Electronic Commerce: The Future of Fraud

Bruce Schneier schneier at counterpane.com
Sun Nov 15 06:31:05 PST 1998



This appeared in my November newsletter, CRYPTO-GRAM, but I thought it
general enough interest to send it here.

Bruce


Electronic Commerce: The Future of Fraud

Fraud has been perpetrated against every commerce system man has ever
invented, from gold coin to stock certificates to paper checks to credit
cards.  Electronic commerce systems will be no different; if that's where
the money is, that's where the crime will be.  The threats are exactly the
same.

Most fraud against existing electronic commerce systems -- ATM machines,
electronic check systems, stored value tokens -- has been low tech.  No
matter how bad the cryptographic and computer security safeguards, most
criminals bypass them entirely and focus on procedural problems, human
oversight, and old-fashioned physical theft.  Why attack subtle information
security systems when you can just haul an ATM machine away in a truck?

This implies that new commerce systems don't have to be secure, but just
better than what exists.  Don't outrun the bear, just outrun the people
you're with.  Unfortunately, there are three features of electronic
commerce that are likely to make fraud more devastating.

One, the ease of automation.  The same automation that makes electronic
commerce systems more efficient than paper systems also makes fraud more
efficient.  A particular fraud that might have taken a criminal ten minutes
to execute on paper can be completed with a single keystroke, or
automatically while he sleeps.  Low-value frauds, that fell below the radar
in paper systems, become dangerous in the electronic world.  No one cares
if it is possible to counterfeit nickels.  However, if a criminal can mint
electronic nickels, he might make a million dollars in a week.  A
pickpocketing technique that works once in ten thousand tries would starve
a criminal on the streets, but he might get thirty successes a day on the net.

Two, the difficulty of isolating jurisdiction.  The electronic world is a
world without geography.  A criminal doesn't have to be physically near a
system he is defrauding; he can attack Citibank in New York from St.
Petersburg. He can jurisdiction shop, and launch his attacks from countries
with poor criminal laws, inadequate police forces, and lax extradition
treaties.

And three, the speed of propagation.  News travels fast on the Internet.
Counterfeiting paper money takes skill, equipment, and organization.  If
one or two or even a hundred people can do it, so what?  It's a crime, but
it won't affect the money supply.  But if someone figures out how to
defraud an electronic commerce system and posts a program on the Internet,
a thousand people could have it in an hour, a hundred thousand in a week.
This could easily bring down a currency.  And only the first attacker needs
skill; everyone else can just use software.  "Click here to drop the
deutsche mark."

Cryptography has the potential to make electronic commerce systems safer
than paper systems, but not in the ways most people think.  Encryption and
digital signatures are important, but secure audit trails are even more
important.  Systems based on long-term relationships, like credit cards and
checking accounts, are safer than anonymous systems like cash.  But
identity theft is so easy that systems based solely on identity are doomed.

Preventing crime in electronic commerce is important, but more important is
to be able to detect it.  We don't prevent crime in our society.  We detect
crime after the fact, gather enough evidence to convince a neutral third
party of the criminal's guilt, and hope that the punishment provides a
back-channel of prevention.  Electronic commerce systems should have the
same goals.  They should be able to detect that fraud has taken place and
finger the guilty.  And more important, they should be able to provide
irrefutable evidence that can convict the guilty in court.

Perfect solutions are not required -- there are hundred of millions of
dollars lost to credit card fraud every year -- but systems that can be
broken completely are unacceptable.  It's vital that attacks cannot be
automated and reproduced without skill. Traditionally, fraud-prevention has
been a game of catch-up.  A commerce system is introduced, a particular
type of fraud is discovered, and the system is patched.  Money is made
harder to counterfeit.  Online credit card verification makes fraud harder.
 Checks are printed on special paper that makes them harder to alter.
These patches reduce fraud for a while, until another attack is discovered.
 And the cycle continues.

The electronic world moves too fast for this cycle.  A serious flaw in an
electronic commerce system could bankrupt a company in days.  Today's
systems must anticipate future attacks.  Any successful electronic commerce
system is likely to remain in use for ten years or more.  It must be able
to withstand the future:  smarter attackers, more computational power, and
greater incentives to subvert a widespread system.  There won't be time to
upgrade them in the field.

Why Cryptography is Harder Than it Looks:
http://www.counterpane.com/whycrypto.html

Security Pitfalls in Cryptography:
http://www.counterpane.com/pitfalls.html

Subscribe to CRYPTO-GRAM:
http://www.counterpane.com/crypto-gram.html 

**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com






More information about the cypherpunks-legacy mailing list