[cap-talk] Costs of ecommerce fraud

Jed Donnelley capability at webstart.com
Fri Jun 29 00:04:32 EDT 2007

<I'll just mention that I've been following the petname
antiphishing thread.  I agree with all that's been said,
particularly with regard to exposing passwords to shoulder
surfing - surprised that one even came up.>

On a related note I thought this message might interest
people on this list:


particularly this:
The story begins with E-Trade's 10-Q filing of 17 November,
which filing is at [1] and elsewhere.  In that 10-Q, we have
this paragraph:

 > Other expenses increased 97% to $45.7 million and 55% to
 > $101.9 million for the three and nine months ended September
 > 30, 2006, respectively, compared to the same periods in
 > 2005. These increases were primarily due to fraud related
 > losses during the third quarter of 2006 of $18.1 million, of
 > which $10.0 million was identity theft related. The identity
 > theft situations arose from recent computer viruses that
 > attacked the personal computers of our customers, not from a
 > breach of the security of our systems. We reimbursed
 > customers for their losses through our Complete Protection
 > Guarantee. These fraud schemes have impacted our industry as
 > a whole. While we believe our systems remain safe and
 > secure, we have implemented technological and operational
 > changes to deter unauthorized activity in our customer
 > accounts.

In other words, remote exploitation of individual customer's
computers, doubtless many of them home machines and the
laptops of road warriors, eventually lead to a loss for
E-Trade that was material enough to appear on the 10-Q.

The bottom line for me is that there isn't much hope
for ecommerce if user systems are generally compromised.
It seems to me there might be an opportunity there.


More information about the cap-talk mailing list