Electronic Commerce Provides Access For Fraud Large Commercial On-Line Service Delivers Headaches To Some Clients
The computer disks are everywhere, in their slim little cardboard envelopes, falling out of magazines, arriving in mailboxes and apparently breeding new free offers.
The disks promise 10 hours of free time on America Online, the nation’s largest commercial on-line service with almost 4 million members.
Yet the service is delivering headaches to some customers and to some companies selling products on-line. Hackers and new programs can disrupt AOL operations and even steal credit-card numbers.
“The fraud’s gone through the roof,” said Scott Pike, a customer service representative with Computer Express, a Massachusetts company that sells about 80 percent of its products on-line. “We’ve never had this problem before. It’s really terrible.”
Fraud’s not new in the land of credit cards. Anyone who buys a meal or gas with plastic could have a card number copied.
But some people enjoy the technological challenge of tweaking on-line services - especially the rapidly growing AOL. Some actions are pranks. Others are criminal. All point to the potential for security problems with electronic commerce, where business is done over telephone lines.
A program called “AOHell,” written by one hacker and available on the Internet, offers several ways to attack AOL. It includes such features as a “fisher,” which lets users pose as AOL officials and ask new members for credit-card numbers.
In the past four weeks, Computer Express found more than $50,000 in bogus orders by about 100 supposed customers. Company representatives attribute the rise in false buys to the number of free offers floating around.
Spokane resident Midge McGilvray is one phantom customer.
McGilvray and her 20-year-old son signed up for AOL on Thanksgiving with the free 10-hour offer. She typed in her credit-card number after being asked. The next day, the two couldn’t log on to AOL and were asked again to type in a credit-card number.
“We were immediately granted access,” McGilvray said. “I never thought another thing about it.”
After playing around AOL for about a week, McGilvray received a message on her answering machine from Computer Express, asking if she’d ordered a $3,700 top-of-the-line computer.
She hadn’t. Because the company checked, she was able to cancel the order, cancel her credit card and cancel AOL, faster than a speeding microchip.
“I’m still going to get a new computer,” said McGilvray, principal at Spokane’s Westview Elementary School. “This just heightened my awareness of what could happen. I had no idea that I could be a victim in this way.”
AOL president Steve Case advised users in a November on-line letter to never give out billing information or passwords. The company continues to hear about people impersonating AOL employees and asking for information.
“There is no need for anyone at AOL to know your password or ask you for it,” Case said. “These individuals are simply trying to trick you into revealing information so they can gain access to the service on your account.”
AOL is aware of Computer Express’ problems and is working with the company, spokeswoman Kathy Johnson said.
Many transactions yield nothing for the pranksters, except the thrill of stealing the credit-card numbers. Companies such as Computer Express only mail equipment to the home addresses of the card-holders.
Yet, it’s still a hassle.
Mark Boisvert, a customer service manager for Computer Express, has had his own experience with fraud. Some hacker used his credit card number to buy flowers and watches from the Smithsonian Institute. Boisvert canceled both purchases.
Some tricksters get a kick out of thumbing their noses at companies. “Ha, ha. Hope you’re having fun,” read one comment on a false purchase.
Boisvert isn’t. “I deal with this all day long,” he said with a sigh. “It’s a pain in the rear.”
, DataTimes