Not Tough Enough on Cybercrime
Stronger Sentences in Fraud Cases Needed as DeterrentThe only way to really put a dent in financial fraud and cybercrime is through aggressive prosecution of fraudsters and tough sentences for the guilty.
See Also: How to Take the Complexity Out of Cybersecurity
The sentencing handed down by a federal court in Atlanta last week to a player in the RBS WorldPay heist is an example of the kind of slap-on-the-wrist punishment that, unfortunately, is all too common in cyberfraud cases.
A Chicago woman who admitted to leading one of the crime cells involved in the $9 million heist, which in one day hit U.S. accounts and cards from ATM and POS points throughout the world, got just 30 months behind bars. She also must pay $89,000 in restitution for the fraudulent transactions her ring contributed to the heist on Nov. 8, 2008.
Even if it turns out that this fraudster cooperated with federal investigators, the sentence in this massive heist case is inappropriate because it does not send a strong enough message about how seriously U.S. courts are taking international financial schemes.
IT security and privacy attorney David Navetta agrees. "The sentence seems relatively weak compared to the crime," he says. "This fraud involved $9 million stolen, and probably millions in investigative expenses on top of that. I'm not sure if this sentence sends a very strong message to deter future crimes."
Effective Deterrent Action
Jenny Durkan, U.S. Attorney for the Western District of Washington, has the results to back up her assertion that aggressive prosecutions and tough sentences are effective in deterring cybercrime.
Durkan has devoted a lot of time and energy to taking down crime rings responsible for fraud. In recent years, her focus has been on card fraud, targeting the criminals and rings that perpetrate attacks on ATMs and point-of-sale systems and devices.
The U.S. attorney has prosecuted a long list of fraud cases, and she's won some tough sentences. For example, in an elaborate skimming scheme that targeted Chase ATMs, one defendant was sentenced to five years in prison, and ordered to pay $400,000 in restitution.
The ramped-up prosecution of fraud cases in the Seattle area "has driven the amount of skimming fraud almost to zero," Durkan says.
When opportunities arise to send strong messages about intolerance for cybercrime and financial fraud, we must seize them. The sentencing in the RBS WorldPay case, unfortunately, was a missed opportunity.