by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
Mice Net : December 2008
technology happen to youit could story by Ray shaw Ray Shaw SayS it is only a matter of time before you or your company becomes a victim of on-line fraud. M ark is 30 years old, a medical equipment technician, recently married and lives in the USA. He and his wife applied to a local mortgage broker for a home loan. He had a couple of credit cards that had been maxed out ever since his student days but his parents paid them off as a wedding gift and he never missed a payment on them or his car loan so he thought he was a good credit risk. His wife had savings to cover the house deposit and legal costs. They were shocked to be told that Mark owed $22,000 in delinquent credit cards and a further $32,000 on a personal loan. Mark of course was innocent – the victim of identity theft. The local police tried to track down where it might have happened. Until meeting his future wife his main passion was on-line gaming. This required him to log in with his user name and password, using his credit card to pay for weapons, cheat sheets, immortality spells, etc. He also occasionally used his credit card to buy items on eBay and on-line stores. He rarely shopped in “real stores” and never used the card to pay for petrol, restaurants, etc. His only other significant card purchase had been to attend a day-long “self-improvement” seminar. What has this got to do with technology and the meetings industry you ask? The police eventually managed to make a link between Mark’s attendance at the seminar and his ID theft. The home grown software used to register on-line was not secure and the database including full name, address, credit card and CVV numbers was hacked (a polite word for stolen). Once in the hands of the local organised crime gang it was easy to get his social security number, obtain a false driver’s license, request the bank change his mailing address to a “drop” box (so he would not see the credit card transactions), and apply for new credit cards and loans. It happens every day. Millions of Americans suffer credit card fraud and identity theft – it is big business that diverts hundreds of millions of dollars into the hands of organised crime syndicates and fuels the illicit drug trade. International meetings have become a soft spot for organised crime. They google for “International Congress/conference” and “Australia”. They inspect the websites and registration software to see if it is easy to hack and steal data. Frankly, anything based 26 mice.net on Excel, Jet, Access, PHP, Java, HTML, ASP etc, can have very weak security. I am not aware of any Australian ID theft related to conferences yet but it is only a matter of time because the majority of registration systems used in Australia are still home grown. (I only have experience with EVENTS and it meets current security requirements). In this scenario they are after names, addresses and credit card numbers of international delegates. The next step is to use that information to construct a false ID to get people illegally into Australia. Once you have a confirmation letter and submit an abstract to become a speaker you are two thirds the way there to get a visitor’s visa. At a recent international conference we estimate that 10 per cent of the registrations were potentially in this category. Scary. Another ploy is to use stolen credit card numbers to pay for registrations. They bombard registration sites with “rolling” attacks to find credit cards that are still active. Once found, the number and the ID theft profile can be sold for a few hundred dollars and organised crime reaps up to $50K from each theft. And you get stuck with lots of false registrations and charge backs. Yes USA is the main target at present – mainly because everyone has a social security number that is often required when making on-line purchases or credit card applications. Businesses there are responding quickly – they usually bear the brunt of fraudulent purchases, not the consumer. But in Australia we are more lax. Walk into any hotel back office or on-line store and you will see print outs of on-line bookings complete with name, address, credit card details, etc. Just one carelessly put into the rubbish bin without being shredded could be gold for the “dumpster divers” who make a living cruising the bins from banks, on-line stores, hotels and similar establishments. Before you say it could not happen to me realise that more than 30 per cent of Australian on-line consumers have admitted to being defrauded in some way. It is easy money for criminals. If you accept payment on-line it is high time to look at security. Ask your bank to help, find an expert and above all avoid home grown software solutions. Ray Shaw is an accredited meeting manager (AMM), IT journalist and chairman of Event Planners Australia. To contact him email firstname.lastname@example.org or visit www.eventplanners.com.au.