Phishing, also called "carding," is a scam that deceives online consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information. A scam artist sends an e-mail pretending to be from a business the potential victim deals with to a large number of recipients, some of whom are customers of the legitimate business. The e-mail tells recipients that they need to "update" or "validate" their billing information to keep their accounts active, and directs them to a copied web site of the legitimate business, further tricking consumers into thinking they are responding to a request from the legitimate company. The information entered by consumers is then used to perpetrate identity theft.

“Phishing poses a threat to companies because it involves a spoofed website that undermines the value of the brand and the confidence of consumers,” said Heather Shaw, director of banking, e-commerce, marketing and advertising at USCIB. “It can also be a greater problem than other types of spam, in that the potential scope and dollar value of the fraud could far outweigh normal spam issues.”

As with many online frauds, phishing is often committed across borders. The real-time pace with which the frauds are committed as well as the potential scale of damage caused necessitates international law enforcement cooperation. The Council of Europe Cybercrime Convention, which was opened for signature in November 2001, lists offences that are to be criminalized by signatory countries. However, USCIB believes that phishing is not within the scope of this convention.

Many companies that have been targets of phishing are warning their customers of fraudulent communications and websites. Without the ability to verify the source of communications and websites, users must be aware of the possibility of fraudulent requests for information. USCIB will be developing best practices for businesses on how to send legitimate emails to their customers to maximize their trust. For example, businesses should not provide links, but rather instruct their customers to enter in the URL themselves so that they are not directed to a spoofed site. USCIB will also work with its members and the Federal Trade Commission to develop customer education pieces on how to protect themselves from phishing attempts.

There is also a need for user pressure to encourage technology firms to develop interoperable systems. USCIB is gathering information on initiatives to promote such systems and will discuss how USCIB can support and encourage them. As one possibility, ICC could work with all stakeholders and lead the drafting of a statement on the importance and value of interoperable authentication mechanisms to the growth and development of electronic commerce.

ICC Plans Action on Product Codes – Seen as likely successors to barcode inventory tracking systems, electronic product codes (EPCs) use wireless technology to transmit product serial numbers from tags to a scanner, via a small transmitter built into either the product or its packaging.  This enables businesses to manage logistical operations, track goods and develop more “intelligent” marketing applications.  Some consumer activists, however, have expressed concern about misuse of the technology. In order to develop a global business position to address these concerns, and to provide factual information about EPCs, ICC has established a new task force and is recruiting interested businesses.  The new group will be of particular interest to manufacturers of packaged consumer goods, retailers and EPC chip manufacturers. The activities of the task force, which holds its first meeting in Paris on July 6 under the chairmanship Eric Kraus (Gillette), will be closely coordinated with ICC’s efforts on protection of personal data.  Interested members should contact Heather Shaw (212-703-5068 or hshaw@uscib.org).