Microsoft leads reactive effort to fight Internet fraud

Internet Fraud Alert system could speed up reaction time to security breaches but customers remain at mercy of companies

Page 2 of 2

Unfortunately, companies don't always move as swiftly as they should when their customers are at risk. Recently, when customers' email addresses and iPad IDs were swiped from the AT&T Website, the group responsible said it made that data public because the carrier was taking too long to alert customers -- days instead of hours.

On the other hand, this system creates a paper trail of sorts. If an organization has to defend itself in court over its response to a security breach resulting in customers' identities being stolen, it would be possible to determine when the company learned about the breach and to gauge how long it took to react.

All in all, the establishment of the IFA strikes me as a good step toward bringing a little more law and order to the still untamed Internet. As it stands, the bad guys are a lot more organized than the good guys. A bit of structure theoretically means more rapid response time to addressing breaches once they're discovered. Add to the potential for a central repository for tracking security breaches, in the form of data that perhaps can be used for discovering vulnerabilities and gauging whether a company responded appropriately to a report.

Still, it's tough to ignore the fact that this system is more reactive than proactive in terms of fighting cyber crime. InfoWorld security pro Roger Grimes, for example, says we could make the Internet a lot more secure if we tried. And it still places the fate of customers in the hands of private companies who might put their own self-interest and self-preservation first.

Service providers, retailers, financial institutions, law enforcement agencies, government groups, and Internet security research firms are invited to apply to join the IFA and can do so on the Internet Fraud Alert Website.

This article, "Microsoft leads reactive effort to fight Internet fraud," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

| 1 2 Page 2