One of the surprises from my trip to Costa Rica has been the prevalence in the media of stories regarding internet fraud, phishing and other hacking attacks. Back in August the police arrested 16 individuals involved in identity theft in order to remove ¢800 million CRC (about $1.6 million USD) from bank accounts.
The relative unfamiliarity with new technologies, coupled with some insecure institutional practices and balances, have meant that cybercrime has become a profitable exercise in Costa Rica. In the UK, users are covered by all sorts of consumer protection at national and European level, but here users run with all of the risks from fraud. With better systems in place, it would be possible to weed out a lot of the most basic attacks, but identity checking is seriously lacking. It seems unfair that users should bear the brunt of the liability for online fraud.
Things are changing however. The national press has been educating readers about phishing and other scams, and some banks have started implementing better checks, or imposing caps on online transactions per day. Scotiabank has even gone as far as to issue consumers with a password generating keyring, a device that randomly generates a new passcode every 60 minutes or so, and which is synchronised with the account (this would however, leave the user vulnerable to mugging, but I digress).
The law has also been changed, there is now a criminal offence against internet fraud which carries a maximum 10 years.
I guess that bridging the digital divide means that the number of potential cyber-victims increases, and the law should change accordingly.