Goljufija proti prevari: kdo je odgovoren za kibernetski kriminal (Ketharaman Swaminathan)

Vzeli smo naslednji primer kibernetskega kriminala
Zakaj je kibernetske kriminalce težko ujeti?

Joe uporabi digitalno plačilo, da nekaj kupi od Jane, in ne dobi, kar je naročil.

V tem kontekstu je digitalno plačilo kateri koli A2A RTP, kot je UPI (Indija), FPS (UK) ali Zelle (ZDA).

(For the uninitiated, A2A RTP stands for Account-to-Account Real Time Payment, where money goes from sender’s bank account to receiver’s bank account in near realtime.)

Nato smo videli, zakaj je bilo kiberkriminalca težko ujeti.

V tem drugem delu bomo preučili, kdo je odgovoren za kibernetski kriminal.

----

Cybercrime goes beyond the anonymous nature of cash and non-anonymous nature of digital payments. That’s because:

• Cash transactions cannot happen remotely. So, Joe needs to meet Jane in person to hand over the cash to her. While cash is an anonymous MOP, Joe does know the identity of Jane. Besides, if the meeting happens in a public place, Jane is captured in many
  CCTV feeds.
• Digital Payment introduces many intermediaries such as Payor Bank, Payee Bank, Scheme Operator, and so on. While these entities follow the law, it’s not like laws related to this specific scam are the only laws they’re governed by.

Kot lahko vidimo, v kontekstu kibernetske kriminalitete gotovina ni tako anonimna in neanonimna narava digitalnih plačil ni toliko v pomoč pri reševanju kibernetske kriminalitete, ki se izvaja prek A2A RTP.

----

While referring to Jane, I prefixed the term “scammer” with “alleged”. That’s because of the following reasons:

1. In any citilized nation, Jane is innocent until she’s tried and found guilt by a court of law.
2. What’s the guarantee that the alleged victim Joe is telling the truth? Imagine a customer who pays you for work you’ve done for them, then develops cognitive dissonance / buyers remorse, approaches cyberpolice and files a fraud complaint against you? Will
   you part with the money readily?? (In a credit card payment, this would be called “first party fraud” but, for reasons we’ll see shortly, that term does not exist in A2A RTP.)

----

The thief obviously is culpable for cybercrime. But, as we saw earlier, it’s not easy to catch her.

Ergo it’s human nature – and the founding principle of the so-called
“drunk under lamp post” regulation –  to stick it to somebody else who can be caught easily.

In India, going by outrage on social media, the pet whipping boy is the Payee Bank. People want to hold Jane’s bank responsible on the ground that it opened an account in the name of the Alleged Scammer despite doing KYC. They seem to assume that KYC is
character certification. But it’s not. As long as you produce the necessary KYC documents, a bank is not under any obligation to vet your character before opening an account in your name (Not legal advice.)

Pravzaprav banke dajejo posojila celo obsojenim kriminalcem in ni mogoče pričakovati, da bodo zavrnile osnovni bančni račun domnevnemu kriminalcu, kot je Jane (Ne pravni nasvet.)

In the UK, in a fit of populism (IMO), the regulator ordered (payor) banks to reimburse all victims. Banks said no and rejected 90% of the claims. At the height of hysteria, the payment system regulator wanted to call this a matter of national security.
Things have cooled down now.

V ZDA je plačnik prepuščen sam sebi proti kiberkraji.

“Drunk under Lamp Post” logic breaks down in the case of cybercrime because it involves a number of parties other than banks such as the Telecom company that provides mobile connectivity to the Alleged Scammer, the electricity company that provides electricity
with which the Alleged Scammer charged her phone, and so on.

It’s obviously not possible to hold any of them culpable.

Prav tako ni smiselno, da bi bile banke odgovorne.

I’m aware that banks, money transfer operators and many other financial institutions are required by law in many jurisdictions to block terrorism-related payments and file Suspicious Activity Report (SAR) / Suspicious Transaction Report (STR) for terrorism
related transactions. They fulfill that responsibility by using sanctions-screening software and FATF databases. But I see no way for them to block fund transfers related to all kinds of crimes including APP scams.

Želim si, da bi obstajal bolj prijeten način izražanja, vendar je plačnik neizogibno edina oseba, ki ostane v rokah za kibernetsko krajo, izvedeno prek A2A RTP. Vsaj dokler policisti ne ujamejo prejemnice plačila in ji ne izterjajo denarja po ustreznem pravnem postopku.

“Zelle makes this point explicit. The #1 A2A RTP of USA warns people upfront not to use Zelle to make payments to people they don’t know or trust. Consumers should only use Zelle® to send and receive money with friends, family, and businesses they know and
trust (vir) "

Zelle tudi kristalno jasno razlikuje med goljufije in
Prevara.

• Goljufija je nepooblaščeno plačilo, tj. ko nekdo ukrade vašo osebno izkaznico/bančne poverilnice/podatke o kreditni kartici in izvede plačilo brez vašega dovoljenja.
• Prevara je pooblaščeno plačilo, tj. ko je Scammee izvedel plačilo napačni osebi ali za napačen namen ali oboje.

Medtem ko bi se Joe tehnično morda počutil opeharjenega there’s no fraud – it’s a scam.

Zelle jasno omenja, da plačnik v primeru prevare morda ne bo mogel dobiti svojega denarja nazaj.

Medtem ko New York Times v nedavnem neuspešno poskuša prilepiti bankam
članek, se mi je zdel primeren naslednji komentar:

“Zelle is cash. If you hand your cash to a fraudster it’s your problem. Don’t expect less foolish users to effectively subsidize your mistakes by putting the culpability on the banks, their responsible customers and their shareholders. When you hit send,
you have released the cash. That is that. That’s why you have to make a choice TWICE. If you don’t trust yourself to handle your finances, get help.”

Naj se sliši ostro, se s tem občutkom težko ne strinjamo.

Mojih nenaročenih 0.02 USD drugim regulatorjem in upravljavcem shem:

Uporabite priročnik Zelle, da pojasnite, da ima plačnik prevare A2A RTP.

Izjema od zgoraj navedenega je nekaj bank plačnic, kot je Lloyds Bank, ki povrnejo skoraj vsem svojim strankam, ki trpijo zaradi prevare APP.

----

Had Joe made the above payment with a credit card, he’d get his money back quite easily.

Kreditna kartica potrošnikom nudi široko paleto zaščite:

• Goljufija ali nepooblaščeno plačilo: nekdo drug uporablja mojo kreditno kartico za nakupe zase.
• Scam aka Authorized Payment: I use my credit card to make a purchase. I don’t get the product.
• Pomanjkanje storitve: za nakup uporabljam svojo kreditno kartico. Dobim izdelek. Vendar ne deluje, kot se oglašuje.

According to credit card network rules, when Joe contacts his bank after realizing that he has been scammed, his bank should reverse his charge, pending a chargeback / dispute investigation. In some jurisdictions (e.g. USA), the process is fairly seamless,
and Joe will get his money back with a single call. In some others (e.g. India), which use 2FA for credit card payments, the bank will pushback on the credit cardholder, saying “only you know PIN / OTP, so you only must have made the payment”. However, even
in these markets, Joe will eventually get his money back, just that it will take more effort than a single call.

Najboljši način, da se potrošniki zaščitijo pred prevarami in goljufijami, je plačilo s kreditno kartico.

If that’s not possible for whatever reason, consumers should exercise extreme caution while initiating a payment with UPI, FPS, Zelle or any other A2A RTP. As we’ve seen, once you send money out from your bank account with an A2A RTP, it’s extremely difficult
to get it back. Better to be safe than sorry, and all that…

----

The common man might crave for A2A RTP method of payments to support the same degree of scam and fraud protection as credit card. But that’s like expecting a Maruti 800 to be a BMW.

As I’ll explain in a follow-on post, Scam / Fraud protection is a feature in credit card but a bug in A2A. Unfortunately for A2A RTP users, it’s not easy to fix the bug without alienating merchants and threatening the very existence of the payment method
Sam.