It never ceases to amaze me how sophisticated our adversaries have become and how they are always working to introduce new twists to old tricks. But, as security professionals, it is our job to stay one step ahead of them by anticipating their next move before they make it.
As senior vice-president of security and risk for MasterCard International, I am battling payment fraud every day. At MasterCard, we are revolutionizing this issue because we take measures to cut the criminals off at the pass, rather than reacting to damage once it has been done.
One form of fraud we are combating is "phishing," a scam in which criminals send out official-looking emails to fool unsuspecting consumers to surrender personal information. This scam was on the rise in 2004, and many security professionals have stepped up to educate consumers on how not to fall for this scam.
In addition, we started new programs like our Operation Stop It initiative to close down phishing operations before they could do any harm. By the end of the 2004, MasterCard and its partners detected and successfully shut down more than 900 phishing sites and 600 sites illegally brokering credit card information. In the process, we rescued more than 34,000 MasterCard account numbers that were in jeopardy of being compromised.
In early 2005, a new twist to this fraud emerged, preying on people's compassion towards the victims of the tsunami tragedy. As people began donating funds, fraudsters developed fake sites and attempted to take advantage of those going online to aid the cause. Our technology detected what was happening – we shut down several sites and helped law enforcement agencies pursue the criminals.
These days, we are fighting off attacks that involve spyware. At other times, we're battling key-logging programs and other misuses of technology. To confront this new wave of schemes, we have to develop technologies that are more advanced than those of the criminal.
And we can't stop at the technology. We must collaborate with other firms and with the law-enforcement community to stay ahead of the fraudsters. At MasterCard, we have strong relationships with law enforcement agencies around the world.
This paid off last fall when the U.S. Secret Service arrested 27 people and prevented the loss of hundreds of millions of dollars. The investigation, across eight states and six foreign countries, resulted in the significant disruption of the cybercriminal activity targeting our financial infrastructure.
But we all must continue to go to great lengths and place a premium on security – even if it requires a significant investment of time and cost. Fortunately, the end result will be worth the effort.