Omaha is a cybercrime hot spot, according to a new study that tracked and analyzed 1 billion online transactions from e-commerce companies in the United States. Or is it?
Of the 150 U.S. cities included in the study, Omaha has the fifth-highest rate of transactions that are considered “high risk,” putting it in the company of some much larger metro areas.
But a local FBI spokeswoman questions the ranking and says Omahans should exercise a normal amount of caution with online transactions.
Officials for ThreatMetrix — a company that offers cybercrime prevention services that conducted the research — were unable to pinpoint a reason for Omaha's high ranking, but they suggested there's a possibility that the large presence of banks and payment processors like First Data and PayPal played a role in skewing the numbers.
“All we know is that a percentage of transactions processed online that originated in Omaha, a high percentage of those, are high risk,” said Alisdair Faulkner, chief products officer for ThreatMetrix. “We don't know where exactly that point of compromise is.”
According to ThreatMetrix's study, any online payment or transaction that is rejected automatically by merchants for any reason is categorized as “high risk.”
Attempted transactions from computers owned by fraudsters running complex software that generate random credit card numbers and identities get the “high risk” stamp.
But that also means any transaction where you may have flubbed a digit in entering your credit card number or entered an error for your billing address would be flagged as high risk.
Consumer protection and law enforcement agencies questioned the study's methods and said the ranking isn't a fair measure of actual fraud or online identity theft.
“There is a difference between fraud origination and fraud detection,” said Sandy Breault, a spokeswoman for the FBI. “Due to the high number of credit card processing companies and financial institutions in Omaha, much of the fraud detection that occurs is included in the numbers used in this calculation.
“The FBI enjoys excellent working relationships with these institutions and is well-positioned to learn of various fraudulent acts.”
It's unclear exactly how much cybercrime takes place, since it often goes undetected. ThreatMetrix estimates that between 4.5 percent and 7.2 percent of online transactions are made by computers, smartphones or other devices that are infected with viruses or malware.
Atlanta-based payment processing giant First Data, which has its financial services and processing operations in Omaha, said online fraud isn't a city-by-city problem and it sees no reason to be concerned by Omaha's ranking.
“Online fraud doesn't respect borders, and the United States is among the countries from which the least online fraud originates,” said Nancy Etheredge, a First Data spokeswoman. “Ranking fifth in one of the safer countries in the world doesn't necessarily suggest a cause for elevated concern.”
EBay Inc. subsidiary PayPal, which hosts its risk analytics and fraud modeling operations at its Southport East campus in La Vista, did not respond to messages seeking comment.
The ThreatMetrix rankings were led by New York City. Following in order were Atlanta, Chicago, Los Angeles and Omaha. Dallas was sixth on the list, trailed by San Francisco, Houston, Washington, D.C., and Lexington, Ky.
While the high Omaha ranking may sound troubling, the reality is that the lion's share of online fraud and cybercrime originates beyond the shores of the United States, said Jim Hegarty, president and chief executive of the Better Business Bureau serving Nebraska, South Dakota and southwest Iowa.
Hegarty suggested consumers and businesses run software on their computers to detect and prevent viruses and other damaging software from worming their way onto hard drives, where the malware can pillage critical information like credit card numbers, addresses and Social Security numbers.
Folks also should be wary of clicking on email links sent from unfamiliar addresses. In many cases, the links are part of a “phishing” scam that can lead to identity theft.
“Regardless of our ranking,” Hegarty said, “I can say definitively that the threat that cyber criminals pose to U.S. businesses and consumers is very real.”
Contact the writer: