Microsoft, eBay and Citizens Bank have launched a new internet fraud alert service designed to allow them to better share information about compromised accounts with each other in an effort to better fight online fraud.
Companies conducting investigations of fraudulent activity online often find compromised accounts of other firms' customers, but until now, there wasn't an easy way to report the findings, said Nancy Anderson, corporate vice president and deputy general counsel at Microsoft. The Internet Fraud Alert service will allow investigators to report stolen account credentials, such as passwords or credit card numbers, to the appropriate online vendor, she said.
It's "not uncommon" for Microsoft and other companies doing internal fraud investigations to find compromised accounts from other vendors, Anderson said.
The new programme is "an important new piece of our arsenal to fight online fraud and protect consumers", Anderson said. "The institution responsible for that account... will receive an immediate alert so they can take immediate action. It's an effort to get the right information into the right hands of the right people."
The Anti-Phishing Working Group estimates that 1 million US residents had accounts compromised in phishing attacks in 2009. "I don't think it's a big secret that online fraud continues to be a pernicious problem for consumers," Anderson said.
Also participating in the programme is eBay subsidiary PayPal, but members of the programme hope other companies will sign up as well, Anderson said. The National Cyber-Forensics and Training Alliance (NCFTA) will administer the programme, and supporting the effort are Accuity, a provider of payment routing data, the American Bankers Association, Anti-Phishing Working Group, the US Federal Trade Commission and the National Consumers League.
"Internet Fraud Alert is a promising and innovative approach to help financial and online institutions discover hijacked accounts and close them or inform the affected consumers," Chuck Harwood, deputy director of the FTC, said in a statement. "We hope that someday there won't be a need for a secure database of stolen account credentials."
Companies that want to join the programme will have to apply and be confirmed as legitimate, Anderson said. But the current members want the program open to all reputable companies that do business online, she said.
Microsoft developed the reporting tool and will donate it to the NCFTA.