Malaysia Ahead in Fighting Online Credit Card Fraud

KUALA LUMPUR: Although the usage of electronic payment in Malaysia is still low compared with developed countries, it is nonetheless a fast mover  when responding to online fraud, MasterCard International vice-president for operations and advanced payment products (South-East Asia) David Chan said.

He said Malaysia was among the first countries in the world to migrate  to EMV (Europay-MasterCard-Visa) cards in an effort to combat credit card fraud.

Realising that online fraud can cause huge losses, banks in Malaysia are moving fast to equip themselves with more secure anti-fraud codes and devices.

The rate of adoption by local banks is fast, judging from its size if compared with developed countries, he told StarBiz after presenting his paper entitled i-Banking Technologies and Cost Effectiveness: Migration to Electronic Payment yesterday.

He added that online authentication was essential for sustaining continued online payments and banking growth.

Chan said online payments globally currently accounted about 10% of the total US$5tril plus e-payments business. He attributed this enormous figure to the rising e-commerce business worldwide.

He said although online fraud was 20 times higher than total card fraud in the US, nevertheless it had declined with the usage of more secure online fraud codes and devices.

Source: http://www.join2u.com/news/fighting.htm

Comment:

It’s good to see that local banks were start taking few solutions to improve the safety of using online banking services and it could ensure the user account information is protected. In my opinion, the cooperation between organization and users is the key factors to prevent cyber crime activities. Most of the online credit card fraud is not caused by the weakness of online security of bank, but its caused by the malware programme within the user computer.  A proper firewall and anti-virus programme should be setting up before we connect the computer devices to internet. Therefore, I believe that security system is just a tool to prevent cyber crime activities and public awareness of security of internet in turn increase the effectiveness in preventing cybercrime activities.

Malaysian Hacker Jailed in US

WASHINGTON: A US District judge sentenced a Malaysian to 10 years in prison for hacking into the US Federal Reserve and other banks.

Lin Mun Poo, a Malaysian citizen, had admitted earlier this year to hacking into the US central bank, various private financial institutions and possessing stolen bank card and credit card numbers, officials said.

According to AFP, he also admitted to hacking into a Fed computer server and installing a malicious software code here.

Lin, who is from Ipoh, travelled to the United States in October last year "for the purpose of selling stolen credit card and bank card numbers" but a purchaser was in fact an undercover US agent, according to prosecutors.

When he was arrested, Lin held over 122,000 stolen bank card and credit card numbers.

The US Justice Department said Lin's "cybercrime activities also extended to the national security sector", including hacking into the computer system of a Pentagon contractor that provides systems management services for military transport and other military operations.

"Today's sentences send the message to hackers around the world that the United States is no place to conduct their business," US Attorney Loretta Lynch said in a statement on Friday.

Dhillon Andrew Kannabhiran, founder and chief executive officer of hackers community Hack in The Box, said the stiff 10-year sentences was meant to deter hackers from hacking into government networks.

Details of the case are not clear to me, but you can argue that 10 years for computer crime is harsh by any standards, " Dhillon told The Star.

"It's definitely a sentence which is meant to send a message."

Dhillon said the hacker was "asking for trouble".

"Hacking is a tool. Just like a knife can be used by a chef to prepare a meal or to stab somesone. It is your motives that sets you apart. People who use their skills to commit financial fraud are not hackers, but just criminals," he said.

Lin, according to a fellow hacker, deserved his punishment.

"Most hackers have the skills to breach a computer security system. But once you use your skills for malice, then you have committed a crime, " said a computer security consultant who wished to be identified as Sam.

"If you are caught, you deserve to be punished like any other criminal."

Sam said most people with hacking expertise, like himself, were hired by companies to "test" their computer security system.

"Most of us use our skills to make a decent, legitimate living."

Source: TheStar, http://thestar.com.my/news/story.asp?file=/2011/11/6/nation/9850531&sec=nation

Comment:

Again, there is another "Smart Guy" who committed crime and imposed of 10 years imprison for hacking into US Federal Reserve and other banks. I believe that this guy had successful to prove his good knowledge to the world; unfortunately he selected a wrong way and has to spend his coming 10 years life in jail. Cybercrime activities proved that IT knowledge have double side effects which it improves our lifestyle or destroy it. If the case above happen in Malaysia, this guy could be charged under Computer Crime Act 1997 section 3(1) or (2) or (3) : unauthorized access due to the stealing bank card and credit card information from third party. The maximum fine under this section is liable to a maximum RM 50,000 or to 5 years imprisonment or both.

Many Malaysian Government Sites Hacked

Malaysia's Communications and Multimedia Commission said that 51 websites in the .gov.my domain were attacked beginning late Wednesday, and that 41 of the sites suffered various levels of disruption.

The MCMC, the country's Internet and telecommunications regulator, did not however provide information on the nature of the attacks, or the people behind it, describing them only as "unknown hackers".

However, it made references to some of the websites recovering quickly, suggesting that these sites faced a DDoS or distributed denial-of-service attack rather than a hack.

DDoS attacks can make a website inaccessible to users by swamping the website with traffic from hundreds or thousands of computers.

Such attacks are a known tactic of Anonymous, a hacker group that had threatened to attack Malaysia.

The MCMC had noticed a reduction in the levels of attack by 4 a.m. local time Thursday, it said. The attacks had little effect on Malaysian users, and most of the websites have already recovered, it said.

"We do not expect the overall recovery to these websites to take long," it said.

"The public is advised to report any information they may have regarding the identity of these hackers as the act to disrupt network services is a serious offence," it said.

Anonymous has used various online forums to threaten Malaysia with an attack in protest against the government's decision to block 10 websites that reportedly allowed the download of pirated content. Earlier this week, Anonymous invited people to join Operation Malaysia, targeting a government website from 7.30 p.m. GMT on Wednesday (3.30 a.m. Thursday, local time).

Source: PC World, http://www.pcworld.com/businesscenter/article/230421/many_malaysian_government_sites_hacked.html

Comment:

Government website been hacked is a serious issue because it may cause the leak of some confidential information and affect the safety of a country. Moreover, the disrupted of the government website was raising people concerns on the safety of using the internet and it might reduce the trusty of a government in public. In my opinion, it’s not easy to find out the identity of those hackers because these DDoS attacks have been well planned and executed by a group of well trained hackers. However, those guys who are found committed in these activities could be charged under Communication & Multimedia Act 1998 Section 233 due to the improper use of network facilities and network services where they trying to threaten other party. The offences are liable to a fine not more than RM50, 000 or to imprisonment not exceeding 1 year or both.

1,191 Internet Banking Fraud Detected in 2009

KUALA LUMPUR, Dec 9 — There has been 1,191 cases of internet banking fraud detected throughout 2009 with the total loss from such cases amounting to RM 1 million.

Deputy Finance Minister Datuk Wira Chor Chee Heung told Parliament that Internet banking fraud often involves “phishing” activities which is a form of cyber-crime specialising in stealing private information through e-mails, fake websites or short messaging system or SMS.

Information taken will then be used to infiltrate the users’ account where cash will be transferred illegally into a third party account.

Replying to a question by Fong Kui Lun, the Bukit Bintang MP from DAP,. Chor said the government has introduced various measures to eradicate internet banking fraud cases such as the “two-factor authentication” for online banking transactions, and periodical monitoring to ensure banks obey the guidelines set by the central bank.

But analysts remain sceptical towards the monitoring system used by Malaysian banks, with many saying the technology used for fraud detection being outdated and ineffective.

Online banking services have doubled since its introduction in recent years with the number of mobile subscribers growing from 300,000 in 2007 to 500,000 in 2008, while its transaction value rose from RM21.2 million in 2007 to RM71.5 million in 2008.

And phishing remained the main threat for online banking transactions accounting for 94 per cent of the reported Internet banking fraud cases in 2008 according to a report released by Bank Negara last year.

Source: TheMalaysianInsider, http://www.themalaysianinsider.com/malaysia/article/1191-internet-banking-fraud-detected-in-2009-/

Comment:

Nowadays, the online banking services provided a convenience platform for people to do their money transaction and they no longer need to present in bank counter for any transactions. However, there is hidden threat under online banking services because we don’t know whether our personal information is secured or not. The article above shows that our account information and personal information is not 100% secured because its might be steal by third party via phishing activities. In my opinion, a phishing activity is used to steal other individual information without the permission from relevant party. Therefore, anyone who are involved in phishing activities could be charged under Computer Crime Act 1997 Section 3 (1) or (2) or (3): unauthorized access. The maximum fine under this section is liable to a maximum RM50, 000 or to 5 year imprisonment or both.