Microsoft, eBay and Citizens Bank have launched a new Internet fraud alert service designed to allow them to better share information about compromised accounts with each other in an effort to better fight online fraud.
Companies conducting investigations of fraudulent activity online often find compromised accounts of other firms’ customers, but until now, there wasn’t an easy way to report the findings, said Nancy Anderson, corporate vice president and deputy general counsel at Microsoft. The Internet Fraud Alert service, launched Thursday, will allow investigators to report stolen account credentials, such as passwords or credit card numbers, to the appropriate online vendor, she said.
It’s “not uncommon” for Microsoft and other companies doing internal fraud investigations to find compromised accounts from other vendors, Anderson said.
The new program is “an important new piece of our arsenal to fight online fraud and protect consumers,” Anderson said. “The institution responsible for that account … will receive an immediate alert so they can take immediate action. It’s an effort to get the right information into the right hands of the right people.”
The Anti-Phishing Working Group estimates that 1 million U.S. residents had accounts compromised in phishing attacks in 2009. “I don’t think it’s a big secret that online fraud continues to be a pernicious problem for consumers,” Anderson said.
Also participating in the program is eBay subsidiary PayPal, but members of the program hope other companies will sign up as well, Anderson said. The National Cyber-Forensics and Training Alliance (NCFTA) will administer the program, and supporting the effort are Accuity, a provider of payment routing data, the American Bankers Association, Anti-Phishing Working Group, the U.S. Federal Trade Commission and the National Consumers League.
“Internet Fraud Alert is a promising and innovative approach to help financial and online institutions discover hijacked accounts and close them or inform the affected consumers,” Chuck Harwood, deputy director of the FTC, said in a statement. “We hope that someday there won’t be a need for a secure database of stolen account credentials.”
Companies that want to join the program will have to apply and be confirmed as legitimate, Anderson said. But the current members want the program open to all reputable companies that do business online, she said.
Microsoft developed the reporting tool and will donate it to the NCFTA.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantusG. Grant’s e-mail address is grant_gross@idg.com.