"Antiquated" laws helping online fraudsters escape

Banks and retailers need to be able to share more information so they can fight back against internet fraudsters.

UK payments industry body Apacs has warned that data protection laws are hindering data sharing which could alert banks and retailers to fraud attempts.

Riten Gohil of the fraud control division at Apacs told silicon.com: "The difficulties are that there are lots of antiquated data protection laws that make domestic data sharing hard and beyond [national] boundaries it's even harder."

He added: "It's a real barrier. It's one of our big challenges - the criminals don't have human rights laws and don't have the same restrictions that we do."

The successful implementation of chip and PIN has left fraudsters looking for easier targets - such as card not present. As a result Apacs is looking to build awareness of anti-fraud initiatives such as verified by visa but is also looking at the rollout of two-factor authentication technologies across the industry - but these aren't likely to be widely available until 2007.

Gohil said fraudsters are learning new types of fraud as the banks tighten their defences : "[Criminals'] education is improving as much as anyone else's. We are talking about a global phenomena here - information is a hot commodity for the criminal these days."

Katherine Hutchison, director of retail products and strategy at payments company eFunds warned: "Ecommerce is the weakest link because you can try [frauds] over and over again and you probably won't get caught or even detected."

She said a fraud industry has developed where specialists trade skills and information to attack weaker targets.

Hutchison added: "It's become this cottage industry where they sell each other their goods and services. You used to have to be able to do it all. In the last year they've broken out of that model and they are starting up an underground industry and selling services to each other."