Aussie Police probe virtual worlds for money trail

Banking security considered a 'laughing stock'.

Australia's Federal and State police forces have deployed resources to investigate virtual worlds to combat money laundering by cybercriminals.

NSW Detective Superintendent Commander Colin Dyson told iTnews at the Cards and Payments Australasia conference in Sydney today that cybercriminals were using virtual, gaming platforms to communicate and transfer funds around the globe.

Dyson declined to name what virtual worlds were under investigation, noting only that they were a "growing area of interest" for State and Federal cybercrime-fighting teams.

In May 2007, the British Fraud Advisory Panel urged governments to impose regulations on virtual Second Life currency to combat a "growing risk of theft and deception" (pdf).

The Second Life virtual world had more than 20 million registered users as of 2011 and a virtual currency of 'Linden dollars' that could be exchanged for US dollars at an approximate rate of 250 to 1.

Popular online game World of Warcraft also had an economy of virtual gold that could be earned and traded in-game, or purchased - despite game rules - at an average rate of 100 gold for US$26 in 2007.

Various sites currently offered blocks of 10,000 World of Warcraft gold for less than US$20.

Outside of games, Dyson highlighted online money transfer services such as e-gold and Hawala, also known as Hundi, as methods used by criminals to obfuscate the source of funds.

Hundi was a network of unofficial brokers who performed international transactions by having one broker accept a sum of money in one country. The broker's overseas colleague would then pay the corresponding sum to the intended recipient, and the two brokers would resolve their settlement at a later date.

That made transactions "very hard to trace", Dyson told the conference.

Cross-border jurisdictions and a global, anonymous online environment were also a challenge for police, who had to operate within the confines of privacy law.

Meanwhile, cybercriminals had become more technologically sophisticated than many financial institutions, he said.

Citing Australian Institute of Criminology figures, Dyson said fraud accounted for 40 percent ($8.5 billion) of the costs of crime in 2005, increasing 31 percent from 2001 due to online methods.

Police were aware of a "burgeoning market for financial and identity information" that was being bought, traded and sold via online sites and discussion boards.

Criminals in Australia tended to focus on harvesting credit card details through card skimming, scams and theft. Dyson said there were "workshops in the south-west of Sydney" dedicated to putting together card skimming tools for point-of-sale devices.

"These people are outrageously good with technology. [PCI compliance] does slow them down, but if there's a way of getting around it, they will."

"They're not your usual organised crime group; they never meet and because they're disparate all over the globe, they are very hard to investigate."

The Australian Payments Clearing Association's fraud, risk and compliance head Caroline Pearce told the conference that debit card fraud had increased 50 percent last financial year due to a "spike" in point-of-sale and ATM skimming.

Dyson said law enforcement authorities were expecting another spike, highlighting a lack of digital chip-and-pin technology that might help prevent card skimming in Australia.

"A Romanian crook told me that Australia is a target because of the level of technology in the banks," Dyson said

"In his words, we are a laughing stock," he said.