October 14, 2003, 9:58 AM — Internet use is still growing fast but so is Internet-based fraud, according to security vendor Verisign Inc, which examined data from its own infrastructure services between August 2002 and August 2003.
According to Verisign's study "Internet Security Intelligence Briefing," released Monday, 6.2 percent of e-commerce transactions carried out in the U.S. were attempts at fraud. More than half the fraud attempts were made by entities outside the U.S., Verisign said.
Also, the number of security incidents almost doubled between May 2003 and August 2003, Verisign said.
Standard security attacks and fraud are closely linked, according to Verisign.
"Analysis ... showed extremely high correlation (47 percent ) between sources of fraud and sources of security attacks," the study said. "Attackers who gain control of Internet host machines are using these compromised hosts for both security attacks and fraudulent e-commerce transactions."
Other findings from the study include:
-- total DNS (Domain Name System) queries such as finding Web sites and e-mail addresses grew by 51.4 percent between August 2002 and August 2003
-- e-mail related DNS queries rose by 245 percent over the same period, partly because of the upsurge in spam and mass-mailing viruses such as Bugbear
-- the average number of Internet transactions per online merchant site has grown 17 percent in the past year
-- SSL (Secure Socket Layer) has become the de facto e-commerce security standard, with over 400,000 sites and growth in certificate issue of 6 percent over the past year
-- security incidents per device rose 99 percent between May 2003 and August 2003, with the Blaster worm contributing most of the increase in August
-- the trend in viruses and worms is towards more sophisticated, potent and coordinated attacks along the lines of Blaster, Nachi and Sobig.F, which was the first virus to direct itself at the Internet's root servers
Security incidents were principally generated in the U.S. (81 percent ), but the percentage of fraud attempts made from the U.S. was much lower (48 percent). One reason for the difference is the weak policing of the Internet outside the U.S., according to Verisign.
"International criminals can essentially commit fraud with impunity, given that jurisdiction issues make policing international fraud near impossible," the report said.
Following the U.S. in the fraud stakes was the U.K. (5.25 percent), while in third place was Nigeria (4.81 percent), where the 419, or advance fee, fraud epidemic rages unchecked.
