Reuters/Sao Paulo
Long seen as the Wild West of online fraud, Brazil is about to implement its first cyber-crimes law in an attempt to protect its rapidly expanding banking and e-commerce industries.
But online security experts warn that jail terms ranging from two months to three years may be insufficient to fight electronic fraud, a problem that cost the local financial industry $700mn in 2012, according to Brazil’s banking association Febraban.
Brazil ranks among the world’s top producers of spam, Trojan viruses and phishing, according to security firms, and until now Brazilian cyber criminals have operated in the open, trading stolen data in online forums and posting YouTube videos of themselves with wads of cash.
“The sense of impunity is huge,” says Fabio Assolini, a senior malware analyst with the online security company Kaspersky Lab in Sao Paulo. “Brazilian cyber criminals feel free to work.”
Online theft has not only hit the financial industry but is also casting a shadow over Brazil’s growing online retail market, a $12bn industry that recently attracted heavyweights such as US online retailer Amazon.com.
Experts say Brazil is finally moving in the right direction. However, they warn not to expect an overnight fix for Latin America’s largest online marketplace.
“We see an awakening phase in Brazil,” says Limor Kessem, a cybercrimes specialist in Tel Aviv with online security firm RSA, a division of EMC Corporation
“Things will really start changing once criminals see other people are being arrested and going to jail.”
The law that takes effect in April was hastily passed last year after Carolina Dieckmann, a Brazilian soap opera star, had dozens of intimate pictures stolen from her computer and leaked to the Internet.
Security experts say the “Carolina Dieckmann Computer Crimes Law” should, for instance, help improve Brazil’s dubious position as a global producer of phishing, a type of crime where hackers redirect users of financial services to fake sites to steal their passwords and other confidential data.
Reported phishing attacks in Brazil jumped 95% last year, according to official figures. RSA says Brazil is the world’s fourth-biggest host of such attacks after the US, Britain and Germany.
What makes Brazil so attractive? Lack of regulation on the one hand coupled with a fast-growing base of new Internet users.
With just 48% of its population online and a swelling middle class, Brazil is seen as one of the new frontiers for Internet services and e-commerce.
“As digital inclusion increases so does the number of potential victims of fraud,” says Demi Getschko, director of Brazil’s Internet regulator, NIC.br.
Brazil’s banking industry says it was able to stem losses from electronic fraud by 7% in 2012, mainly through stronger authentication protocols. Febraban welcomed the law but says it wants more. “I am sure the penalties will have to be revised in the future because these crimes are much more dangerous than they are made out to be in the law,” said Marcelo Câmara, Febraban’s director of fraud prevention.