Thursday , November 21, 2024

How the New Anti-Phishing Group Sees Itself As Distinct

A new trade group formed to fight phishing fraud argues it will work on approaches to the problem that will distinguish it from the efforts of another organization that emerged last year to combat the online fraud. The Trusted Electronic Communications Forum, whose formation was announced this week, is aimed at such activities as working with prosecutorial agencies as well as developing standards and best practices to prevent phishing. It includes among its 17 founding members a number of heavy-hitter corporations, including IBM Corp., ABM AMRO Bank NV, AT&T Wireless Services Inc., Best Buy Co., Target Corp., and E*Trade Financial Corp. But another organization, the Anti-Phishing Working Group, has been at work on much the same activity for months, leading APWG officials to question whether the development of e-mail authentication standards and other efforts to fight online transaction fraud may be hampered by parallel approaches. “It seems on the surface [the TECF] may be a duplication of effort,” says David A. Jevans, chairmain of the APWG and a senior vice president at Tumbleweed Communications Corp., a founding member. “We'd like to invite them to join the other members [of the APWG].” TECF's chairman, Shawn Eldridge, is director of product and market strategy at PostX Corp., which like Tumbleweed supplies systems for e-mail security. PostX, says Jevans, is “one of the few e-mail companies that is not a member of the APWG.” But Eldridge says TECF is “complementary” to the APWG in that it will tackle subjects like social engineering and government affairs that will set it apart from the APWG's efforts. Social engineering deals with the ways in which fraudsters exploit human psychology to enhance technology-related crimes. Eldridge says the new group's government focus will include “working with agencies on prosecution” of cases of online fraud. Jevans, who says he intends to contact officials at the TECF soon to clarify their mission and activities, fears the new group may have stemmed from a mistaken notion that it is not part of the APWG's mission to work out technical standards. To the contrary, he says, the older group is developing standards that would govern such matters as e-mail and Web site authentication and data-sharing among online marketers that are experiencing phishing attacks. Companies critical to this effort, including Microsoft Corp. and Internet service providers, have made significant progress toward these standards recently, he adds. For his part Eldridge says his group is aware of the APWG's standards work, but that TECF will focus on standards related to new technologies that could be deployed to fight the phishing and spoofing problem. “We needed to have a cross-industry market forum to bridge the gap between standards and deployment,” he says. Both chairmen dismiss the notion that the two groups reflect the competitive agendas of rivals Tumbleweed and PostX. Jevans says any perception at PostX or elsewhere of the APWG as a creature of Tumbleweed would be mistaken. “We're vendor neutral,” he says. “We make that pretty clear. It's not something one company could hope to run successfully.” Likewise, says Eldridge, TECF “is not formed for PostX to control or run. Every company has an equal vote and an equal say.” Phishing is a fraud in which criminals gull passwords, account numbers, and other sensitive data out of consumers by sending them e-mails that mimic the language and graphics of well-known retailers and financial-service companies. Those who click on links embedded in the e-mails are directed to fake Web sites, also tricked out to look like the real thing, where they are asked to enter their information, allegedly for “security” reasons. The APWG recently reported that reported instances of unique phishing attacks had nearly tripled in April, to 1,125. A report released earlier by Gartner Inc., a Stamford, Conn.-based consultancy, said the fraud cost financial-service companies $1.2 billion in 2003. Separately, Visa U.S.A. today announced it is working with the Better Business Bureau, the U.S. Treasury Department, the Federal Trade Commission, and a non-profit consumer-hotline network called Call For Action on a national campaign to educate consumers on how to identify phishing fraud, how to protect themselves from becoming victims, and how to report suspicious e-mail messages.

Check Also

A Senate Panel Sends a Signal: Time to Cut a Deal on Swipe Fees

Members of the Senate Judiciary Committee told representatives of Visa Inc., Mastercard Inc., and the …

Digital Transactions