E commerce fraud chapter 17 B Ahmed

• 1. - Understand what measures should be taken to prevent fraud in e-commerce. - Understand How to detect E-Business Fraud

2. - Preventing E-C fraud involves reducing or eliminating the elements that motivate fraud. - Detecting E-C fraud needs more computer expertise 3. 1. Security Through Obscurity 2. the control environment 3. risk assessment 4. control activities or Procedures 5. information and communication 6. monitoring 4. 1. Security Through Obscurity Keeping security holes, encryption algorithms, and processes secret in an effort to confuse attackers. 5. The key to the front door is stashed under a rock nearby, or under the welcome mat. It is right out in the open for the hackers to grab, but mostly he won't be able to find it without huge efforts of searching. 6. 2. The Control Environment The components of the control environment Integrity and Ethical Values Board of Directors and Audit Committee Participation Managements Philosophy and Operating Style Human Resources Policies and Practices 7. tone at the top A repeated commitment from corporate leadership throughout the company to emphasize the importance to the company of compliance and ethical conduct, which is embraced and integrated into every level of business operations. Michael Volkov, Kreller Group, September 2012 8. 3. Risk Assessment Risk assessment identifies the risks of doing business with e-business partners. Focus on - the control environment of those organizations & - The electronic exchange of information and money. 9. Procedures that counter the risk of data theft Sniffing unauthorized access to passwords falsified identity Spoofing customer impersonation false Web sites e-mail or Web site hijacking 10. 4. Control Activities control activities generally fall into the following five types: A. Adequate separation of duties. B. Proper authorization of transactions and activities. C. Adequate documents and records. D. Physical control over assets and records. E. Independent checks on performance. 11. What control is useful for each example? 1.Employees forget or fail to follow procedures, or become careless. 2. locks on doors, 24-hour monitoring and safe storage space are examples of .. 3. sales invoices, purchase orders, employee time cards in hard-copy and electronic form. 4. servers and computers access. 5. kickbacks and bribery, when one individual becomes too close to suppliers or customers. 12. Video Proper authorization of transactions and activities. Biometrics as an example. https://www.youtube.com/watch?v=eZTfgNIiNUA 13. Remember. Chapter 6 Steps to proactive fraud examination: 1. Endeavour to understand the business or operation of the organization. 2. Identify what frauds can occur in the operation. 3. Determine the symptoms that the most likely frauds would generate. 4. Use databases and information systems to search for those 5. analyse the results, and investigate the symptoms to determine if they are being caused by actual fraud or by other factors. 14. Use technology to catch technology fraud. - fraud investigators who specialize in e- commerce should understand the tools and methods that perpetrators use. As - hacker tools could be use in troubleshoot networks and catch perpetrators rather than to hack into systems. 15. What skills are required to detect and investigate e-business fraud? 1. Web servers 2. E-mail clients and servers 3. intrusion programs like Nmap, Airsnort, and Wire shark 16. What other skills are required to detect and investigate e-business fraud? 17. Challenge e-business transactions make fraud easier to commit. (Access everywhere and every time) Opportunity they also make it much easier and faster to detect. (electronic databases to analyse) Focus On more computer expertise 18. Security through obscurity should be supported by other tools. Standards based systems like VPNs, firewalls, public and private, and other means should be employed and monitored at all times. Regular audits of user behaviour on the system should be done. Employees need to be trained on e-commerce fraud.