Sri Lanka among top 10 countries in credit card fraud
Often the biggest problem in countries like Sri Lanka when determining the root vulnerability exploited by hackers is that the data stored in associated files is not properly recorded following an intrusion, according to cyber security specialist Sujit Cristy, a Director at Layers – 7 Seguro Consultoria, who has worked in Singapore, India and other markets in the Asian region.
Elaborating, he also added that IT personnel, in an effort to recover from the intrusion quickly, fail to take a disk image, or copy, so that the necessary forensic investigation can be done later. As such, data that is important in determining the root vulnerability is often overwritten in an effort to quickly recover, with little or no thought to figuring out the root vulnerability.
Further, Mr. Christy also revealed that, without a proper investigation, it was hard to properly ascertain the degree of the threat. Even when it seemed that nothing was stolen or tampered with, there was always a chance that an unnoticed application, or some other measure, was hidden away within the system to aid in future intrusions.
Making these comments as part of his presentation on “Governance, risk and compliance governing IT” at the monthly meeting of the Sunday Times Business Club on Monday, Mr. Christy also stated that credit card companies have, for a while now, been asking local banks to adopt the internationally recognised PTS DSS security standard, but this has not been the case so far, mainly because it is too expensive. This was one of the attributing factors to Sri Lanka being one of the top 10 countries in terms of credit card crime. The Sunday Times Business Club holds a forum at the end of every month, each on a different topic. These are held at host hotel Cinnamon Lakeside, and sponsored by Etisalat along with Hameedia.
Also speaking at the discussion, lawyer and Club President Chaturanga Perera noted that, prior to the enactment of local laws to combat online offences; there were many loopholes that were exploited to get defendants off. These were mainly due to a lack of adequate terminology being used by the law up to that point. For example, legally speaking, trespass applies only to entering physically a premises’ and cannot be applied to entering a computer, while theft only applies to moveable property, but when it comes to data, it no longer applies. He also added that there were also issues pertaining to legal jurisdictions wherein cases could be prosecuted because of the complexity, and transnational nature, of Internet transactions.
Mr. Perera also identified the various areas of cybercrime in relation to Sri Lanka’s Cyber Crime Act of 2007. He highlighted that Part 1 Section 3 dealt with the unauthorised access of a computer as well as the unauthorised installation of a programme. Section 4 was associated with cracking a computer, which was similar to breaking and entering in terms of physical locations.
Meanwhile, Section 5 was used for unauthorised modification, while Section 6 was connected to national security, national economy and public order. Section 7 was used to prosecute those that access information without lawful authorisation. Section 8 dealt with illegal interceptions during the transfer of information. Sections 9 and 10 were associated with the use of illegal devices and the unauthorised disclosure of information, respectively, while Sections 12 and 13 indicated the laws regarding abetting and conspiring.
Follow @timesonlinelk
comments powered by Disqus