Malaysia Ahead in Fighting Online Credit Card Fraud

KUALA LUMPUR: Although the usage of electronic payment in Malaysia is still low compared with developed countries, it is nonetheless a fast mover  when responding to online fraud, MasterCard International vice-president for operations and advanced payment products (South-East Asia) David Chan said.

He said Malaysia was among the first countries in the world to migrate  to EMV (Europay-MasterCard-Visa) cards in an effort to combat credit card fraud.

Realising that online fraud can cause huge losses, banks in Malaysia are moving fast to equip themselves with more secure anti-fraud codes and devices.

The rate of adoption by local banks is fast, judging from its size if compared with developed countries, he told StarBiz after presenting his paper entitled i-Banking Technologies and Cost Effectiveness: Migration to Electronic Payment yesterday.

He added that online authentication was essential for sustaining continued online payments and banking growth.

Chan said online payments globally currently accounted about 10% of the total US$5tril plus e-payments business. He attributed this enormous figure to the rising e-commerce business worldwide.

He said although online fraud was 20 times higher than total card fraud in the US, nevertheless it had declined with the usage of more secure online fraud codes and devices.

Source: http://www.join2u.com/news/fighting.htm

Comment:

It’s good to see that local banks were start taking few solutions to improve the safety of using online banking services and it could ensure the user account information is protected. In my opinion, the cooperation between organization and users is the key factors to prevent cyber crime activities. Most of the online credit card fraud is not caused by the weakness of online security of bank, but its caused by the malware programme within the user computer.  A proper firewall and anti-virus programme should be setting up before we connect the computer devices to internet. Therefore, I believe that security system is just a tool to prevent cyber crime activities and public awareness of security of internet in turn increase the effectiveness in preventing cybercrime activities.

Malaysian Hacker Jailed in US

WASHINGTON: A US District judge sentenced a Malaysian to 10 years in prison for hacking into the US Federal Reserve and other banks.

Lin Mun Poo, a Malaysian citizen, had admitted earlier this year to hacking into the US central bank, various private financial institutions and possessing stolen bank card and credit card numbers, officials said.

According to AFP, he also admitted to hacking into a Fed computer server and installing a malicious software code here.

Lin, who is from Ipoh, travelled to the United States in October last year "for the purpose of selling stolen credit card and bank card numbers" but a purchaser was in fact an undercover US agent, according to prosecutors.

When he was arrested, Lin held over 122,000 stolen bank card and credit card numbers.

The US Justice Department said Lin's "cybercrime activities also extended to the national security sector", including hacking into the computer system of a Pentagon contractor that provides systems management services for military transport and other military operations.

"Today's sentences send the message to hackers around the world that the United States is no place to conduct their business," US Attorney Loretta Lynch said in a statement on Friday.

Dhillon Andrew Kannabhiran, founder and chief executive officer of hackers community Hack in The Box, said the stiff 10-year sentences was meant to deter hackers from hacking into government networks.

Details of the case are not clear to me, but you can argue that 10 years for computer crime is harsh by any standards, " Dhillon told The Star.

"It's definitely a sentence which is meant to send a message."

Dhillon said the hacker was "asking for trouble".

"Hacking is a tool. Just like a knife can be used by a chef to prepare a meal or to stab somesone. It is your motives that sets you apart. People who use their skills to commit financial fraud are not hackers, but just criminals," he said.

Lin, according to a fellow hacker, deserved his punishment.

"Most hackers have the skills to breach a computer security system. But once you use your skills for malice, then you have committed a crime, " said a computer security consultant who wished to be identified as Sam.

"If you are caught, you deserve to be punished like any other criminal."

Sam said most people with hacking expertise, like himself, were hired by companies to "test" their computer security system.

"Most of us use our skills to make a decent, legitimate living."

Source: TheStar, http://thestar.com.my/news/story.asp?file=/2011/11/6/nation/9850531&sec=nation

Comment:

Again, there is another "Smart Guy" who committed crime and imposed of 10 years imprison for hacking into US Federal Reserve and other banks. I believe that this guy had successful to prove his good knowledge to the world; unfortunately he selected a wrong way and has to spend his coming 10 years life in jail. Cybercrime activities proved that IT knowledge have double side effects which it improves our lifestyle or destroy it. If the case above happen in Malaysia, this guy could be charged under Computer Crime Act 1997 section 3(1) or (2) or (3) : unauthorized access due to the stealing bank card and credit card information from third party. The maximum fine under this section is liable to a maximum RM 50,000 or to 5 years imprisonment or both.

Many Malaysian Government Sites Hacked

Malaysia's Communications and Multimedia Commission said that 51 websites in the .gov.my domain were attacked beginning late Wednesday, and that 41 of the sites suffered various levels of disruption.

The MCMC, the country's Internet and telecommunications regulator, did not however provide information on the nature of the attacks, or the people behind it, describing them only as "unknown hackers".

However, it made references to some of the websites recovering quickly, suggesting that these sites faced a DDoS or distributed denial-of-service attack rather than a hack.

DDoS attacks can make a website inaccessible to users by swamping the website with traffic from hundreds or thousands of computers.

Such attacks are a known tactic of Anonymous, a hacker group that had threatened to attack Malaysia.

The MCMC had noticed a reduction in the levels of attack by 4 a.m. local time Thursday, it said. The attacks had little effect on Malaysian users, and most of the websites have already recovered, it said.

"We do not expect the overall recovery to these websites to take long," it said.

"The public is advised to report any information they may have regarding the identity of these hackers as the act to disrupt network services is a serious offence," it said.

Anonymous has used various online forums to threaten Malaysia with an attack in protest against the government's decision to block 10 websites that reportedly allowed the download of pirated content. Earlier this week, Anonymous invited people to join Operation Malaysia, targeting a government website from 7.30 p.m. GMT on Wednesday (3.30 a.m. Thursday, local time).

Source: PC World, http://www.pcworld.com/businesscenter/article/230421/many_malaysian_government_sites_hacked.html

Comment:

Government website been hacked is a serious issue because it may cause the leak of some confidential information and affect the safety of a country. Moreover, the disrupted of the government website was raising people concerns on the safety of using the internet and it might reduce the trusty of a government in public. In my opinion, it’s not easy to find out the identity of those hackers because these DDoS attacks have been well planned and executed by a group of well trained hackers. However, those guys who are found committed in these activities could be charged under Communication & Multimedia Act 1998 Section 233 due to the improper use of network facilities and network services where they trying to threaten other party. The offences are liable to a fine not more than RM50, 000 or to imprisonment not exceeding 1 year or both.

1,191 Internet Banking Fraud Detected in 2009

KUALA LUMPUR, Dec 9 — There has been 1,191 cases of internet banking fraud detected throughout 2009 with the total loss from such cases amounting to RM 1 million.

Deputy Finance Minister Datuk Wira Chor Chee Heung told Parliament that Internet banking fraud often involves “phishing” activities which is a form of cyber-crime specialising in stealing private information through e-mails, fake websites or short messaging system or SMS.

Information taken will then be used to infiltrate the users’ account where cash will be transferred illegally into a third party account.

Replying to a question by Fong Kui Lun, the Bukit Bintang MP from DAP,. Chor said the government has introduced various measures to eradicate internet banking fraud cases such as the “two-factor authentication” for online banking transactions, and periodical monitoring to ensure banks obey the guidelines set by the central bank.

But analysts remain sceptical towards the monitoring system used by Malaysian banks, with many saying the technology used for fraud detection being outdated and ineffective.

Online banking services have doubled since its introduction in recent years with the number of mobile subscribers growing from 300,000 in 2007 to 500,000 in 2008, while its transaction value rose from RM21.2 million in 2007 to RM71.5 million in 2008.

And phishing remained the main threat for online banking transactions accounting for 94 per cent of the reported Internet banking fraud cases in 2008 according to a report released by Bank Negara last year.

Source: TheMalaysianInsider, http://www.themalaysianinsider.com/malaysia/article/1191-internet-banking-fraud-detected-in-2009-/

Comment:

Nowadays, the online banking services provided a convenience platform for people to do their money transaction and they no longer need to present in bank counter for any transactions. However, there is hidden threat under online banking services because we don’t know whether our personal information is secured or not. The article above shows that our account information and personal information is not 100% secured because its might be steal by third party via phishing activities. In my opinion, a phishing activity is used to steal other individual information without the permission from relevant party. Therefore, anyone who are involved in phishing activities could be charged under Computer Crime Act 1997 Section 3 (1) or (2) or (3): unauthorized access. The maximum fine under this section is liable to a maximum RM50, 000 or to 5 year imprisonment or both.

Financial and Cyber Crime Most Prevalent Economic Crime in Malaysia

KUALA LUMPUR, April 13 (Bernama) -- Financial and cyber crimes were among the most prevalent economic crimes committed in Malaysia, says Honorary Group Chairperson of International Cybercrime and Forensics Examiner (ICFE) Group of Companies, Tommy Seah.

Economic crimes constitute fraud, corruption and bribery, identity theft, money laundering, cyber crime, accounting and financial fraud.

He said the most widespread of financial crimes in Malaysia were financial statement frauds, procurement frauds and misappropriation of assets.

Explaining further, Seah said although economic crime in Malaysia was not at an alarming stage it was nevertheless increasing.

"Malaysia is a pretty docile country but we are also not well equipped in preventing such crimes," he said, adding that many people, particularly organisations were not aware of the implications of economic crime.

"Skills and knowledge can be transferred and acquired and Malaysia has the ability but the corporate will to put the house in order is more vital," he said in an interview with Bernama today.

When asked why economic crimes occurred, he said :" The desire for a better quality of life is a common denominator of a country.

"When economies grow along with a better quality of life desire also arises.

"And, when they cannot attain a better quality of life legitimately, they tend to achieve it by committing crime."

Seah also said if this crime was not addressed, it becomes a distressing issue for individuals.

"It is important to ensure greater enforcement by the authorities and organisations in order for Malaysia to remain attractive to foreign investors," he said, adding that ICFE and CSI World Headquarters would jointly organise a two-day International Cyber and Economic Crime Conference beginning June 15.

Seah said the conference was aimed at educating professionals and to provide Malaysians an opportunity to update skills, especially in digital forensics, in order to be on par with international standards.

"We are expecting professionals from both the public and private sectors who will gather insights about the field from esteemed local and international speakers," Seah added. (By By Santhia Panjanadan/ Bernama)

Source:MySinchew, http://www.mysinchew.com/node/37655

Comment:

After reading this article, I found that cyber laws or other regulations is not enough to prevent online criminal activities because law is just a reference to determine whether that certain behavior is correct or not. In order to be more effectively the safety on internet, we shall take concern on some other aspects like education, social development, and etc. From the example given by the above article, people would like to involve in cybercrime activities in order to improve their life of quality. And I believe that, a proper education on moral and ethic will be the most efficient tool to reduce cybercrime activities because our action is guide by our own beliefs.

Online Crime Surge in Malaysia

Over 3,500 incidents of online crime were reported just in the first quarter of this year, The Star, a Malaysian daily, reported.

Last year's tally of reported cyber crimes stood at about 8,000 cases, said CyberSecurity Malaysia chief operating officer Zahri Yunos.

"The cases have increased exponentially," he said, pointing to the increase in Internet usage and broadband penetration as factors driving the spike. (Broadband penetration is currently at 55%)

More than a third (36%) of cases reported during the first quarter of 2011 involved online fraud, Zahri said. Phishing and identity theft are included in this category .

"Phishing sites targeting local banks have also increased, with 400 sites detected fir the first quarter of this year compared to 900 last year," he said.

Our advice? Ensure and check if websites are legitimate before submitting any personal information on or through them, A tell-tale sign of a fraudulent website is often an odd or fishy URL.

Also, ensure personal information posted on social networking sites are viewable only by people you trust.

Source: MsnNews, http://news.malaysia.msn.com/regional/article.aspx?cp-documentid=4804558

Comment:

The increasing in the online crime activities proved that internet can provide us a convenience platform to do many things but its security development is failed to protect the safety of internet user. Among the cybercrime cases, phishing and identity theft is the most common online fraud activities and the person who found involves in these activities could be charged under Computer Crimes Act 1997 Section 3(1)(a) if he causes a computer to intent to secure access to any program or data held in any computer; Section 3(1)(b) the access he intend to secure is unauthorized; Section 3 (1)(c) he knows at the time when he causes the computer to perform the function that is the case. The person who found guilty under these sections is liable to up to RM 50,000 fine or 5 year imprisonment or to both. In my opinion, government should increase the punishments by imposed fine on identity theft activities based on the amount of value involved because RM 50,000 is nothing if the case involves more than million dollars.