Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 of 51 C © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart CHAPTER 5 Computer Fraud and Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 of 51 C © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart CHAPTER 5 Computer Fraud and Security."— Presentation transcript:

1 1 of 51 C © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart CHAPTER 5 Computer Fraud and Security

2 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart2 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart2 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart INTRODUCTION Questions to be addressed in this chapter: –What is fraud, and how are frauds perpetrated? –Who perpetrates fraud and why? –What is computer fraud, and what forms does it take? –What approaches and techniques are used to commit computer fraud?

3 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart3 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart3 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart INTRODUCTION Information systems are becoming increasingly more complex and society is becoming increasingly more dependent on these systems. –Companies also face a growing risk of these systems being compromised. –Recent surveys indicate 67% of companies suffered a security breach in the last year with almost 60% reporting financial losses.

4 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart4 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart4 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart INTRODUCTION Companies face four types of threats to their information systems: –Natural and political disasters Include: –Fire or excessive heat –Floods –Earthquakes –High winds –War and terrorist attack When a natural or political disaster strikes, many companies can be affected at the same time. –Example: Bombing of the World Trade Center in NYC. The Defense Science Board has predicted that attacks on information systems by foreign countries, espionage agents, and terrorists will soon be widespread.

5 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart5 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart5 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart INTRODUCTION Companies face four types of threats to their information systems: –Natural and political disasters –Software errors and equipment malfunction Include: –Hardware or software failures –Software errors or bugs –Operating system crashes –Power outages and fluctuations –Undetected data transmission errors Estimated annual economic losses due to software bugs = $60 billion. 60% of companies studied had significant software errors in previous year.

6 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart6 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart6 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart INTRODUCTION Companies face four types of threats to their information systems: –Natural and political disasters –Software errors and equipment malfunction –Unintentional acts Include –Accidents caused by: Human carelessness Failure to follow established procedures Poorly trained or supervised personnel –Innocent errors or omissions –Lost, destroyed, or misplaced data –Logic errors –Systems that do not meet needs or are incapable of performing intended tasks Information Systems Security Assn. estimates 65% of security problems are caused by human error.

7 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart7 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart7 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart INTRODUCTION Companies face four types of threats to their information systems: –Natural and political disasters –Software errors and equipment malfunction –Unintentional acts –Intentional acts (computer crime) Include: –Sabotage –Computer fraud –Misrepresentation, false use, or unauthorized disclosure of data –Misappropriation of assets –Financial statement fraud Information systems are increasingly vulnerable to these malicious attacks.

8 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart8 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart8 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart THE FRAUD PROCESS Fraud is any and all means a person uses to gain an unfair advantage over another person. In most cases, to be considered fraudulent, an act must involve: –A false statement (oral or in writing) –About a material fact (something induces a person) –Knowledge that the statement was false when it was uttered (which implies an intent to deceive) –A victim relies on the statement –And suffers injury or loss as a result

9 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart9 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart9 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart THE FRAUD PROCESS Since fraudsters don’t make journal entries to record their frauds, we can only estimate the amount of losses caused by fraudulent acts: –The Association of Certified Fraud Examiners (ACFE) estimates that total fraud losses in the U.S. run around 6% of annual revenues or approximately $660 billion in 2004. More than we spend on education and roads in a year. 6 times what we pay for the criminal justice system. –Income tax fraud (the difference between what taxpayers owe and what they pay to the government) is estimated to be over $200 billion per year.

10 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart10 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart10 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart Tue 14-12 THE FRAUD PROCESS Fraud against companies may be committed by an employee or an external party. –Former and current employees (called knowledgeable insiders) are much more likely than non-employees to perpetrate frauds (and big ones) against companies. Largely owing to their understanding of the company’s systems and its weaknesses, which enables them to commit the fraud and cover their tracks. –Organizations must utilize controls to make it difficult for both insiders and outsiders to steal from the company.

11 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart11 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart11 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart THE FRAUD PROCESS Fraud perpetrators are often referred to as white-collar criminals. –Distinguishes them from violent criminals, although some white-collar crime can ultimately have violent outcomes, such as: Perpetrators or their victims committing suicide.

12 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart12 of 35 Types of Frauds OCCUPATIONAL Fraudulent Statements –Financial –Non-financial Asset Misappropriation –Theft of Cash –Fraudulent disbursements –Inventory and other assets Bribery and Corruption –Bribery –Illegal gratuities –Economic extortion –Conflict of interest OTHER Intellectual property theft Financial institution fraud Check and credit card fraud Insurance fraud Healthcare fraud Bankruptcy fraud Tax fraud Securities fraud Money laundering Consumer fraud Computer and Internet fraud Information is from the ACFE’s 2004 Report to the Nation on Occupational Fraud and Abuse and from the Fraud Examiner’s Manual, also published by the ACFE.

13 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart13 of 35 Economic Extortion The flip side of offering or receiving anything of value is demanding it as a condition of awarding business. This is termed “economic extortion.” A typical case involves a corrupt lending officer who demands a kickback in exchange for approving a loan. Conflicts of Interest A conflict of interest occurs when an employee, manager or executive of an organization has an undisclosed personal economic interest in a transaction that adversely affects the company or the shareholders’ interests. As with other types of corruption, these schemes involve the exertion of the insider’s influence to the detriment of the entity. Illegal Gratuities Illegal gratuities are similar to bribery schemes, except that something of value is given to reward a business decision, rather than influence it. For example, purchasing agents commonly are lavished with expensive vacations and other items when a vendor’s contract is approved.

14 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart14 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart14 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart THE FRAUD PROCESS Three types of occupational fraud: –Misappropriation of assets Involves theft, embezzlement, or misuse of company assets for personal gain. Examples include billing schemes, check tampering, skimming, and theft of inventory. In the 2004 Report to the Nation on Occupational Fraud and Abuse, 92.7% of occupational frauds involved asset misappropriation at a median cost of $93,000.

15 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart15 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart15 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart THE FRAUD PROCESS Three types of occupational fraud: –Misappropriation of assets –Corruption Corruption involves the wrongful use of a position, contrary to the responsibilities of that position, to procure a benefit. Examples include kickback schemes and conflict of interest schemes. About 30.1% of occupational frauds include corruption schemes at a median cost of $250,000.

16 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart16 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart16 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart a bribe is what you DO to GET something and a kickback is what you GIVE when you GOT something. "I bribed the cop with 50$ and he tore up my ticket" vs. "When the chief of police gave my company the contract, I sent him a kickback of a new laptop".

17 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart17 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart17 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart THE FRAUD PROCESS Three types of occupational fraud: –Misappropriation of assets –Corruption –Fraudulent statements Financial statement fraud involves misstating the financial condition of an entity by intentionally misstating amounts or disclosures in order to deceive users. Financial statements can be misstated as a result of intentional efforts to deceive or as a result of undetected asset misappropriations that are so large that they cause misstatement. About 7.9% of occupational frauds involve fraudulent statements at a median cost of $1 million. (The median pales in comparison to the maximum cost.)

18 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart18 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart18 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart THE FRAUD PROCESS Fraud perpetrators are often referred to as white-collar criminals. Researchers have compared the psychological and demographic characteristics of three groups of people: –White-collar criminals –Violent criminals –The general public They found: –Significant differences between violent and white-collar criminals. –Few differences between white-collar criminals and the general public.

19 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart19 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart19 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Criminologist Donald Cressey, interviewed 200+ convicted white-collar criminals in an attempt to determine the common threads in their crimes. As a result of his research, he determined that three factors were present in the commission of each crime. These three factors have come to be known as the fraud triangle. –Pressure –Opportunity –Rationalization

20 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart20 of 35 The “Fraud Triangle” Donald Cressey Pressure Opportunity Rationalization

21 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart21 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart21 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Pressure –Cressey referred to this pressure as a “perceived non-shareable need.” –The pressure could be related to finances, emotions, lifestyle, or some combination.

22 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart22 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart22 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY The most common pressures were: - Not being able to pay one’s debts, nor admit it to one’s employer, family, or friends (which makes it non-shareable). - Fear of loss of status because of a personal failure - Business reversals - Physical isolation - Status gaining - Difficulties in employer-employee relations

23 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart23 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart23 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY What’s important here is the perception of the pressure. –The millionaire who frets a lot about his financial condition is more likely to commit fraud than the guy who doesn’t have two dimes to rub together but isn’t worried about it.

24 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart24 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart24 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Financial statement fraud is distinct from other types of fraud in that the individuals who commit the fraud are not the direct beneficiaries. –The company is the direct beneficiary. –The perpetrators are typically indirect beneficiaries.

25 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart25 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart25 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY In the case of financial statement frauds, common pressures include: –To prop up earnings or stock price so that management can: Receive performance-related compensation. Preserve or improve personal wealth held in company stock or stock options. Keep their jobs. –To cover the inability to generate cash flow. –To obtain financing.

26 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart26 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart26 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart PRESSURES THAT LEAD TO EMPLOYEE FRAUD FINANCIAL Living beyond means High personal debt/expenses “Inadequate” salary/income Poor credit ratings Heavy financial losses Bad investments Tax avoidance Meet unreasonable quotas/goals EMOTIONAL Greed Unrecognized performance Job dissatisfaction Fear of losing job Power or control Pride or ambition Beating the system Frustration Non-conformity Envy, resentment Arrogance, dominance Non-rules oriented LIFESTYLE Support gambling habit Drug or alcohol addiction Support sexual relationships Family/peer pressure

27 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart27 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart27 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Opportunity is the opening or gateway that allows an individual to: –Commit the fraud –Conceal the fraud –Convert the proceeds

28 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart28 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart28 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Committing the fraud might involve acts such as: –Misappropriating assets. –Issuing deceptive financial statements. –Accepting a bribe in order to make an arrangement that is not in the company’s best interest.

29 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart29 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart29 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Concealing the fraud often takes more time and effort and leaves more evidence than the actual theft or misrepresentation. Examples of concealment efforts: –Charge a stolen asset to an expense account or to an account receivable that is about to be written off. –Create a ghost employee who receives an extra paycheck.

30 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart30 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart30 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Unless the target of the theft is cash, then the stolen goods must be converted to cash or some form that is beneficial to the perpetrator. –Non-cash assets can be sold (online auctions are a favorite forum).

31 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart31 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart31 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY There are many opportunities that enable fraud. Some of the most common are: –Lack of internal controls –Failure to enforce controls (the most prevalent reason) –Excessive trust in key employees –Incompetent supervisory personnel –Inattention to details –Inadequate staff

32 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart32 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart32 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 15-7 WHO COMMITS FRAUD AND WHY Management may allow fraud by: –Not getting involved in the design or enforcement of internal controls; –Inattention or carelessness; –Overriding controls; and/or –Using their power to compel subordinates to carry out the fraud.

33 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart33 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart33 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY How many people do you know who regard themselves as being unprincipled or sleazy? It is important to understand that fraudsters do not regard themselves as unprincipled. –In general, they regard themselves as highly principled individuals. –That view of themselves is important to them. –The only way they can commit their frauds and maintain their self image as principled individuals is to create rationalizations that recast their actions as “morally acceptable” behaviors.

34 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart34 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart34 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY These rationalizations take many forms, including: –I was just borrowing the money. –It wasn’t really hurting anyone. (Corporations are often seen as non-persons, therefore crimes against them are not hurting “anyone.”) –Everybody does it. –I’ve worked for them for 35 years and been underpaid all that time. I wasn’t stealing; I was only taking what was owed to me. –I didn’t take it for myself. I needed it to pay my child’s medical bills.

35 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart35 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart35 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Creators of worms and viruses often use rationalizations like: –The malicious code helped expose security flaws, so I did a good service. –It was an accident. –It was not my fault—just an experiment that went bad. –It was the user’s fault because they didn’t keep their security up to date. –If the code didn’t alter or delete any of their files, then what’s the problem?

36 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart36 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart36 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart WHO COMMITS FRAUD AND WHY Fraud occurs when: –People have perceived, non-shareable pressures; –The opportunity gateway is left open; and –They can rationalize their actions to reduce the moral impact in their minds (i.e., they have low integrity). Fraud is much less likely to occur when –There is low pressure, low opportunity, and high integrity. Unfortunately, there is usually a mixture of these forces in play, and it can be very difficult to determine the pressures that may apply to an individual and the rationalizations he/she may be able to produce.

37 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart37 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart37 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its: –Perpetration; –Investigation; or –Prosecution.

38 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart38 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart38 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD Computer fraud includes the following: –Unauthorized theft, use, access, modification, copying, and destruction of software or data. –Theft of money by altering computer records. –Theft of computer time. –Theft or destruction of computer hardware. –Use or the conspiracy to use computer resources to commit a felony. –Intent to illegally obtain information or tangible property through the use of computers.

39 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart39 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart39 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD In using a computer, fraud perpetrators can steal: –More of something –In less time –With less effort They may also leave very little evidence, which can make these crimes more difficult to detect.

40 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart40 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart40 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills. Hackers and computer fraud perps tend to be more motivated by: –Curiosity –A quest for knowledge –The desire to learn how things work –The challenge of beating the system

41 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart41 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart41 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD They may view their actions as a game rather than dishonest behavior. Another motivation may be to gain stature in the hacking community. Some see themselves as revolutionaries spreading a message of anarchy and freedom. But a growing number want to profit financially. To do so, they may sell data to: –Spammers –Organized crime –Other hackers –The intelligence community

42 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart42 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart42 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD Computer systems are particularly vulnerable to computer crimes for several reasons: –Company databases can be huge and access privileges can be difficult to create and enforce. Consequently, individuals can steal, destroy, or alter massive amounts of data in very little time. –Organizations often want employees, customers, suppliers, and others to have access to their system from inside the organization and without. This access also creates vulnerability. –Computer programs only need to be altered once, and they will operate that way until: The system is no longer in use; or Someone notices.

43 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart43 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart43 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD –Modern systems are accessed by PCs, which are inherently more vulnerable to security risks and difficult to control. It is hard to control physical access to each PC. PCs are portable, and if they are stolen, the data and access capabilities go with them. PCs tend to be located in user departments, where one person may perform multiple functions that should be segregated. PC users tend to be more oblivious to security concerns.

44 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart44 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart44 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD These frauds cost billions of dollars each year, and their frequency is increasing because: 1.Not everyone agrees on what constitutes computer fraud. Many don’t believe that taking an unlicensed copy of software is computer fraud. (It is and can result in prosecution.) Some don’t think it’s a crime to browse through someone else’s computer if their intentions aren’t malicious.

45 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart45 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart45 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD 2.Many computer frauds go undetected. 3.An estimated 80-90% of frauds that are uncovered are not reported because of fear of: Adverse publicity Copycats Loss of customer confidence. 4.There are a growing number of competent computer users, and they are aided by easier access to remote computers through the Internet and other data networks.

46 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart46 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart46 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart APPROACHES TO COMPUTER FRAUD 5.Some folks believe “it can’t happen to us.” 6.Many networks have a low level of security. 7.Instructions on how to perpetrate computer crimes and abuses are readily available on the Internet. 8.Law enforcement is unable to keep up with the growing number of frauds. 9.The total dollar value of losses is difficult to calculate.

47 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart47 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart47 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart COMPUTER FRAUD AND ABUSE TECHNIQUES  Perpetrators have devised many methods to commit computer fraud and abuse. These include:  Data diddling  Data leakage  Denial of service attacks  Eavesdropping  Email threats  Email forgery (aka, spoofing)  Hacking  Phreaking  Hijacking  Identity theft

48 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart48 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart48 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart COMPUTER FRAUD AND ABUSE TECHNIQUES  Perpetrators have devised many methods to commit computer fraud and abuse. These include:  Internet misinformation  Internet terrorism  Logic time bombs  Masquerading or impersonation  Packet sniffers  Password cracking  Phishing  Piggybacking  Round-down technique  Salami technique

49 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart49 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart49 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart COMPUTER FRAUD AND ABUSE TECHNIQUES  Example of a website produced for a phishing scam.

50 © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart50 of 35© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart50 of 48© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart COMPUTER FRAUD AND ABUSE TECHNIQUES  Perpetrators have devised many methods to commit computer fraud and abuse. These include:  Social engineering  Software piracy  Spamming  Spyware  Keystroke loggers  Trap doors  Trojan horse  War dialing  War driving  Virus  Worms

Download ppt "1 of 51 C © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart CHAPTER 5 Computer Fraud and Security."

Similar presentations

Fraud and Internal Control Presented by Andy Harper Pugh & Company, P.C. April 28, 2011.

Fraud and Internal Control Presented by Andy Harper Pugh & Company, P.C. April 28, 2011.
Criminal Justice 2011 Chapter 17: White-collar and Computer Crime Criminal Investigation The Art and the Science by Michael D. Lyman Copyright 2011.

Criminal Justice 2011 Chapter 17: White-collar and Computer Crime Criminal Investigation The Art and the Science by Michael D. Lyman Copyright 2011.
Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
Class Name, Instructor Name Date, Semester Criminal Justice 2011 Chapter 14: SPECIAL INVESTIGATIONS: Vice, White-Collar, Computer, and Hit-and-Run Crimes.

Class Name, Instructor Name Date, Semester Criminal Justice 2011 Chapter 14: SPECIAL INVESTIGATIONS: Vice, White-Collar, Computer, and Hit-and-Run Crimes.
Copyright © 2015 Pearson Education, Inc. Computer Fraud Chapter 5 5-1.

Copyright © 2015 Pearson Education, Inc. Computer Fraud Chapter
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
1 Fraud Prevention and Deterrence Pam Peters, CFE Office of Internal Audit.

1 Fraud Prevention and Deterrence Pam Peters, CFE Office of Internal Audit.
FRAUD: Risks and Prevention. Fraud: Risks and Prevention Implications of fraud What motivates one to commit fraud The importance of internal control Fraud.

FRAUD: Risks and Prevention. Fraud: Risks and Prevention Implications of fraud What motivates one to commit fraud The importance of internal control Fraud.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.

1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.
Chapter 11: Computer Crime, Fraud, Ethics, and Privacy

Chapter 11: Computer Crime, Fraud, Ethics, and Privacy
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 9-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 9-1 Accounting Information Systems 9 th Edition Marshall.
13-1. 13-2 13 Employee, Vendor, and Other Frauds against the Organization Other Frauds against the Organization McGraw-Hill/Irwin Copyright © 2012 by.

Employee, Vendor, and Other Frauds against the Organization Other Frauds against the Organization McGraw-Hill/Irwin Copyright © 2012 by.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT Fraud Against Organizations Chapter 15.

FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT Fraud Against Organizations Chapter 15.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

Similar presentations

Ads by Google