Speaking at a recent conference on security and fraud, David Blunkett MP spelt out a warning that fraudsters would try to target the London 2012 Olympic Games: “Fraudsters and those seeking to hurt the economy and the Games themselves would have a substantial opportunity through duplication, hacking into information and, therefore, being in a position to disrupt facilities and commit theft of identity, credit cards and other personal data.” The effect, according to the former Home Secretary, would be “economically and commercially devastating.”
The targeting of large sporting events, such as the Olympics or important football matches, is nothing new for fraudsters. The sight of ticket touts and counterfeit goods sellers outside sporting arenas and football stadia is as common place as fast food stands and programme sellers. But as the technology used to buy and sell tickets has developed in sophistication, such as purchasing online, swipe cards and contactless payments, so too have the techniques employed by fraudsters.
It goes without saying that the internet has revolutionised the way in which tickets for sporting events are bought and sold. Now to buy a ticket, cardholders simply have to put a few personal details and a credit card number into a website, and people can get tickets to pretty much any sporting event across the globe – a world away from queuing at a ticket booth months in advance or dialing a premium line.
Organisers of sporting events were quick to utilise the internet to sell tickets, but as the ease of purchasing tickets became apparent, fraudsters were equally keen to take advantage of online sales. One of the first scams to emerge on the internet was the buying of tickets en-masse and selling them on auction sites, such as eBay. Fraudsters could sell tickets they did not have and make a quick profit with little effort. One person who fell victim to this was Melanie Jones, from York: “I bought England vs. France rugby tickets in Paris for my husband’s birthday. It cost me £360 including travel costs. The tickets never arrived despite having bought them months before. I learnt later that the police had closed and prosecuted the fraudsters, but I never got my money back – the whole experience has made me very nervous about buying anything online especially as they had access to all my card details.”
Since then, fraudsters have developed new and innovative methods of specifically targeting those purchasing tickets and other goods online, which are much more profitable, through card fraud and identity fraud.
Card fraud occurs when fraudsters steal information from a debit or credit card, including the 16 digit card number, the expiry date and the three digit security code, which takes only seconds to note down. Armed with little more than this information, a criminal can make illicit purchases in the cardholder’s name. Often the first that a victim knows about fraud is when they look at their bank or credit card statement – an unwelcome surprise, especially in the current climate when money is tight.
Fraudsters are adept at getting their hands on this information and have developed complex methods of hacking into sites to obtain these details. CPP has been tracking the growth of online threats which include ‘key-logging’. A key-logger is a piece of software that reads the keystrokes being typed by the user. Criminals deploy the software through various methods on the internet to be installed on the PCs of unknowing users. When that user enters sensitive details to access online banking or make payments online the keylogger then harvests the information and sends it to the criminal to be sold or used for fraud.
CPP’s own figures show that there is a growing concern amongst people shopping online. Our recent annual ‘Card Fraud Index’ figures showed that online fraud has affected 39% of victims at least once. So it’s vital that when buying tickets online and the cardholder enters this information into the website, they remain vigilant. Cardholders need to make sure they log out of sites when finished, ensure that any ticketing websites they use are legitimate and avoid storing credit or debit card details online.
Identity theft is also an increasing threat when making ticket purchases online or over the phone, and is a crime which many believe is set to rise in current economic climate. Identity theft occurs when sufficient information about an identity is obtained by a criminal to act as that person, including taking out loans or credit cards, making illicit purchases or starting up bank accounts. Last year over 62,000 people had their identities high-jacked in this way causing untold damage and stress.
Ticketing sites will often require the buyer to enter personal information, such as their name, date of birth and address for delivery, which is sufficient information for a fraudster to steal an identity, so it’s vital that cardholders look out for the following signs:
• Accounts or transactions that don’t they don’t recognise. If this occurs, cardholders should report anything suspicious to the bank, even if it is just for a small amount – fraudsters will often try their luck by putting through small transactions to see if they are noticed
• If they receive welcome letters from credit card or loan companies which they have not applied for, or calls from debt collection agencies. In this case they should contact their bank immediately and notify the police
• If they notice Important post going missing
• They are refused credit
Paypal estimated in 2008 that 1 in 7 online shoppers had been a victim of identity fraud.
It’s vital that ticket sellers also remain vigilant and ensure they have the correct security in place and protect their customers’ data. Fraudsters are equally as adept at targeting companies as much as consumers, as recent high-profile hacking cases have demonstrated. Recent figures from the 2009 e-Crime survey show that 62% of employees in financial services companies do not believe their businesses dedicate enough time or budget to locating vulnerabilities on their networks. It’s essential that vendors maintain their networks and update their systems, as well as encrypting data.
Buying a ticket online has certainly improved the experience for most fans, but for an unfortunate few, their chance to see their favourite team has unfortunately been ruined by fraudsters. Whilst fraud is a growing industry, fuelled by developments in technology and the current economic climate, it’s important not to let the threat spoil people’s enjoyment of attending sporting events. By remaining vigilant and implementing a few simple measures, fans only fear should be their team not performing!
CPP’s top tips when buying tickets:
• Install anti-virus protection, which scans for malicious files that give the PC or notebook a virus
• Install anti-phishing tools, which identify phishing emails and links that trick users into giving away private information
• Install an active firewall, which updates and upgrades automatically, preventing hackers from gaining access to a PC or laptop
• Keep personal information safe. If someone asks for personal details ask why they would need them – particularly for online enquiries
• Don’t write down PIN numbers, passwords, user names unless absolutely necessary
• If personal information is stored on a PC, install up-to-date security software
• Remember the golden rule: identity thieves are experts at spotting an opportunity to steal identities and all they need are a few personal details
For more information on how cardholders can to protect themselves against the growing risk of fraud, please visit: www.cpp.co.uk