|Superhighway Robbery: Preventing E-commerce Crime
By Graeme R. Newman and Ronald V. Clarke.
2003. Portland, OR: Willan Publishing.
ISBN: 1-84392-018-2 $55.00
One of the stated goals of this book is to convince readers that situational
crime prevention can be used successfully in a variety of conditions and
environments. The authors focus on a novel application for situational
crime prevention - in the world of cyberspace - and show that techniques
used to reduce criminal opportunities and alter offenders' perceptions
are potentially as effective with respect to e-commerce crime as they
are to more traditional crime types.
The first two chapters justify the book's focus on e-commerce crime. Chapter
One argues that changes in society and, thus, changes in crime patterns
can be largely attributed to the evolution of technology. When innovations
such as cars and computers spread throughout a population, there is an
associated growth of offenses involving the innovations, be they driving
offenses or hacking incidents. Chapter Two presents the basic features
of e-commerce, which are defined as the conduct of buying and selling
(both retail and business-to-business) in the new environment of information
technology, be it on-line (Internet) or off-line (internal networks).
These basic features include the use of communication technology to allow
the better usage of information at various points in buying and selling
processes; increased efficiency brought about by automated systems; and
buying and selling of products, information, and services on the Internet.
E-commerce differs from traditional commerce in numerous ways, from the
type of storefront to how products are delivered to end consumers; these
differences present new opportunities for crime.
Chapter Three asserts that the prime target of e-commerce crime is information,
which is of four main categories: intellectual property (e.g., books,
CDs, DVDs, and software), intelligence (databases containing customers'
information), information systems, and services. The authors further classify
targets in seven ways, depending on the intent of the offender. An important
distinguishing feature between e-commerce and traditional crime concerning
target selection relates to the ease of surveillance. A burglar can case
only so many houses. A child molester can watch only so many playgrounds.
Demands of travel and temporal patterns of daily life place a limit on
how many targets can be identified. With respect to e-commerce crime,
there are no such constraints. Surveillance is restricted only by the
speed of the Internet, and searches for targets can span vast spaces and
occur at all hours.
Chapter Three also classifies crimes based on whether they have direct
or indirect effects on e-commerce business. Detailed tables in this section
list 26 crime types or incidents, with examples and estimates of the extent
or cost of the crime. The chapter concludes by introducing a new acronym
to the crime prevention literature-SCAREM. This concerns the criminogenic
characteristics of the computing environment that make e-commerce possible:
stealth, challenge, anonymity, reconnaissance, escape, and multiplicity.
In Chapter Four, the authors argue that many tangible products are in
fact partially information based, in that some of their value derives
not from the physical item, but from services associated with the product
that are carried out in the computing environment. Some examples of such
products are credit cards, cell phones, and products with service contracts.
Further, there is a link between crime type and the portion of a product
that is information based.
The CRAVED (concealable, removable, available, valuable, enjoyable, and
disposable) acronym was proposed by Clarke (1999) as a means of describing
the criminogenic attributes of products. Here, Newman and Clarke claim
this model is also appropriate for describing the characteristics of information
that make it a "hot product." But unlike physical products,
such as handguns or car stereos, information is changeable, constantly
moving, and comes in many varieties. This makes it hard to determine which
specific design changes would be suitable for reducing the vulnerability
of information. In addition, the vulnerability of a product is a function
not only of the extent to which it is information based, but also of how
much skill or effort is needed to damage the product.
In contrast to traditional crimes, many e-commerce crimes require a much
larger amount of skill and effort. A table in this chapter lists high
and low skill crime types for each of the four information categories.
Chapter Five is a detailed analysis of a particular form of e-commerce
transaction - on-line shopping - from the purchase of an item using a
credit card by phone or over the Internet to the delivery of the item
to the consumer. Each step along the way is described in terms of its
benefits and vulnerabilities to crime. Fraudulent retailing, financial
services fraud, medical services/product fraud, and on-line auctions are
discussed in this context.
Strategies for reducing opportunities for e-commerce crime are presented
in Chapter Six. The methods will be familiar to situational crime prevention
advocates, as they closely follow the grid of sixteen techniques from
Clarke's collection of case studies (1997). Within four main areas - increasing
perceived effort, increasing perceived risk, reducing anticipated rewards,
and removing excuses - are four opportunity-reducing techniques. Those
specific to e-commerce crime prevention include safeguarding data integrity,
authenticating identity, detecting intrusions, and assigning responsibility.
It is important to note that many of the techniques are not limited, as
are many of the situational crime prevention measures targeting traditional
crimes, to physical locations or certain times. The authors point out
that there is little research into the effectiveness of the techniques
on e-commerce crime, and that the classification scheme used should be
seen as exploratory, not definitive.
Chapter Seven presents a case study on reducing credit card fraud from
the UK, which was a multi-agency, multi-faceted approach that had multiple
preventive measures taken at several different stages of delivery (card
issuance, card acquisition, point of sale, card-not-present sale, and
after the sale) and over a number of years. These initiatives resulted
in a significant drop in credit card fraud. The case study also shows
that criminals adapt to technological changes and develop new ways of
circumventing preventive measures, which in turn leads to new measures
implemented to thwart innovative criminals-what Paul Ekblom (2000) refers
to as the "arms race."
The final chapter is very much a response to David Garland (2001) and
other critics of situational crime prevention, who maintain that it is
a variety of coercive social control. Newman and Clarke conclude that
there is "very little chance" that "big brother" will
take over (p. 194). Practical applications of situational crime prevention
demonstrate that it is very difficult to coordinate stakeholders, and
when programs are successful they typically do not involve intervention
from government. Bureaucracies that control information compete with each
other, so there is little likelihood of wide-scale sharing of data. The
government and the private sector do not work closely together to control
individuals. As well, surveillance is increasingly becoming "democratized,"
with government being only one of the powerful players. Although surveillance
may enhance abilities of totalitarian governments, the authors assert
the problem is not surveillance but totalitarianism.
Often the earliest commentaries on emerging fields are vague and full
of partially-developed ideas. This book is neither. Indeed, it is remarkably
specific and makes extensive use of lists and classification schemes,
which are helpful for organizing a great deal of information about this
nascent form of crime. Many of the ideas presented in the book are not
new-these underlying concepts have been part of the crime prevention literature
for many years. However, it is the innovative and creative application
of these concepts to the problem of e-commerce crime that is the strength
of this book.
The book delivers much more than it promises. It is well organized, clearly
written, and detailed yet parsimonious. It is wide ranging and very thorough,
bringing in a variety of literatures, including business and marketing,
economics, sociology, psychology, and anthropology. It contains an interesting
blend of theoretical discussion and practical information, which makes
the book useful for many different audiences, although some readers may
be discouraged by the sheer amount of information presented. For this
reason, as well as the limited overall scope of the book, it is not appropriate
for introductory or "survey" crime prevention courses. However,
it would be a good supplement for upper-level and graduate courses on
situational crime prevention. It would also serve very well as a main
text in a specialized course on e-commerce crime or computer security,
even for those with no background in situational crime prevention.
Clarke, Ronald V. (1997) Situational Crime Prevention: Successful Case
Studies, 2nd ed. New York: Harrow and Heston.
Clarke, Ronald V. (1999) Hot Products: Understanding, Anticipating
and Reducing the Demand for Stolen Goods, Police Research Series Paper
98. London: Home Office.
Ekblom, Paul (2000) "Future crime prevention - a mindset - a way
of thinking systematically about causes of crime and solutions to crime
problems", in Foresight (2000) Turning the Corner. London: Department
of Trade and Industry, Crime Prevention Panel, DTI / Pub 5185 / 5k / 12
/ 00 / NP, URN 00 / 136 CD Annex, cited in Newman and Clarke, p. 147.
Garland, David (2001) The Culture of Control: Crime and Social Order
in Contemporary Society. Chicago: University of Chicago Press.