16
Unit 9: Electronic Unit 9: Electronic Fraud Fraud Professor Thomas Genovese
| Date post: | 05-Jan-2016 |
| Category: |
Documents |
| Upload: | collin-joseph |
| View: | 221 times |
| Download: | 0 times |
Unit 9: Electronic Unit 9: Electronic FraudFraud
Professor Thomas Genovese
Learning Learning ObjectivesObjectives
1.1.Understand e-commerce Understand e-commerce fraud fraud riskrisk..
2.2.Take measures to Take measures to preventprevent e- e-commerce fraud.commerce fraud.
3.3.DetectDetect e-business fraud. e-business fraud.
E-commerce Fraud E-commerce Fraud Risk Risk PressuresPressures
Dramatic growth, which has created Dramatic growth, which has created tremendous cash flow needs.tremendous cash flow needs.
Merger or acquisition activity, which creates Merger or acquisition activity, which creates pressures to “improve the reported financial pressures to “improve the reported financial results.”results.”
Borrowing or issuing stock, additional Borrowing or issuing stock, additional pressures to “cook the books.”pressures to “cook the books.”
New products, which require intensive and New products, which require intensive and expensive marketing and for which an expensive marketing and for which an existing market does not yet exist.existing market does not yet exist.
Unproven or flawed business models, with Unproven or flawed business models, with tremendous cash flow pressures.tremendous cash flow pressures.
E-commerce Fraud Risk - E-commerce Fraud Risk - OpportunitiesOpportunities
New and innovative technologies.New and innovative technologies.
Complex information systems that make Complex information systems that make installing controls difficult.installing controls difficult.
The transfer of large amounts of information.The transfer of large amounts of information.
Removal of personal contact.Removal of personal contact.
Lack of “brick-and-mortar” and other physical Lack of “brick-and-mortar” and other physical facilities.facilities.
Inability to distinguish large and/or established Inability to distinguish large and/or established companies from new and/or smaller companies.companies from new and/or smaller companies.
Electronic transfer of funds.Electronic transfer of funds.
Compromised privacy.Compromised privacy.
E-commerce Fraud Risk- E-commerce Fraud Risk- RationalizationRationalization
Decreases in the personal contact Decreases in the personal contact between customer and supplier.between customer and supplier.
Transactions between anonymous or Transactions between anonymous or unknown buyers and sellers.unknown buyers and sellers.
False notion that traditional methods of False notion that traditional methods of accounting no longer apply.accounting no longer apply.
E-commerce Fraud RiskE-commerce Fraud Risk
Risks Inside an Risks Inside an Organization:Organization:
Data theftData theft
Social engineeringSocial engineering
SniffingSniffing
WartrappingWartrapping
VandalismVandalism
Employee laptopsEmployee laptops
E-commerce Fraud RiskE-commerce Fraud Risk
Risks Outside an Organization:Risks Outside an Organization: Computer virusesComputer viruses
SpywareSpyware
PhishingPhishing
SpoofingSpoofing
Falsified identityFalsified identity
Database query (SQL) injectionsDatabase query (SQL) injections
Bust-outBust-out
E-mail and Web visitsE-mail and Web visits
E-commerce Fraud E-commerce Fraud Prevention Prevention
How to reduce pressures and How to reduce pressures and eliminate rationalizations in e-eliminate rationalizations in e-business?business?
Security Through Obscurity:Security Through Obscurity:
Keeping security holes, encryption algorithms, and Keeping security holes, encryption algorithms, and processes secret in an effort to confuse hackers.processes secret in an effort to confuse hackers.
E-commerce Fraud E-commerce Fraud Prevention Prevention
Reduce opportunities through Reduce opportunities through appropriate internal controls.appropriate internal controls.
Elements: Elements:
(1) The control environment(1) The control environment
(2) Risk assessment(2) Risk assessment
(3) Control activities or procedures(3) Control activities or procedures
(4) Information and communication(4) Information and communication
(5) Monitoring(5) Monitoring
E-commerce Fraud E-commerce Fraud Prevention Prevention
Components of the control Components of the control environment: environment:
Integrity and Ethical ValuesIntegrity and Ethical Values
Board of Directors and Audit Committee Board of Directors and Audit Committee ParticipationParticipation
Management’s Philosophy and Operating StyleManagement’s Philosophy and Operating Style
Human Resources Policies and PracticesHuman Resources Policies and Practices
E-commerce Fraud E-commerce Fraud Prevention Prevention
Risk AssessmentRisk Assessment
Identifies the risks of doing business Identifies the risks of doing business with e-business partners.with e-business partners.
Focuses on the control environment of Focuses on the control environment of business partners.business partners.
Identifies the risks involved in electronic Identifies the risks involved in electronic exchange of information and money.exchange of information and money.
Intrusion detection.Intrusion detection.
E-commerce Fraud E-commerce Fraud Prevention Prevention
Control ActivitiesControl Activities
Adequate separation of dutiesAdequate separation of duties
Proper authorization of transactions and Proper authorization of transactions and activitiesactivities
Adequate documents and recordsAdequate documents and records
Physical control over assets and recordsPhysical control over assets and records
Independent checks on performanceIndependent checks on performance
E-commerce Fraud E-commerce Fraud Prevention Prevention
Adequate Separation of Duties (who Adequate Separation of Duties (who authorizes? – who executes?)authorizes? – who executes?)
Proper Authorizations ( Passwords, Proper Authorizations ( Passwords, Firewalls, Digital signatures, Biometrics)Firewalls, Digital signatures, Biometrics)
Additional controls of Electronic Additional controls of Electronic Documents and Records (sales invoices, Documents and Records (sales invoices, purchase orders, subsidiary records, purchase orders, subsidiary records, salessales journals, employee time cards, journals, employee time cards, checks).checks).
Physical Control over Assets and Physical Control over Assets and Records (IT equipment, Programs, Data Records (IT equipment, Programs, Data Files)Files)
Independent Checks on Performance Independent Checks on Performance (including partners)(including partners)
E-commerce Fraud E-commerce Fraud DetectionDetection
Data-driven Fraud DetectionData-driven Fraud Detection
1.1. Understand the business or operations Understand the business or operations of the organization.of the organization.
2.2. Identify what frauds can occur in the Identify what frauds can occur in the operation.operation.
3.3. Determine the symptoms that the most Determine the symptoms that the most likely frauds would generate.likely frauds would generate.
4.4. Use databases and information Use databases and information systems to search for those symptoms.systems to search for those symptoms.
E-commerce Fraud E-commerce Fraud DetectionDetection
Data-driven Fraud Detection:Data-driven Fraud Detection:
5.5. Analyze the results.Analyze the results.
6.6. Investigate the symptoms to determine Investigate the symptoms to determine if they are being caused by actual if they are being caused by actual fraud or by other factors.fraud or by other factors.
That’s All Folks!That’s All Folks!
Good luck in your Good luck in your academic, academic, professional and professional and personal personal endeavors!endeavors!
