Agape Blog

Credit card fraud is increasing enormously though it is in its childhood stage. Most of the cases received on credit card fraud at cyber crime complaint cell in Agape Inc. are unauthorized use of credit card. Money is credited on the account of card holder without his/her knowledge or items are purchased without his/her consent.

There are no definitive global figures on losses from credit card fraud - most financial institutions are tight-lipped on the subject — an FBI report from 2005 indicated that credit cards represented the majority of the total $315 billion (Rs1,283,310 crore) U.S. financial fraud loss for that year, while a recent European study found that more than 22 million adults fell victim to credit card scams in 2006. Figures from the Banque de France, the country’s central bank, showed a credit card fraud loss of 236 million euros, or $319 million, for 2005.

The increase in Internet fraud could be expected because more businesses are accepting online transactions. The problem is that the criminals are targeting the customers more than the technology. It is not about hacking into computers as much as it is about tricking users into revealing their card or account details.

As far as banks and credit card companies are concerned, online theft is the same as its equivalent in the physical world: If someone steals your card information, the bank or card issuer will normally cover most or all of unauthorized charges. That is why many card issuers are putting new security measures in place. “Verified by Visa” is a free service where your purchases are protected with participating online merchants by a password, as is MasterCard’s new SecureCode service.

Card companies are hoping the extra layer of security will reduce some of the more popular types of identity theft, both online and offline, that fraudsters are now employing.

Instead of these security users have less control over his card in terms of authentication. During money transaction or the credit card number transaction control should be defined by the user itself as we do in physical transaction. The security professional must think on the secure authentication techniques which will provide more control to the user itself.

Dear team,

I am greatly thankful to the fraud management team at AGAPE for taking my case (orkut profile hacked) seriously.

I had filed a complaint at various places but could not receive any help from them. But after registering my complaint at AGAPE, within a week I received a mail from the fraud management team giving the details of my hacked ID. It was unbelievable. A million thanks for such an incredible job.

I give my high regards for such an effort done by you.

888888

Dear Sir,

I would like to express my thanks in getting my fake orkut profile blocked.

This has really helped me cause I was been terribly impersonated on orkut for months which had adverse effect on me and my family as there was a lot of personal information in the profile.

Thanks a lot for considering my case sensitive and helping me get back to my normal life.

888888

Hi,
You have done really good work. I tried to get this job done by many other means but nothing worked. Thank you so much for your assistance and the time you spent. God bless you.

Regards,
8888888

Dear Sir,

Thanks a lot for your support, pls note that I am able to open my e-mail id, now I want to change the password, I am trying to change that, but when I click on to change password it ask for previous passord & new passord,

I entered *********** as previous password, & a new passord, but it not changing and showing that the previous password entered is in correct.

Pls help.

Best Regards,

88888888

Note: Name of the client is not shown due to privacy & security reasons.

Identity theft - also know as identity fraud, ID theft and ID fraud - is fraud perpetrated by a criminal who assumes someone else’s identity in order to profit illegally.

There are different types of identity theft - but in simple terms, someone pretends to be you in order to sign up for goods and services in your name - or they may simply use your details to access your already existing bank and/or credit card accounts.

You will probably be completely unaware of this until you receive a bill for something you haven’t ordered or your credit card statement arrives with a number of high value purchases of which you have no previous knowledge.

While 80% of Americans who use the internet, make financial transactions online, which give hackers a lot of opportunity to exploit there skill, there is still widespread concern with becoming a victim of on line fraud and Identity theft.

Surveys within the last twelve months, 9.3 million Americans were victims of identity theft.

How does identity theft occur?

Identity thieves can steal your personal information directly of in directly. Most thieves still obtain personal information through traditional rather than electronic channels. In the cases where the method was known, 68.2% of information was obtained off-line versus only 11.6% obtained online.

a. Stealing your personal belongings like wallet and purses, containing identification cards, bank information or credit cards.

b. Hacking into email accounts, or into social networking sites wherein your personal information can be accessed easily.

c. Complete “change of address” forms to divert mail to other locations.

d. Through bank and credit card statements, pre-approved credit cards, telephone calling cards and tax information.

e. The Scamsters can also obtain your credit report by posing as a landlord, employer who someone else who might have a legitimate need for, including a legal right to personal information.

f. The information can be obtained from your business or personnel records from your place of employment.

g. Even when you are connected to the Internet through broadband service, you are more vulnerable to “hackers” who may try to obtain financial and other personal identity information that is stored in your computer.

What identity thieves can do with this information?

Once identity thieves have your personal information, they use it in a variety of ways.

a. They may call your credit card issuer to change the billing address on your credit card account. The imposter then runs up charges on your account. Because your bills are being sent to a different address, it may be some time before you realize there’s a problem.

b. They may open new credit card accounts in your name. When they use the credit cards and don’t pay the bills, the delinquent accounts are reported on your credit report.

c. They may establish phone or wireless service in your name.

d. They may open a bank account in your name and write bad checks on that account.

e. They may counterfeit checks or credit or debit cards, or authorize electronic transfers in your name, and drain your bank account.

f. They may file for bankruptcy under your name to avoid paying debts they’ve incurred under your name, or to avoid eviction.

g. They may buy a car by taking out an auto loan in your name.

h. They may get identification such as a driver’s license issued with their picture, in your name.

i. They may get a job or file fraudulent tax returns in your name.

j. They may give your name to the police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.

How do you prevent identification theft?

The best way of dealing with Identity theft is to prevent it from happening in the first place. Protect yourself by protecting your identity document, drivers licence and personal information.

The following tips may help you keep your peace of mind.

a. Always keep your ID (identity book), passport and drivers licence safely.

b. Before you disclose any personal information find out how it will be used. Find out if the information will be kept confidential.

c. When you are requested to fill in personal details on documents, ensure that the company you are dealing with is legitimate. Verify if the representative posing on behalf of the company does indeed work at the company in question.

d. Keep a record of your accounts and follow up if they do not arrive on time.

e. Guard your mail from theft. Remove post from your letter box after it has been delivered. If you are going to be away from home, ask a neighbour to collect your post for you.

f. If you move to a new place of residence, change your address on your accounts without delay.

g. Do not use predictable passwords such as your date of birth or telephone number on your accounts.

h. Carry only the amount of information that you will actually need in your handbag.

i. Do not give out personal information on the phone, through the post or over the Internet unless you have initiated the contact or know whom you are dealing with.

j. >Keep items with personal information in a safe place. Tear or shred documents such as credit applications, bank statements and receipts.

k. If you have service work done at your home or employ outside help, do not leave personal information lying around.

l. If you live with housemates ensure that your personal information is kept safely.

m. Give your ID only when absolutely necessary. Ask to use other types of identification when possible.

n. Request a copy of your credit report from each of the major credit reporting agencies every year. Make sure it is accurate and includes only those transactions you have authorized.

Overview: Insurance Industry

The insurance industry continues to brave the challenges of reducing costs and sustaining growth whilst responding to regulatory pressures, compliance issues and the increasing demands of the market. Our Insurance Business Unit offers integrated IT solutions and services spanning business consulting, requirements definition, technology assessment, solution architecture design, development, implementation and support.

India is considered the largest business area to the insurance industry for national as well as foreign investors. It is due to larger population and late privatization of this industry. India is the fifth largest life insurance market in the emerging insurance economies globally and is growing at 32-34% annually. This impressive growth in the market has been driven by liberalization, with new players significantly enhancing product awareness and promoting consumer education and information. The strong growth potential of the country has also made international players to look at the Indian insurance market. Moreover, saturation of insurance markets in many developed economies has made the Indian market more attractive for international insurance players, according to “Booming Insurance Market in India (2008-2011).”

Total life insurance premium in India is projected to grow Rs 1,230,000 Crore by 2010-11.
Total non-life insurance premium is expected to increase at a CAGR of 25% for the period spanning from 2008-09 to 2010-11.

With the entry of several low-cost airlines, along with fleet expansion by existing ones and increasing corporate aircraft ownership, the Indian aviation insurance market is all set to boom in a big way in coming years.

Home insurance segment is set to achieve a 100% growth as financial institutions have made home insurance obligatory for housing loan approvals.

Health insurance is poised to become the second largest business for non-life insurers after motor insurance in next three years.

Virtually every enterprise is affected by losses due to fraud, but industry segments that process large numbers of transactions are particularly vulnerable. Every day, the number of electronic transactions continues to grow, increasing both the potential risk of fraud and the potential size of fraud losses. Analyzing the large volume of data from these transactions to detect fraud and abuse is simply beyond the ability of human beings, however skillful they may be.

Insurance fraud costs the average American household more than $5,000 a year in the form of higher premiums and prices for goods and services, according to Insurance Fraud: Renewing the Crusade, a recent study from Hartford, Connecticut-based Conning & Company. In 1999, consumers paid an estimated $96.2 billion in increased premiums and more than $530 million in the increased cost of goods and services–all thanks to fraud.

We all pay for the cost of crime, and preventing it is much more appealing for insurers than accounting for it after the fact. Insurance losses related to crime and abuses are factored into companies’ rates as a cost of doing business.

Relatively few instances of fraud affect the balance of the companies’ customers. Insurers have implemented sophisticated and powerful computer systems to try to accurately identify the losses as soon as possible after they happen, and factor them into their rates through timely accounting of the losses of those few.

Recovery of the losses after the fact does not happen as quickly as the loss itself, since new rates must cycle through the natural course of business as new policies occur and old ones are renewed; and you don’t just add in the real costs, they have to be factored into the rates carefully, after considering competitive and shareholder concerns as well. Powerful actuarial resources are in place to forecast and predict the necessary reserves to protect the insurer against these few potential losses from crime and abuse. This is really a form of accounting for crime that is expected to happen. What about preventing it before it happens? A recent study revealed that 10-15 percent of insurance premiums fund the North American $40 billion insurance fraud tab, not including the accompanying investigation expenses and legal fees.

Fraudulent claims are not only very expensive, they are also one of the most frustrating and aggravating elements of the insurance industry. Conventional wisdom in the industry states that 10 to 20 percent of all indemnity is fraudulent. The percentage of claims which are detected or denied ranges from 1 to 5 percent, suggesting improvements are to be gained. This gain heads straight for profit line of the insurer’s balance sheet. For many of the major insurers this gain means millions to hundreds of millions of profit not being pursued. Even a small improvement of a few percentage points is significant, and the potential for improvement is much greater.

FSA to examine the steps taken by Claimant Insurers to combat fraud, the following results were found:

Reducing or controlling this significant amount is worthy of proactive investment by insurers. Just as public law enforcement agencies continually search for tools and techniques to help them prevent crime, Special Investigative or Security Units of insurers can also use a helping hand. Tools are important, and the raw material is under their noses. In addition to currently available external industry claims data bases, insurers have a very powerful resource within their own computer data centers, their own operating data.

For many insurers, fraud investigation is handled in a responsive and reactive manner, when claims administrators are suspicious of a claim, they inform their supervisor. The supervisor reviews the information, and if the supervisor feels the claim warrants investigation, it is forwarded to the SIU or Security Unit, The investigative/security unit reviews the information to determine whether to accept the claim for investigation, the investigators have at their disposal specialized investigative techniques and artificial intelligence software products to perform their research.

However, this inspection is focused on specific individual cases or at a small number of claims. Any proactive initiative is completely dependent on the experience or inquisitiveness of the person initially processing the claim(s). Fraudulent intentions are difficult to detect on individual basis, unless blatant. Trending insights are not available. Dormant exposures are not visible, Abusive patterns are not obvious.

On the other hand, timely and easy access to enterprise operational data which is integrated and complete will enable the fight against fraud to be powerful and more effective. An insurance data warehouse which contains organized detailed historical data will provide fraud fighters with a very powerful weapon.

Uncovering fraudulent claims requires extensive data gathering and analysis. Often the information is difficult and time consuming to obtain. It has to be manipulated into an environment that accommodates an analytical process - a data warehouse. Further, the information is time sensitive in many cases, and there is the need to acquire it in an efficient manner. There needs to be sensitivity to the confidentiality of the data collection process, and this is difficult in the environment currently in place in most organizations.

Finally, the investigation & security staff has a requirement to ask their questions and receive answers in a timely manner, while they are in the midst of a certain thought process. It is a heuristic process. Answers lead to more questions, and so on. How can a data warehouse help fight fraudulent claims or exposures? The ability to identify or detect an investigative path and to follow this path is a primary benefit.

Agape Fraud Management Solution:

Agape proprietary method for fraud investigation, particularly cyber forensic investigation, digital data recovery, verification of tempered digital image, evidence gathering from the data warehouse is effective and admissible in the court of law.

Agape Fraud Management Services collect, asses and analyze facts, build chain of events, document significant facts, model scenarios. Also committed with following objective:

·        Identifying opportunities for fraud and corruption;

·        Implementing risk management, prevention and minimization procedures in day to day operations;

·        Execute procedures to investigate allegations of fraudulent or corrupt behavior;         

·        Reacting appropriately to situations where fraud or corruption allegations are found to be true;

·        Providing appropriate training and promulgating relevant codes of conduct to ensure employees and contractors are aware of their responsibilities in combating fraud and corruption; and

·        Ensuring an environment in which fraudulent or corrupt activity is discouraged.

Conclusion:

Fraud management is the need in present scenario for the insurance industry, evidently after over viewing of the whole document and IT adoption level in this industry demanded the need of computer forensic and analysis of massive digital data to fulfill the purpose. Besides, review of the policy, compatibility with current complex environment and evaluation of control system is inevitable part in the fraud investigation.   

Author: Prabhat Tiwari
(Manager: Fraud Management services, AGAPE INC.) 

If you’re planning to buy a new smartphone, you might want to read this post.

Independent Security Evaluators (ISE) researchers have discovered a security flaw in the operating system of a high-profile smartphone, this time it’s a vulnerability in the G1, also known as the Google phone. This is the second time in about 15 months that ISE researchers have discovered a security flaw smartphones. Charlie Miller, a well-known security researcher and hacker and principal security analyst at ISE, discovered that in putting together the operating system for the G1, known as Android, Google used some older open-source software that had known flaws, resulting in a vulnerability in Android itself.

Here is Miller’s description of the problem:

A user of an Android phone who uses the web browser to surf the internet may be exploited if they visit a malicious page. Upon visiting the malicious site, the attacker can run any code they wish with the privileges of the web browser application. We have a very reliable exploit for this issue for demonstration purposes. This exploit will not be released until a fix is available.

The Android security architecture is very well constructed and the impact of this attack is somewhat limited by it. A successful attacker will have access to any information the browser may use, such as cookies used for accessing sites, information put into web application form fields, saved passwords, etc. They may also change the way the browser works, tricking the user into entering sensitive information. However, they can not control other, unrelated aspects of the phone, such as dialing the phone directly. This is in contrast, for example, with Apple’s iPhone which does not have this application sandboxing feature and allows access to all features available to the user when compromised.

Miller and other ISE researchers last year found one of the first security problems with the iPhone, a flaw that enabled attackers to compromise the phones using a malicious Web page. The attack allowed an attacker to read the victim’s SMS messages, address book, call log and other stored data.

Jonathan Zdziarski, who has been an iPhone hacker has already demonstrated lot of bugs in Apple’s iPhone. And now the G1, barely two months old is being ripped apart for security concerns. It has been known that Google is aware of the problem with the G1 and is working on a fix.

Digital forensics is the theme for today. Presented below are the links that highlight various topics in Digital Forensics.

1. Its surprising to note that many examiners in the Digital Forensic community are not aware of the professional codes of conduct and codes of ethical practices for every investigation process. Learn the ethical practices in Digital Forensics as explained by John J. Barbara. Read more

2. With rapid development in the technology field, it’s difficult for a forensic photographer to choose the right camera and equipment. Caroleann Fusco suggests tips on purchasing the right camera for your needs. Read more

3. State or regional digital forensics labs are frequently overworked and understaffed, while many agencies lack the resources for the training and equipment. Christa Miller tells more on what works best for newbies, what requires more training, and how to tell the difference. Read more

The field of information security has grown and evolved significantly in recent years. Every organization that provides services to people, be it governments, military, corporates, financial institutions, hospitals, or private businesses, amass a great deal of confidential information about their employees, customers, products, research, etc. Today, most of this information is collected, processed and stored on electronic computers and transmitted across networks to other computers. This increases the risk of unauthorized access or use of the sensitive information. And this is where implementation of the information security policies becomes very important.

There are many information security professionals around the globe, serving their best for safeguarding their client information. And awards and recognition by your peers always boosts you confidence and helps to take on more challenges.

Recently, Executive Alliance announced the winners for the Information Security Executive (ISE) of the Year and Project of the Year North America Awards for 2008. Executive Alliance is the creator and provider of premium leadership recognition forums worldwide. Over 50 industry leaders and project teams from across the United States were honored in the areas of Academic, Government, and Commercial for their achievements in information security. Christopher Leach, Chief Information Security Officer and Senior Vice President of ACS, was awarded with the ISE People’s Choice Award. He received the award from the community of peers attending the event who voted him as the executive with the most exemplary attributes of a leader in the security industry.

Such awards always help any individual or team as their work is acknowledged and judged by someone who knows the industry inside out. More such initiatives would definitely help in promoting Information Security as a strong career option for the next generation.

Two years ago a computer forensic program was developed by The Marshall University Forensic Science Center. Sice then the West Virginia State Troopers have been investigating computer crimes with the help of this forensic program. The director of the center said computer evidence is used in cases involving child pornography, embezzlement, drugs and even homicide.

Its a known fact that today computers can be used to perpetrate a crime or contain evidence linked to other types of offenses.  Also, if a computer isn’t actually used to commit the crime, there may still be evidence found on the computer, such as communication records. And this is what is collected by the investigating officers to provide the digital evidence laboratory with the majority of the evidence. Although, some evidence is collected directly at the laboratory,  but majority of the evidence comes from the forensic center.

And the best part since the introduction of this program is that the forensic experts dont have to everytime sit and surf the web. They receive tips and then they start digging the truth in the news. This not only saves their time but also helps them in managing the huge list computer crimes within their limited number of forensic experts. Their senior experts point out that child pornography consumes a substantial amount of their investigative time. This is so because child pornography is more pervasive than one might anticipate.

In most of the cases the evidence could include computers, cell phones, digital cameras or other electronic devices. The Bureau of Justice Assistance funds the computer forensics program with a $750,000 grant. It is worth to note that people around the world are realizing that computer forensics is an important part of forensic science that can help in solving complex criminal cases, with some ease.

The technology leader in the design and manufacture of high-speed Hard Drive Duplication equipment, Intelligent Computer Solutions (ICS) has developed the hard Disk Drive duplication technology enabling fast copy of hard drives with stand alone hardware. Recently they have launched two new models: Rapid Image 7012 and Rapid Image 7020.

The Rapid Image family of duplicators are complete solution stations designed to provide the fastest and latest technology in Hard Drive Duplication with the ultimate User Management Tools. They are designed to copy up to 19 “Target” hard drives simultaneously at speeds exceeding 6GB/minute. They can also be configured to store images, upload and download images from the network.

Rapid Image 7012 with 3.5″ drive caddies

The Rapid Image 7012 is a compact Hard Drive Duplicator designed to copy 1 “Master” hard drive to 11 “Target” hard drives simultaneously at speeds exceeding 6 GB/minute. It can also be configured to have up to 4 “Master” hard drives to store images and copy up to 8 “Target” hard drives with no speed degradation.

Rapid Image 7020 with 3.5″ drive caddies

The Rapid Image 7020 is a compact Hard Drive Duplicator designed to copy 1 “Master” hard drive to 19 “Target” hard drives simultaneously at speeds exceeding 6 GB/minute. It can also be configured to have up to 4 “Master” hard drives to store images and copy up to 16 “Target” hard drives with no speed degradation.

We are the authorized distributors of ICS products in India. For more information on these ICS products, write to us at: info (at) agapeinc (dot) in

The Information Security Summit (ISS 2008) is organized by major information security organizations in Hong Kong with the aim to give information security practitioners practical insights into the latest development and trends of information security. The summit will run through 17 - 21 November 2008. Experts in various areas of security will share their experience and knowledge. The theme for the summit is Enhancing Mobility Security in an Information Collaboration World.

This summit has been successfully organized in the previous five years. And hence, this year’s summit will include a one-day conference and a number of workshops demonstrating management and technical theory, applications and practical experiences on all aspects of information security - convergence, compliance and certification topics.

The summit will include expert speakers like Wilson Fung, Jeremy Godfrey, Mike Johnson, Richard Stagg and many more. Organizations like IEEE, WTIA, IET and BCS have actively supported this summit.  More details about this summit can be had from ISS 2008 website.