Internet use is still growing fast but so is Internet-based fraud, according to security vendor Verisign, which examined data from its own infrastructure services between August 2002 and August 2003.
According to Verisign's study, "Internet Security Intelligence Briefing," released on Monday, 6.2 per cent of e-commerce transactions carried out in the US were attempts at fraud. More than half the fraud attempts were made by entities outside the US, Verisign said.
Also, the number of security incidents almost doubled between May 2003 and August 2003, Verisign said.
Standard security attacks and fraud are closely linked, according to Verisign.
"Analysis . . . showed extremely high correlation (47 per cent) between sources of fraud and sources of security attacks," the study said. "Attackers who gain control of Internet host machines are using these compromised hosts for both security attacks and fraudulent e-commerce transactions."
Other findings from the study include:
- total DNS (domain name system) queries such as finding Web sites and email addresses grew by 51.4 per cent between August 2002 and August 2003
- email related DNS queries rose by 245 per cent over the same period, partly because of the upsurge in spam and mass-mailing viruses such as Bugbear
- the average number of Internet transactions per online merchant site has grown 17 per cent in the past year
- SSL (secure socket layer) has become the de facto e-commerce security standard, with over 400,000 sites and growth in certificate issue of 6 per cent over the past year.
- security incidents per device rose 99 per cent between May 2003 and August 2003, with the Blaster worm contributing most of the increase in August
- the trend in viruses and worms is towards more sophisticated, potent and coordinated attacks along the lines of Blaster, Nachi and Sobig.F, which was the first virus to direct itself at the Internet's root servers
Security incidents were principally generated in the US (81 per cent), but the percentage of fraud attempts made from the US was much lower (48 per cent). One reason for the difference is the weak policing of the Internet outside the US, according to Verisign.
"International criminals can essentially commit fraud with impunity, given that jurisdiction issues make policing international fraud near impossible," the report said.
Following the US in the fraud stakes was the UK (5.25 per cent), while in third place was Nigeria (4.81 per cent), where the 419, or advance fee, fraud epidemic rages unchecked.