Pixels and Policy

The Profit Potential of Virtual Crime

Cybercrime’s prevalence in the virtual world is debatable, with different organizations expressing varying levels of concern. The Fraud Advisory Panel, a consumer protection group, called for the extension of federal laws into the virtual world as early as 2007.

There’s definitely a need, reports the the Hindu Business Line, a business policy newspaper that recently dipped into the virtual world to take a sampling of cybercrime.

From the article:

Phishing attempts to acquire sensitive consumer information such as usernames, passwords, and credit card details fraudulently. Once an account is compromised in this way, a cyber criminal can empty it or use its associated credit card information for other purchases.

While not a threat in the usual sense, users can inadvertantly become party to money laundering. Because avatars can trade currencies and goods inside the virtual world and then sell them into secondary markets for real money, the crime is difficult to trace.

We've come a long way from trying to trade useless loot for gold in Runescape. Money laundering through Second Life's Lindex Exchange, which allows users to spend real currency for Linden Dollars and then convert them back into a real world currency, is also a potential financial fraud hub.

In fact, money laundering on the Lindex was a hot topic in early 2008, causing the company to take a strong stand in defense of its platform. However, these concerns require further investigation, as the ease with which a player can convert currencies - which requires only a computer and a Second Life account - raises serious anti-terrorism concerns.

As virtual worlds grow in scale and in the number of financial transactions conducted daily, cybercriminals are growing in tandem. With no standardization between worlds, there is no way of knowing whether one source is making and cashing out Linden Dollars, Warcraft Gold, or any other in-game currency. This makes tracking accusations of money laundering extremely difficult.

As virtual worlds grow larger and become a part of tens of millions of lives, the security of one's virtual identity will come to the fore. Trading game currency and betting real currency on in-game markets has birthed an emerging, if impromptu, stock market.

Speculators discontent with the ravaged real-world market will no doubt turn to virtual worlds as they become viable. Without any virtual Securities and Exchange Commission to test the legitimacy of "virtual stock" promotions, this leaves well-meaning players open to fraud.

Preventing a Boom Time for Cybercrime

One of the major problems facing law enforcement agencies is the issue of where an attack originates. This decides the thorny issue of jurisdiction.

Internet security firms like McAfee decry the current scam-ridden landscape of virtual worlds, but substantive recommendations for improving the situation are few and far between. As Tech Target reports, the ever-expanding virtual landscape and the cleverness of cybercriminals is confounding traditional law-enforcement services.

Given the cost of cybercrime and its potential to destabilize small virtual worlds that may lack superior protections, being confounded is no longer good enough. Law enforcement agencies need to give serious consideration to the major role virtual worlds are playing in the lives of users - both as hubs for financial transactions with sensitive credit card information, and as a center for semi-anonymous gathering.

Should law enforcement agencies monitor virtual worlds for cybercrime and identity theft? Is it time for the FBI to open a virtual office in Second Life to deal with claims of large-scale cybercrime events? Let us know your thoughts.