Fraud in E-commerce

E-business may be the thing of the future, but there are pitfalls involved when trading on the internet. Looi Teck Kheong raises our awareness of fraud in e-commerce. In this article, he explains the reasons for a rise in fraud in e-commerce, he also sets out some common types of fraud and the legislation enacted to counter it. Furthermore, he rightly warns individuals on the need for caution and careful research before embarking on any internet transactions.

Fraud in e-commerce is set to become a major problem. This is due to several reasons. Firstly, moneys can be transferred through the internet. This is done through online electronic payments, such as by the use of credit or cash cards or electronic online fund transfers. Such payment methods are readily acceptable by online vendors if they wish to do business through the internet. Secondly, there is no internationally accepted method of verifying the integrity and accuracy of the information that flows through the World Wide Web. This poses a perennial problem of net users having to make judgment calls on the reliability of online information before acting on them. Such a state is unsatisfactory given the exponential use of e-commerce. Thirdly, frauds committed through the internet pose complicated enforcement and jurisdictional problems to investigative agencies and judicial bodies. Cutting edge Net technology, such as wireless Net access and international or more sophisticated websites address protocols, often stand in the way of an efficient and effective policing process. Finally, the internet is here to stay. Despite its many shortcomings, it is impossible to think of commerce and business or personal lifestyles without the internet or related technology.

There are many types of fraud in e-commerce. Even as authorities are grappling with them, new frauds are continuously being devised. This is not at all surprising. Movies such as Swordfish, recently released with a cast including John Travolta, glorifies the status of computer hackers working hand in hand with traditional criminals. New minds will, no doubt, be inspired to achieve instantaneous and illegal gains through the mastery of the computer.

At present, there is no comprehensive or exhaustive classification of e-commerce fraud. Such fraud is mainly committed on the investor, consumer and business end. These may include the following:

Statistics released at the website (www.fraud.org) of the Internet Fraud Watch show that the top internet fraud for the years 1999 and 2000 are online auctions. The Internet Fraud Watch is a body set up in 1996 by the US National Fraud Information Centre, that was established by the US equivalent of the consumer association to offer consumers advice on fraudulent internet promotions and to report such fraud to appropriate government agencies. The table at the website (reproduced below) sets out the proportions in which fraud was committed against the various online services available on the internet.

	1999 Top 10 Frauds	%	2000 Top 10 Frauds	%
1	Online Auctions	87.0	Online Auctions	78.0
2	General Merchandise Sales	7.0	General Merchandise Sales	10.0
3	Internet Access Services	2.0	Internet Access Services	3.0
4	Computer Equipment/Software	1.0	Work-at-home	3.0
5	Work-at-home	1.0	Advance Fee Loans	2.0
6	Advance Fee Loans	0.2	Computer Equipment/Software	1.0
7	Magazine Sales	0.2	Nigerian Money Offers	1.0
8	Information Adult Services	0.2	Information Adult Services	1.0
9	Travel/Vacations	0.1	Credit Card Offers	0.5
10	Multi-level Market/Pyramids	0.1	Travel/Vacations	0.5

Although the frauds are normally committed through the posting of misleading or false information relating to offers on websites on the internet, increasingly, other methods of solicitation, such as through e-mail, newsgroups and SMS technologies, are being employed. According to the Internet Fraud website, the losses overall were US$3,387,530, with an average loss per person rising from US$310 in 1999 to US$427 in 2000. The potential for larger losses is going to be greater. A Reuters news report issued on 26 June 2001, regarding a survey entitled the 'Economic Crime Survey 2001' of 536 European companies conducted by PricewaterhouseCoopers, showed that 43% of the companies believed that cyber crime will become the biggest risk in the future. The survey found that a loss of at least US$3.1bn was suffered by these companies (over the last two years) due to business fraud.

This type of fraud may be broadly classified into two types: business to consumer and consumer to consumer. In the former, the consumer deals with the auction business. The business has the merchandise physically and will take care of both method of payment and delivery of the goods. The latter type is an auction carried out privately between or among individuals. In such a case, the individual sellers will deal with the buyers directly regarding payment and delivery once any purchase has been firmed up.

According to a report, published by the US Internet Fraud Complaint Centre entitled 'Internet Auction Fraud' in May 2001 (found at www.ifccfbi.gov/default.asp), internet auction fraud is perpetrated through 'non-delivery, misrepresentation, triangulation, fee stacking, black market goods, multiple bidding and shill bidding.' Non-delivery occurs when either the seller puts up non-existent items for auction or, if there is in fact an item, no delivery was effected. This results in the buyer not getting the item he bids for. Misrepresentation concerns sellers who misrepresent the true value of the property on auction so that the buyers get less than what he bargained for.

Triangulation involves three parties, the buyer, seller and fraudster. Essentially, the fraudster is a middle person (using a fake identity) who bids for an item using stolen credit cards and later on sells it to unsuspecting buyers who would wire their payments to the fraudster. The goods are delivered to the buyer. But the seller will end up not getting payment because the items were originally purchased using stolen credit cards. The buyer will (in most cases) have to surrender the items to the police on investigation because the seller did not receive payment for it. The process often leaves both the buyer and seller in hot soup.

Fee stacking is basically the process in which the seller adds undisclosed charges such as additional delivery, administrative or handling charges to the overall price of the auction items resulting in the buyer paying substantially more for the items bid for. Black market goods are fraud perpetrated by sellers who sell illegal items, such as pirated goods, in the auction.

Multiple bidding is the process where the buyer makes several bids under different names, some high and others low, with the intention of discouraging genuine bidders. Such high bids will be withdrawn at the last minute, thus resulting in the buyer purchasing the item on auction at a low bid price. On the other hand, shilling is fraud perpetuated by the seller whereby he intentionally puts in several fake bids in order to jack up the price.

Both the buyers and sellers are exposed to potential fraud in internet auctions. Both are also capable of perpetrating fraud against the other. Secure payment methods employed by the buyer and the requirement of the seller by the buyer of the payment of a deposit may help alleviate some of these problems. But it is still the number one e-commerce fraud.

Travel and vacation business is another area of e-commerce fraud where consumers often end up poorer. Normally, such fraud is perpetrated through unbelievably good offers, ie with lots of extras and bargain-basement prices. But when consumers eventually take the trips offered (if at all one was available), they find themselves with lower quality accommodation and facilities. Sometimes they are also hit by hidden charges that were not disclosed originally at the point of the website promotion.

This is another popular area where fraud can be perpetrated quite easily. The reason is quite simple. Victims are often people in dire straits suffering from incurable diseases, such as cancer, HIV, AIDS or arthritis. It does not take much to convince unsuspecting buyers of the miraculous nature of various health products that are being sold. Other than that, consumers are also taken in by the promise of quick money in the selling of such products. Often these are elaborate pyramid schemes (more below) and get-rich-quick scams that are not meant to work in the long run. A case for illustration is FTC v Equinox International et al Civil Action No CV-S-99-0969-JBR-RLH (D Nev filed 3 August 1999). The defendants allegedly operated a multi-level marketing company that essentially was a pyramid scheme. It attracted people who responded to its advertisement purportedly for salaried positions but were given seminars to attend in their attempt to recruit new distributors. Their website had testimonials and information about their business in water filters, vitamins, nutritional supplements and skin care products. The Federal Trade Commission ('FTC'), together with five other states, filed a joint action on 3 August 1999. The prosecutors alleged that 'the defendants operated a pyramid scheme, made false earnings claims, failed to disclose material information and violated the FTC Act as well as state securities laws, deceptive trade practices laws, false advertising laws, pyramid laws and licensing requirements.' The businesses were subsequently suspended and the assets of the company, worth between US$40 to US$50m, were placed under the charge of receivers.

Such schemes are banned in the United States and in Singapore. The objection to such schemes is basically that the victims actually had to part with their moneys not so much for the value of the products that were purchased for distribution but rather to obtain a right to recruit new distributors. However, no money will be made if no recruits are obtained. It is not exactly a real entrepreneurial scheme as the money-making aspect is pegged on the pyramid scheme and not on the actual value of the property. If the pyramid stops expanding, the scheme will collapse. So too, the hopes, time, effort and moneys of those who have invested with them.

Although the Multi-level Marketing and Pyramid Selling (Prohibition) Act (Cap 190) prohibits such schemes in Singapore, the Multi-level Marketing and Pyramid Selling (Excluded Schemes and Arrangements) 2000 Order allows such schemes to be used here, provided four conditions are satisfied:

It is difficult to envisage what type of schemes will fall within the exclusion. This is because the link between recruiting new distributors and the benefit that it has to the business promoters and participants appears to be a condition that can be met quite easily. The problem here is that the Web is such a powerful form of media which can be used to literally get the entire world into a pyramid scheme if the business rationale sounds persuasive enough.

Pump and dump is the process whereby the perpetrators spread wildfire type rumours, through the internet or by way of
e-mail or the SMS, regarding some corporate financial position with the intention of either driving up or down its share prices. These may be done by referring to 'inside' information or a reliance on generated stock or corporate information. The perpetrators will then take advantage of the fluctuation in prices and execute the necessary purchase or sale of shares in the company so that they may profit from the scam. The idea is to employ the instantaneous and global reach of the internet medium for the purpose of affecting stock market prices. Whether or not such a method of swaying stock market prices constitutes the act of share rigging or insider trading within Part IX of the Securities Industries Act (Cap 289) remains to be seen in Singapore. In all likelihood, given the wide nature of the provisions of the said Act, it is unlikely that the 'pump and dump' process will go unpunished in Singapore. The Securities Industry (Amendment) Act 2000 (No 2 of 2000) now empowers individuals, who suffer personal losses as a result of offences arising from trading offences under Part IX, to claim compensation in a civil court against such perpetrators.

Risk-free marketing fraud can be readily identified by incredible 'something for nothing' types of advertisement. An example is 'Work six hours per week. Earn $50,000 per month. Must sell.' Or 'invest nothing but gain everything.' Victims targeted include those who work at home, who have some spare time and who need to earn a little extra money. If money is that easily earned, there will be little incentive for hard work. Unfortunately, a majority still believe in the impossible. Scams, such as non-existent businesses and businesses with corporate and financial results that are completely hyped up to mislead the gullible investors, are a plenty. The internet merely facilitates the advertisement and reach of such scams. A well-known blitz, known as 'project Biz-illion$', by the authorities in the US on such businesses was carried out sometime in February 2000 resulting in 68 actions being instituted in various states against fraudulent business-opportunity promoters.

Offshore fraud concerns fraud situated offshore, established with the sole intention of targeting certain nationals or certain sectors of the population. Previously, offshore fraud was difficult to execute due to time zone differences, costly communication charges and differing currencies. The internet removes all these obstacles. Websites belonging to such offshore fraudsters are now able to reach nationals of certain countries at minimal costs and risks to the fraudster. The strategy behind such fraud is often known as Ponzi schemes.

Ponzi schemes are simply frauds where initial investors are paid bogus profits from moneys received from new investors. The scheme collapses when money stops rolling in. In an article reported in the New York Times on 3 July 2001, entitled 'US Charges Internet Operation was a Huge Scam', EE-Biz Ventures promised investors double the money invested through the opening of e-gold accounts. As word spread, investors flocked to the websites and deposited millions. Some 59,000 gullible depositors/investors took part. The case came to surface when the computer system could not cope with the influx of funds and investment, resulting in a crash in the system. Within days, the pay out slowed and eventually stopped. Complaints surfaced and through careful investigations, the truth came out and the relevant persons were dealt with. In Singapore, taking the cue from the US experience, internet-based companies which intend to set up businesses for the sole purpose of deposit taking cannot do so now without the appropriate banking licenses from the Monetary Authority of Singapore. Previously, the deposit-taking business was an unregulated activity as the Banking Act (Cap 19) only requires licensing if such business is carried out concurrently with the activity of issuance of loans and checking facilities. The Banking Act (Cap 19) was amended recently (18 July 2001) (see Banking (Amendment) Act 2001) to extend licensing requirements to deposit-taking businesses.

The prevalent fraud on businesses are those that emanate from the abuse of credit cards. The common element of such fraud is the theft of credit cards. The time line for the usage of such cards is normally quite short and the damage done may be controlled. This is because the victim is able to inform his bank to cancel his credit card if he discovers the loss early. However, more likely, the fraud surrounds the use of credit card numbers that may go undetected for a longer period of time, thus resulting in more damage. Credit card information may be disclosed voluntarily by gullible surfers, for example, when they are required to show a credit card number for adult verification in adult websites. Alternatively, hackers may gain unauthorised access to business computers to steal, inter alia, credit card information. A UK teen hacker, according to the BBC news website published on 6 July 2001, sparked an international investigation that spanned five countries when he posted information relating to 23,000 internet shoppers after having accessed the various retailers' websites. It appeared he had done it to 'expose security weaknesses in internet shopping'. In Singapore, the Computer Misuse Act (Cap 50A) would be the appropriate legislation to deal with such cases of break in.

Internet access services fraud occurs where consumers find themselves trapped into long term contracts for internet services with big penalties for premature termination when they succumb to short term gains offered by promoters.
International modem dialling

International modem dialling fraud is perpetrated when certain businesses, such as adult websites, offer 'viewers' or 'diallers' an opportunity to watch films or pornography for free. These diallers automatically disconnect their local modem and reconnect themselves to an international long distance number which charges exorbitant rates for the services. Surfers should think twice before loading any program to access these free services. However, those with cable access will be spared this problem because international dialling cannot be carried out through cable connection.

Web cramming fraud occurs when businesses offer trial periods for use of software and charges for the usage even though such trial periods may have expired without any confirmation of orders. Re Voice Media Inc (17 April 2001), the US FTC alleged that the VMI, an adult website operator, sold memberships for $19.95 to $34.95 per month and promoted 'free' seven-day trial memberships. VMI requested those signing up for the free trials to provide credit card numbers for age verification but represented that it would not charge membership fees if a cancellation was made within the trial period. This was not adhered to. Investigations also revealed that VMI billed credit cards the moment consumers signed up for the free trials, thus treating the submissions of credit card information as authorisation to bill the accounts. The moral of the story, for those who access adult websites, is not to be tempted by freebies, especially if they have no intention of paying.

Many cases have been prosecuted by the US FTC in respect of the above types of fraud. Short notes on these can be found at the website hosted by the FTC at www.ftc.gov/bcp/Internet/cases-Internet.pdf. It is not known whether there are any local cases relating to e-commerce fraud. A search using the term 'e-commerce fraud', 'online fraud' and 'internet fraud' on the Legal Workbench, a Singapore-based legal data base website, yielded no results.

Judging from the number of prosecutions which the US FTC have made since it started prosecution in 1994 (180 cases since the last count made on May 2001), it would appear that e-commerce fraud is here to stay and is growing. There was only one prosecution in 1994, none in 1995. In the last three years, there were 60 prosecutions in 1999, 49 cases in 2000 and until May 2001, 31 cases. Whilst new laws may be legislated to deal with newer categories of e-commerce fraud, ultimately, the responsibility still lies on the consumer to exercise prudence in dealing with businesses on the Net. The guiding principle in the maxim caveat emptor applies equally in the age of the internet as it did previously in the millennium before. No laws are sufficient to protect the consumer if he does not eventually bear the full responsibility of doing his own market research and exercise caution in entering into any business deals in e-commerce. Perhaps, in line with such an approach, the relevant authorities should embark on a programme of educating the public on the pitfalls of dealing with the internet.