With the development of the Internet in the last twenty years, the nature and manner in which financial transactions are carried out has undergone a sea change. In its early days, the Internet was used solely for purposes of communication. But in recent years the role and scope of the Internet has assumed new dimensions with the introduction of commercial transactions. What has come to be called e-commerce has its origins in the dotcom boom of the late 1990s. But it is only after the inevitable dotcom bust in the early years of the millennium that e-commerce established itself as a viable and dependable method of conducting business. Technological innovation in terms of developing security software aided this process and so did the process of globalization. As a culmination of these parallel but complementary processes, e-commerce in general and electronic financial transactions in particular has firmly taken root in mainstream global economy. While this kind of progress in such a short span of time is an impressive achievement, there is much work to be done in terms of creating robust security systems for the Internet. This essay will look into the various types of security threats facing electronic financial transactions, the potential damage they could inflict, the remedial measures to counter these threats and the effectiveness of such measures.
The architecture of the Internet is such that it is inherently difficult to ensure security. Alongside this, the concept of user anonymity makes the Internet “an attractive medium for extortion and crimes involving theft of personal information for illicit financial gain” (Misra Scherer et al, 2004). As per a report released by IDG News Service, many organized crime groups avail of the services offered by hackers to implement complex and sophisticated financial schemes to swindle money from unsuspecting participants. According to the Internet Crime Complaint Center, as much as $200 million was lost in the year 2006 alone. And each year this sum seems to increase, since financial institutions like banks and insurance companies are lucrative targets for cybercriminals. A FBI report released at the beginning of the new millennia has confirmed the nexus between computer hackers and organized crime groups. Many of these organized crime groups are said to operate from Eastern European countries that were part of the erstwhile Soviet Union. In such cases, the hackers first crack the security systems in place and gain access to vital data. The organized crime groups then sell this data to interested parties, who in turn exploit it to “gain unauthorized access to credit card, bank, and brokerage accounts of unsuspecting victims” (Kiessig, 2006). Indeed the market for stolen identities is so big that it recently reached dollar one billion mark. But the threats don’t end with just monetary loss, as the following cases illustrate:
“The most alarming development in the area of information systems security is that terrorist organizations now perceive cybercrimes both as a source of financing for their activities and as a new weapon in their arsenal. For example, according to law enforcement organizations, the Irish Republican Army and the terrorists that plotted the foiled bombing of the Los Angeles International Airport used identity theft to finance their activities. Imam Samudra, the radical Muslim cleric and mastermind of the devastating 2002 Bali bombing attacks that claimed 202 lives, called for fellow Muslim radicals to take jihad into cyberspace and tap into online credit card fraud as a source of funding.” (Misra Scherer et al, 2004)
Instances of a particular type of financial crime called “insider fraud” have also escalated during the age of the Internet. The improvement in telecommunication technology, which has helped businesses in unprecedented ways, has also incidentally facilitated fraudsters. According to industry analysts, two thirds of all losses arise due to this kind of fraudulent activity within the confines of the organization. As much as 6% of the annual revenue of a business organization can be lost in this manner (Kiessig, 2006). As was rightly pointed out by a report, this kind of electronic financial transaction fraud is perpetrated by technology-savvy employees, who have a thorough understanding of the financial processes, business system customizations and network technology. Recently laid-off employees, subcontractors and third-party consultants also commit such frauds. In such cases, the enemy is clearly within and not without. So who gains access to vital computer systems will have a bearing on the overall security of business operations. (Taylor, 2005)