E commerce fraud chapter 17 B Ahmed


Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

E commerce fraud chapter 17 B Ahmed

  1. 1. - Understand what measures should be taken to prevent fraud in e-commerce. - Understand How to detect E-Business Fraud
  2. 2. - Preventing E-C fraud involves reducing or eliminating the elements that motivate fraud. - Detecting E-C fraud needs more computer expertise
  3. 3. 1. Security Through Obscurity 2. the control environment 3. risk assessment 4. control activities or Procedures 5. information and communication 6. monitoring
  4. 4. 1. Security Through Obscurity Keeping security holes, encryption algorithms, and processes secret in an effort to confuse attackers.
  5. 5. » The key to the front door is stashed under a rock nearby, or under the welcome mat. » It is right out in the open for the hackers to grab, but mostly he won't be able to find it without huge efforts of searching.
  6. 6. 2. The Control Environment The components of the control environment  Integrity and Ethical Values  Board of Directors and Audit Committee Participation  Management’s Philosophy and Operating Style  Human Resources Policies and Practices
  7. 7. tone at the top A repeated commitment from corporate leadership throughout the company to emphasize the importance to the company of compliance and ethical conduct, which is embraced and integrated into every level of business operations. Michael Volkov, Kreller Group, September 2012
  8. 8. 3. Risk Assessment » Risk assessment identifies the risks of doing business with e-business partners. Focus on - the control environment of those organizations & - The electronic exchange of information and money.
  9. 9. Procedures that counter the risk of  data theft  Sniffing  unauthorized access to passwords  falsified identity  Spoofing  customer impersonation  false Web sites  e-mail or Web site hijacking
  10. 10. 4. Control Activities » control activities generally fall into the following five types: A. Adequate separation of duties. B. Proper authorization of transactions and activities. C. Adequate documents and records. D. Physical control over assets and records. E. Independent checks on performance.
  11. 11. What control is useful for each example? 1.Employees forget or fail to follow procedures, or become careless. 2. locks on doors, 24-hour monitoring and safe storage space are examples of ….. 3. sales invoices, purchase orders, employee time cards in hard-copy and electronic form. 4. servers and computers access. 5. kickbacks and bribery, when one individual becomes too close to suppliers or customers.
  12. 12. Video » Proper authorization of transactions and activities. Biometrics as an example. https://www.youtube.com/watch?v=eZTfgNIiNUA
  13. 13. Remember. Chapter 6 Steps to proactive fraud examination: 1. Endeavour to understand the business or operation of the organization. 2. Identify what frauds can occur in the operation. 3. Determine the symptoms that the most likely frauds would generate. 4. Use databases and information systems to search for those 5. analyse the results, and investigate the symptoms to determine if they are being caused by actual fraud or by other factors.
  14. 14. » Use technology to catch technology fraud. - fraud investigators who specialize in e- commerce should understand the tools and methods that perpetrators use. As - hacker tools could be use in troubleshoot networks and catch perpetrators rather than to hack into systems.
  15. 15. » What skills are required to detect and investigate e-business fraud? 1. Web servers 2. E-mail clients and servers 3. intrusion programs like Nmap, Airsnort, and Wire shark
  16. 16. What other skills are required to detect and investigate e-business fraud?
  17. 17. Challenge » e-business transactions make fraud easier to commit. (Access everywhere and every time) Opportunity » they also make it much easier and faster to detect. (electronic databases to analyse) Focus On more computer expertise
  18. 18.  Security through obscurity should be supported by other tools.  Standards based systems like VPNs, firewalls, public and private, and other means should be employed and monitored at all times.  Regular audits of user behaviour on the system should be done.  Employees need to be trained on e-commerce fraud.