Phone service for the deaf becomes a fraud tool

Designed to make telephone networks accessible, relay services have now become a tool for fraud.

A telephone service designed to help deaf and speech-impaired people communicate is being misused by fraudsters, a PayPal executive said Wednesday.

It's yet another development in what PayPal Senior Director of Risk Management Katherine Hutchison described as an "arms war" between criminals on one side, and the banks and merchants that are trying to stop them.

"The fraudsters found a huge vulnerability to be able to pretend that they're hearing or speech impaired in order to get their orders placed," she said, speaking at the Web 2.0 conference in San Francisco.

Such relay services have been around since 1993 and are mandated by the Americans with Disabilities Act, which requires U.S. telephone companies to provide a way for people with disabilities to communicate. To use them, the caller types a phone number and their message into a browser or an instant message, and an operator at the relay center calls the number and reads the message over the phone, relaying any response back to the caller.

Criminals have used the services to trick merchants into accepting orders placed with stolen credit card numbers, Hutchison said. "The telephone operator could actually realize that this is very likely to be fraud," Hutchison said. "They can be suspicious, but they are legally blocked from saying anything."

"So they call into a call center for a major retailer, doing a telephone order, knowing full well that most likely this is fraud," she added. "But their hands are tied."

Often these services can be accessed via the Web or instant message, giving criminals another way to reach merchants. This is important because in recent years antifraud detection systems have gotten pretty good at looking at the source of online transactions, using geolocation data to determine whether or not a purchase is likely to be legitimate. Sales to U.S. companies from IP addresses in Nigeria -- a common source of fraud -- are routinely blocked, for example.

"The next volley in the arms war is that you can no longer use IP geolocation as an indicator of fraud," Hutchison said. "Until now the fraudsters have been able to hide where they are coming from."

Relay services are just one of many ways that criminals hide their location. They can also use public computer terminals at coffee shops or libraries, or do online orders via proxy, using hacked computers.

Merchants aren't sitting still, though. They have been improving what's known as "behavior screening" techniques -- looking at buying patterns to decide whether or not a transaction seems legitimate. "Merchants have a really good sense of what's a normal order, and the fraudsters won't look normal to them," she said.

A normal consumer would not, for example, buy 10 computers at a time, or make purchase after purchase in quick succession.

Companies are also working on device fingerprinting and other data analysis techniques to separate the scammers from customers, Hutchison said.

Still, all of these techniques aren't going to help all the time people are using traditional credit cards for online commerce, according to another speaker at the show. They're just too easy to misuse, said Alex Stamos, cofounder of Isec Partners.

Sooner or later, online transactions will need to have some sort of cryptographic signature to ensure that the buyer is really who they claim to be. Relying on easy-to-get data like credit card numbers, addresses and expiration dates isn't going to cut it, said Stamos, whose company consults firms on Internet security vunlerabilities.

"We're going to have to end up with some kind of e-cash or smart card verification system," he said. "The credit card model is dead."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Topics: fraud
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?