Security and Risk Complaints Online on Machine vs. machine battle has begun to de-fraud the internet of lies

Standards help, too, as we fight to ensure the cost of sharing doesn’t outweigh the benefits

A long-ago cartoon in The New Yorker put it plainly: “On the Internet, nobody knows you’re a dog.” If that cartoon had been written today, the caption might have read, “On the Internet, nobody knows you’re a fraud.”

Scam artists, snake oil salesmen, sock puppets, bot armies and bullies – every time we look up, it seems as though we discover another form of dishonesty, grifting grown to global scale via the magnificent yet terrifying combination of Internet and smartphone.

None of that should surprise us. People are wonderful and horrible. The network we’ve built for ourselves serves both the honest and the liar. But we have no infrastructure to manage a planet of thieves.

Navigating this stuff goes well beyond ‘caveat emptor’, into the darkest secrets of spear phishing and social engineering playing on our higher selves for the basest reasons. It’s no longer an African prince offering you a hundred million dollars for your assistance; it’s a customer who carefully noted all her transactions and registration numbers on a Word document she’s enclosed in a very helpful email.

Security has been stretched to the breaking point. If things continue as they have, the costs of connectivity could begin to outweigh the benefits, and at that point, the post-Web civilization of sharing and knowledge, already fraying, would unwind comprehensively, as people and businesses withdraw behind defensible perimeters and call it a day.

All of this served as subtext – never spoken, yet always front of mind – at the Twenty-Sixth International Conference on the World Wide Web. In some broader sense, this is all the Web’s fault – the shadow of its culture of sharing – so might it be a problem that the Web can fix?

This question obsessed the hundreds of research postgraduates presenting papers and posters at the conference. Insofar as papers presented by the Web’s core research community are a reliable indicator of the future direction for the Web, that future centers on learning how to detect lies.

Detecting false advertisements, bullies, and bots – all of these can be done with machine learning. It can even be applied to a politician’s tweets – to find out if they’ve been fibbing about where they’ve been, and when.

This flurry of research hearkens back to one of the oldest problems in Computer Science – the Turing Test. Can you detect whether someone at the other end of a text-based connection is a person or a computer? What questions do you ask? How do you analyse their responses? Take those same ideas and apply them to a vendor on Alibaba or an account on Twitter – ask the questions, analyse and probe – then decide: truth or lies.

As Sir Tim Berners-Lee won the ACM A.M. Turing Award last week, the timing of this next evolution of his Web could not be more appropriate. The Web needs to grow a meta-layer of error-checking and truth-telling. Those will likely slow things down a bit, even as it helps us feel more assured that the fake can be suppressed.

This will never be as true as we might want it to be. As soon as any system to detect lies goes into widespread deployment, the least honest and most clever will go to work undermining that algorithmic determination of truth, finding its weaknesses, and exploiting them. It was ever thus; over the long term, the search for truth will has always been an act of persistence and dedication.

Machines can help us in this battle – but machines will be used on both sides, deceiving and revealing deceit. Yet there is hope: there’s too much money on the table to allow the forces of darkness to gain ascendancy. Chaos is bad for business.

Any alignment of commerce with the greater good is a rare and potent combination, meaning the resources to fight this battle will be available into the foreseeable future. Those graduate students with their fraud and bot detection algorithms will be snapped up by those giant firms whose profits depend on a Web that is truthful enough for commerce. When it comes to truth, what’s good for Google and Facebook is good for the rest of us.

UK Banks Looking Into ‘Next Generation’ of Digital Cards to Help Combat Online Fraud

The digital bank cards have a security code that changes every 20 minutes.

A new form of digitally-enhanced bank card featuring an unpredictable three-digit security code is currently being analysed by UK banks and financial institutions as a way of combating increasing levels of fraud, according to security firm Gemalto.

The technology, which has been dubbed the “next generation” of payment card, is known as Dynamic Code Verification (DCV) and works by ditching the permanent three-number security strip code in favour of a digital readout that changes every 20 minutes.

Gemalto, which is developing a version of the technology, claims it will help to drastically slash the amount of card-not-present (CNP) fraud – when stolen bank card details are used to remotely make illicit internet, telephone or mail purchases.

“It means that you physically have to have the card in your possession in order to make a purchase online or over the telephone,” Lysa Coombs, spokesperson for Gemalto, told Sky News.

“If you have simply harvested the card’s details to commit fraud, you won’t be able to do that as you won’t have the up-to-date security code,” she added.

Howard Berg, the firm’s senior vice-president said UK banks are now accessing the advantages and disadvantages of the technology. “We are certainly seeing card holders like it [because] there’s little change to the process they are currently using,” he told Sky News.

A Gemalto brochure describing the technology stated: “[It] allows issuers to replace the static 3-digit visual cryptogram traditionally used for online purchases with a time based dynamic CVV/CVC displayed on the customer’s payment card or on their mobile.

“The code changes every 20 minutes, dramatically enhancing the security level of online transactions.”

According to an official report from Financial Fraud UK released in March this year, titled the ‘Year-end 2015 fraud update’, losses on purchases made remotely increased by 20% in 2015 (to £398.2m from £331.5m). It indicated the spike may be due to data stolen through “hacks and malware.”

The research paper also noted: “Financial fraud losses across payment cards, remote banking and cheques totalled £755million in 2015 – an increase of 26% compared to 2014.”

Tony Blake, a senior fraud prevention officer at the Dedicated Card and Payment Crime Unit, a police unit with links to Financial Fraud Action UK, the Metropolitan Police and the Home Office, said the new technology could help reduce online card fraud.

“It is a huge growth area and criminals are always looking at new ways to make money as more of us go online to do our shopping,” he told Sky News. “The dynamically changing digital security number on the back of the card is one of the things in development which looks quite promising.”