27-11draft

IS NOW
Combining thermal security cameras with video management systems.
www.flir.com
Untitled-20 1 18/02/16 10:18
business and the internet:
Net example
Spanish police recently
arrested a Spanish
national who acquired
gas pistols from
the open web, and
converted them in his
garage workshop by
inserting new barrels,
erasing serial numbers
and concealing
the weapons in
packages to pass
security checks; sold
on AlphaBay, since
taken down by the US
authorities.
UNHAPPY
‘Generating awareness
that the exploitation of
adults and children is
happening in Scotland
today is key to bringing
it to an end.’
SNP Cabinet Secretary
for Justice Michael
Matheson on human
trafficking.
Walking the ‘Dark
Web’ beat
In an anonymous survey of the
audience at the Retail Risk conference
last month, most said that they monitor
social media related to their brand.
What about the ‘Dark Web’ though -
do you need to swim a little deeper?
If so, Gary Hibbert, of Agenci, told
the e-commerce part of the event,
you need to unlearn what you think
you know, because, as he put it, your
ignorance is ‘their’ - the Dark Web
users’ - power. He did recommend you
start monitoring what is said about
your company on the Dark Web; but
websites come and go so quickly, it’s
difficult to find reliable information,
he added. And be very careful about
downloading the anonymous network
Tor and putting that search on your
corporate network; in case you click on
‘something bad’. Also, if something’s
not named on the Dark Web or is called
something like ‘dark candy’, ‘enter
at your peril’, Gary advised, ‘because
what you see cannot be unseen’.
Make it personal
If a corporate does want to access the
Dark Web, with caution, a separate
network is basic. Gary does that in a
home ‘lab’ for his own work. A point
made from the floor, that Gary agreed
with, was how hard it is to get across
that cyber is not just an IT issue.
Besides the data, the zeros and ones,
Gary urged security professionals
to make it a personal message, with
anecdotes, with real-world impact; on
you, your wives and children’s data,
and the protection of their identities. p
taking down the
‘mr big deals’
Visa as a payments card
company does not get hit
by fraud; its customers such
as banks and merchants, and their
customers, spenders by card, do. So
why is it doing ‘days of action’ against
various fraudsters, and seeking to go
further and make such days ‘business
as usual’? Debbie Grant, senior policy
lead at Visa Europe, explained that to
Retail Risk.
Airline fraud
A typical ‘card not present’ fraud is
for the buying of airline tickets with
compromised or stolen credit cards;
by criminals with links to illegal
immigration, fake identities and drug
trafficking. Or, the fraudsters do not
even fly on the tickets, and instead
stock up on duty-frees. Europol, the
European Union’s police agency,
for the last couple of years has
co-ordinated international ‘days of
action’, and about 1000 have been
arrested globally so far. Last year,
Debbie contract the Dedicated Cheque
and Plastic Crime Unit (DCPCU)
for similar work on ecommerce.
Visa does this as an umbrella body
that banks tend to listen to, and will
share data with, more readily than if
a rival bank suggested it. Nor does
Visa like its name or products used
by criminals. Briefly, banks fund the
DCPCU of Met and City of London
Police officers. Merchants had to
provide such details as order numbers,
delivery addresses, card-holder name,
and description of what they were
buying and investigators had to look
for. Several organised crime groups set
up Instagram profiles, with names such
as ‘Mr Big Deals’, that, Debbie said,
might have 100,000 followers.
Crying over laundry
Debbie described one arrest by police
that she accompanied, after a retailer
gave intelligence. A search of the
suspect’s property came up with sixfigure
losses from various retailers;
evidence of money laundering; and
a link to the man’s nephew. Police
searched his premises also. With a list
from retailers of what they’d delivered,
police were able to go around the
house and match goods. The nephew
had keys for a Mercedes. He admitted
that the car was given by his uncle,
only to be told that police could seize
it, under proceeds of crime law. At
that, the nephew cried, Debbie related
(with glee; she lacked sympathy!).
Half price
But back to those Instagram accounts
that promise half price deals on what
you buy online, whether from John
Lewis, Amazon and the like. How
does that work out? You place the
order with those ecommerce sites;
contact ‘Mr Big Deals’, and give
your account details to that fraudster
- because it is, as something too good
to be true, a fraud, as Mr Deals (if that
is his real name) pays for the goods
with a compromised card. Once you
receive the goods, you (naively or
knowing full well it’s dodgy) pay the
agreed half price. Debbie said that
it’s very difficult for police to have
such sites taken down, due to the
legal hurdles. But if a retailer’s goods
are advertised on such sites, and the
retailer complains of infringement
of intellectual property, the likes of
Instagram will take it down in 24
hours, Debbie reported. Some 26
countries took part in a ‘day of action’
last year; and US law enforcers have
provided some similar Instagram
sites, brought up from their ‘dark
web’ searches. Visa is working against
similar frauds for online travel, and
gambling. While ‘days of action’ make
good publicity, against other serious
crimes too - such as organised car theft
and export - security managers make
the point that they would rather have
such policing done all the time, rather
than the authorities dashing from one
‘day of action’ to the next. Debbie too
pointed out the disadvantage that by
waiting for an annual ‘day’ to come
around, evidence may turn cold. p
New areas: RFID, data mining and artificial intelligence are the new technology
areas that the Retail Risk audience was most interested in, according to the end of
day anonymous survey. p
56
NOVEMBER 2017 PROFESSIONAL SECURITY
www.professionalsecurity.co.uk
p56 Networkb 27-11.indd 1 10/10/2017 16:31