilla's Firefox 2.0 browser and Microsoft's Internet Explorer Version 7.

Criminal gangs also are beginning to wise up about hiding the data they've stolen, he said. Online criminals often store stolen bank account information in plain text files on random Web sites that they've gained access to. Security experts frequently index and alert financial institutions to any compromised customer accounts, but Hubbard said he expects more cyber crooks to begin scrambling their data stashes with encryption programs, potentially crippling fraud detection efforts.

Many security professionals speak highly of Microsoft's Vista, the newest version of Windows scheduled for release next month. The program includes a number of improvements that should help users stay more secure online, such as a hardened Web browser that includes new anti-fraud tools, as well as operating system level changes that should make it more difficult for the user or rogue spyware or viruses to make unwanted or unwise changes to key system settings and files.

But experts worry that businesses will be slow to switch to the new operating system. And even if consumers rush to upgrade existing machines or purchase new ones that include Vista, Microsoft will continue to battle security holes in legacy versions of Microsoft Office, which are expected to remain in widespread use for the next 5-10 years.

Online fraud will get even more sophisticated in 2007, researchers fear. "Criminals have gone from trying to hit as many machines as possible to focusing on techniques that allow them to remain undetected on infected machines longer," Symantec's Weafer said.

Some software security vendors suspect that a new Trojan horse program that surfaced last month, dubbed "Rustock.B" by some anti-virus companies, may serve as the template for malware attacks going forward. The program morphs itself slightly each time it installs on a new machine in an effort to evade anti-virus software. In addition, it hides in the deepest recesses of the Windows operating system, creates invisible copies of itself, and refuses to work under common malware analysis tools in an attempt to defy identification and analysis by security researchers.
"This is about the nastiest piece of malware we've ever seen, and we're going to be seeing more of it," said Alex Eckelberry, president of Clearwater, Fla. based security vendor Sunbelt Software. "The new threats that we saw in 2006 have shown us that the malware authors are ingenious and creative in their methods. Unfortunately, those attributes aren't ones we would normally consider laudable in the context of criminals."

http://www.washingtonpost.com/wp-dyn/content/article/2006/12/22/AR2006122200367.html

Online Fraudsters Take .6B Out of 2003 eCommerce
From CyberSource

Merchants make progress controlling direct fraud costs, but hidden costs grow

The fifth annual survey of eCommerce fraud released by CyberSource Corporation shows merchants are making some gains in limiting the online fraud rate. 333 merchants surveyed said they expect to lose about 1.7% of their revenue to fraud this year, down from 2.9% the year before. (1.7% of estimated U.S. business-to-consumer eCommerce revenues in 2003 amounts to over $1.6 billion*). But progress against the direct fraud rate may be more than offset by the indirect, hidden costs of fraud. More merchants are checking more orders manually, yielding higher personnel expenses. And many orders are being rejected on suspicion of fraud—inevitably meaning some good orders never turn into revenue.

The growing cost of fraud prevention

Clearly, merchants feel the overall problem is significantly worse this year.

66% of those responding called fraud a "serious" or "very serious" problem compared to only 46% who felt that way in 2002. The explanation? It's costing a lot to get the fraud rate down. Last year, only half the merchants surveyed used manual review; this year the figure is two-thirds. Nearly one in four orders is being manually checked this year (23%) up from one in five (20%) in 2002. Yet two-thirds of these orders are ultimately accepted and shipped.

Adding to the true cost of fraud are rejected orders. For every order that ultimately turns out to be invalid, merchants are having to reject another three to four on the suspicion they may be fraudulent. A percentage of those rejected orders may be good, meaning more revenue that never gets realized.

"With e-commerce continuing to grow rapidly, online fraud is casting a long shadow over the business in terms of both lost sales and overhead," said Perry Dembner, CyberSource vice president, marketing. "Merchants are realizing that throwing people at the problem is not a long term solution. We are seeing that the best merchants are working the whole problem, using automated tools to help find more good orders more quickly. That will separate the winners and losers in this arena."

New card association regulations make the fraud rate an even more crucial management issue for merchants today. Sellers who have to accept charged back sales at a rate greater than 1% of orders may be subject to significant fees and penalties. According to this year's survey, almost 60% of online merchants report a total order loss rate of 1% or more, a portion of which are actual chargebacks.

International eCommerce—higher growth potential at a higher cost

Market analysts predict that eCommerce is growing faster in Europe and Asia than in the U.S. and Canada. But CyberSource's survey data shows merchants need caution as they extend their operations abroad. Survey respondents who accept international orders say the direct fraud rate they experience there is four times the rate they see in orders from the U.S. and Canada, despite the fact that they are also rejecting orders at a four times greater rate.

Use of anti-fraud tools growing

Manual review is just one example of anti-fraud tools seeing greater use today. Address Verification Service (a basic tool from the card companies that authenticates the first five digits of the cardholder's address and the cardholder's zip code) is employed by 75% of merchants today (up from 71% in 2002). 44% of respondents (vs. 34% last year) say they use the various Card Verification Number (CVN) schemes available from the card companies, requiring card holders to supply the three or four digits that appear on the front or the back of their cards during the transaction. Cardholder authentication programs by MasterCard (SecureCode) and Visa (Verified by Visa) also show growth this year, with over 40% having implemented or planning to implement these tactics within a year.

About the Survey - The Fifth Annual CyberSource Fraud Survey was sponsored by CyberSource Corporation and undertaken by Mindwave Research. The survey was fielded October 10-14, 2003 and yielded 333 complete responses (vs. 341 the year before). The sample was drawn from a database of companies involved in electronic commerce activities. Incentive to respondents was a summary of the research findings.

http://retailindustry.about.com/cs/lp_internet/a/bl_cs111803.htm

Fraud Threatens E-Shopping
From PC World

Linda Rosencrance, Computerworld

Merchants could lose $2.8 billion this year because of online fraud, according to a survey released by CyberSource, a provider of electronic payment and risk management products. The $2.8 billion figure is 8 percent higher than last year, CyberSource said.

The survey, conducted by Austin-based Mindwave Research, found that companies with online revenues of between $5 million and $25 million annually are being hit the hardest. Those companies saw online fraud losses rise from 1.5 percent of their revenue in 2004 to 1.8 percent of their revenue this year.

Online fraud losses suffered by merchants with more than $25 million worth of online sales annually rose only slightly year over year, from 1.1 percent in 2004 to 1.2 percent this year, the survey said. Online fraud losses for smaller merchants, those with online revenues of less than $5 million, were lower than last year--falling from 2.1 percent of revenues in 2004 to 1.6 percent this year, according to the survey.

Authentication Challenge

Part of the problem is that while merchants are reviewing more orders manually this year to catch fraudulent orders, they're doing so without hiring more employees, according to CyberSource spokesperson Bruce Frymire. In fact, midsize merchants said they reviewed one quarter of their orders this year, up from 21 percent of orders in 2004, he said.

Most merchants are so far relying on two basic means of fighting fraud: address verification systems, which compare the address on file at the card issuer to the billing address provided by the card holder, and checks of the card verification number--the additional digits printed on the credit cards, according to the survey.

Over half the merchants who took part in the survey said that they are currently using or intend to an payer authentication system such as MasterCard's SecureCode or Visa's Verified by Visa before the end of 2006, Frymire said.

http://pcworld.about.com/news/Nov162005id123517.htm

Consumers Growing Wary of Buying Online
Concerns about identity theft and security could hamper the growth of e-commerce, study suggests.

Linda Rosencrance, Computerworld

Monday, June 27, 2005 05:00 AM PDT

Consumers are buying less online because of concerns about identity theft and security, according to a report released last week by The Conference Board in New York.

More than 13 percent of all Internet users say they or a member of their household has already been a victim of identity theft, according to The Consumer Internet Barometer published by The Conference Board.

"We found that people are becoming much more concerned both about identity theft and about security issues regarding their personal information and that they are altering their behavior because of that," says Lynn Franco, director of The Conference Board's Consumer Research Center.

"Misplaced or stolen data from major financial service institutions such as Citigroup, Bank of America, and Wachovia, and this week's admitted mishandling of data by the credit card processing company CardSystems Solutions, have increased consumers' concerns about online security," she says in the statement.

The survey found that nearly 70 percent of consumers have installed additional security software on their PCs, and 41 percent say they're purchasing less online--a fact that has some pretty negative ramifications for e-tailers, including slowing the growth of e-commerce, Franco says.

What we had seen was that companies were issuing privacy statements and they were being a little bit more upfront about what security measures they were using, she says. "But now they are also going to have to make sure that if they outsource part of the work that those firms are also abiding by procedures and agreements."

More Concerned

The majority of online consumers, 54 percent, say they are more concerned today about the security of their personal information on the Internet than a year ago, while 42 percent say their level of concern has not changed, according to the survey. Only 4 percent say they are less concerned today than in the past.

The survey also found an age gap: 63 percent of Internet users who are age 55 and over claim that they are more apprehensive, while only 40 percent of consumers under age 35 are more concerned today.

"Younger consumers tend to be among the early adopters of technology, and the Internet is no exception," says David Stark, North American privacy officer for TNS NFO, a division of London-based market research firm TNS. "This group is familiar and comfortable with the Web, and many feel that they know how to protect themselves online."

He notes that older online shoppers may have more at stake in case of identity theft. "Consumers who are 55 and older have accumulated more wealth than their younger counterparts," Stark says. "There is a lot more money at stake for this group if their personal information ever got into the hands of cybercriminals."

http://pcworld.about.com/gi/dynamic/offsite.htm?site=http://pcworld.com/news/article/0,aid,121598,00.asp

E-Merchants Are Successfully Fighting Fraud
Despite Rising Sophistication of Fraudsters

Although a majority of online merchants believe that fraudsters are growing more sophisticated, they also report using prevention tools to keep fraud rates low, according to a survey released by the Merchant Fraud Squad.

The survey finds that 72 percent of small merchants and 58 percent of large merchants report fraud rates of less than .5 percent of annual revenues. Only 17 percent of small merchant and 20 percent of large merchants report fraud rates greater than 1 percent.

The first-annual Merchant Fraud Squad survey also finds that 71 percent of large merchants believe that online fraudsters have become more sophisticated in the last 12 months. Nearly 60 percent of small and medium size e-tailers agree. Additionally, 47 percent of the 368 members who responded to the voluntary survey rate online fraud as "one of the most significant problem we face."

"The study reveals that online merchants view fraudsters as more cunning, but also that merchants are not sitting idle," said Julie Fergerson, chair of the Merchant Fraud Squad and Co-Founder and Vice President of Emerging Technologies at ClearCommerce. "Our goal is to make sure merchants stay one step ahead of the curve and get their fraud rates down even lower."

How Merchants Fight Fraud

The 2002 Merchant Fraud Squad survey listed top fraud prevention tools and asked merchants if they utilize them. Similar to last year, the tools most often reported as utilized for fraud prevention are:

Address verification systems (70 percent)
Customer follow-up (63 percent)
Real-time authorizations (61 percent)
Post-process fraud management (51 percent)

"We know from experience that fighting fraud is an ongoing process that requires constant education and vigilance," said E Bai Koo, Director of Emerging Payments & Online Industries at American Express. "Ultimately, we want to ensure that any company engaged in e-commerce can access up-to-date information and resources on this very important subject."

The survey also finds that most merchants are able to combat fraud for relatively low costs. Fifty-nine percent of large merchants, 51 percent of medium merchants and 58 percent of small merchants report spend less than 1 percent of total revenues on fraud prevention. Only 8 percent of small businesses report spending more than 3 percent of total revenues on fraud prevention, while 7 percent of large and medium-size business report spending that amount.

Merchants taking the survey represent large, medium and small online retailers. Forty-two percent listed annual revenues of more than $1 million, 28 percent listed revenues at less than $100,000 and 32 percent reported revenues of between $100,000 and $1 million.

http://retailindustry.about.com/library/bl/02q2/bl_mfs061702.htm

Internet Fraud Persists as Major Concern for Consumers
One-Third See Real Problem at Auctions and E-Marketplaces, but Equal Number Remain Unaware of Risks

The Internet -- often described as a faceless, impersonal medium where users are wise to proceed at their own risk -- is indeed a breeding ground for fraud, according to the results of a new nationwide survey released today by US SEARCH (Nasdaq:SRCH), a trusted, reliable source of Internet-based information and risk management services.

In a survey of Internet users conducted for US SEARCH by MarketFacts TeleNation, Inc. of Chicago, nearly 35 percent of respondents described Internet fraud as a "severe or significant" problem, indicating a continued skepticism about the safety of online transactions, especially at Internet auctions, exchanges and e-marketplaces.

Notably, an almost equal number of respondents admitted they were unaware of the risks of transacting business online. Another group -- 22 percent -- believes that Internet fraud happens "occasionally, but not that often." Only 4 percent of respondents said that online fraud is not a problem. Although a substantial number of people are aware of the potential dangers of Internet fraud, the survey findings suggest that many Americans still need to be educated on the subject: 40 percent of respondents did not know or had no opinion about Internet fraud.

The consulting firm, Meridien Research, estimates Internet payment fraud at $1.6 billion worldwide in 2000, the majority of which occurs in the United States. Meridien projects that with the growth of Web payments, the amount of losses could grow to between $5.7 billion and $15.5 billion by 2005, depending on the level of investment in anti-fraud technology. Online fraud has reached "unacceptable levels," according to Meridien, which reports that some Internet merchants lose up to 10 percent of revenues to phony payments.

"As online auctions, e-tailers and electronic marketplaces continue to gain popularity, consumers need to be aware of the potential for online fraud, which takes advantage of the speed, anonymity and convenience of the Internet to undermine trust and confidence in transactions," said Brent Cohen, President and CEO, US SEARCH. "Online fraud causes retailers to lose millions of dollars each year, which is in turn passed on to the consumers in the form of higher prices. Our survey shows that more than a third of all Americans don't even have an opinion on the issue, which is staggering when you consider how much is at stake. The real story is how little people know about what's going on and how vulnerable they are.

"At US SEARCH, we believe the impact of Internet fraud is under-appreciated," Cohen said. "Accordingly, we have recognized that the development and deployment of anti-fraud technology is essential if consumers and businesses are to have faith in e-marketplaces -- and fuel the next wave of economic growth online."

Among the survey's other findings:

From a geographic perspective, respondents in the Northwest had the greatest concern about online fraud, with 39 percent agreeing that the problem is significant or severe. Online fraud was less of a concern to survey respondents in the South, with only 6 percent describing it as a serious problem.
Awareness of the problem varies with income level. Those with annual incomes above $75,000 expressed less fear about online fraud than those in the $25,000-$50,000 bracket (32.5 percent to 18 percent).
Those who are married consider online fraud more of a problem than those who are not (38 percent to 31 percent).
Those with children were somewhat more likely to regard online fraud as a problem than those without kids (36 percent to 33 percent).

The US SEARCH survey of 665 Internet-enabled Americans was conducted in February. The margin of error is +/- 3 percentage points. For a copy of the survey results, call 818/719-9299.

SOURCE: US SEARCH Press Release, March 14, 2001

http://retailindustry.about.com/library/bl/bl_usrch0314.htm

Online fraud costs $2.6 billion this year
Survey: Some merchants losing battle against crime

By Bob Sullivan, Technology correspondent, MSNBC

Updated: 5:59 p.m. PT Nov 11, 2004

High fraud rates continue to plague electronic commerce Web sites, with criminals expected to steal $2.6 billion from online merchants this year, according to a new survey.

While that's an annual increase of $700 million, the percent increase is roughly equal to the increase in total Net sales, so rates of fraud stayed essentially the same -- about 2 percent of sales -- according to the survey, conducted by CyberSource Corp.

But the persistent fraud adds hidden costs for merchants, and ultimately, consumers.

Suspicious merchants are now rejecting a far higher percentage of orders, meaning a steep increase in lost sales due to accidental rejection of legitimate orders. Nearly 6 percent of all orders are now rejected, the survey found, up from about 4.5 percent last year.

"That's leaving revenue on the table," said Doug Schwegman, director of market intelligence at CyberSource. Making matters worse, more merchants are manually reviewing orders, Schwegman said, adding to the cost of doing business. "The Internet was supposed to be automated. You don't want to keep adding costs."

International fraud rates also remain high, limiting the the global reach of many Web businesses. Nearly 13 percent of all orders originating from overseas are rejected by U.S. merchants. And even with that high rejection rate, orders that are processed still have a 4 percent fraud rate, the survey found.

But Daniele Micci-Barreca, senior director of fraud solutions at ClearCommerce Corp, said the picture may not be as bleak as the survey suggests. High incidence of fraud at individual merchants can really skew averages, he said, making the overall fraud rate a misleading statistic.

"Be careful in looking at averages," he said. "In our experience if you take a typical sample of online merchants, the reality is that there is a small set of merchants that account for most fraud losses. ... There are still a significant number of merchants that have very big problems."

Still, even if fraud rates remain flat, Gartner analyst Avivah Litan says that's a bad sign for electronic merchants, and for electronic commerce.

"In general, with all the money being spent fighting online fraud, the rates should be going down. The fact that they have merely stabilized is not good news," she said.

Smaller merchants feel the pinch

Automated tools designed to help merchants don't seem to be helping either, she said. "There are too many false positives, which is why merchants are increasingly having to review orders manually," she said. "This proves that the crooks have gotten way ahead of the fraud detection systems that are out there."

Statistics also show that medium-sized merchants continue to be hardest hit by fraud, while larger merchants are doing better at protecting themselves, according to CyberSource.

Merchants with sales of between $500,000 and $5 million reject more orders, but still face more fraud anyway, the survey found. Fraud rates at sites with sales of greater than $25 million are half that of fraud at the smaller sites, while rejection rates are about 50 percent lower.

That concerns Litan, who assumes it means that many smaller merchants simply can't afford expensive fraud protection software, or what they are buying isn't working.

"The Internet was supposed to provide a level playing field providing equal opportunity for all types of merchants," she said. "But the smaller e-tailers are losing out on two ends: From a fraud point of view, the big guys have an advantage because they have more resources to spend fighting fraud. And from the consumer point of view, increasingly suspicious consumers -- many of whom experience phishing attacks and other online scams -- are less likely to shop at unknown brands and sites."

http://www.msnbc.msn.com/id/6463545/

Our products provide internet security for busineses and their customers. Gaining trust and preventing credit card fraud for our members is our key goal. With rampant concerns about fraud related issues such as identity theft, phishing, credit card fraud and all crimes internet, we work with businesses to win trust and strike back at fraud.