1. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Fraud Examination Chapter 17 Fraud in E-Commerce

2. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. To the Student  E-commerce fraud is one of the most significant problems in business today. As you read this chapter, consider the skills required for e- commerce fraud detection and investigation. Many students find it an exciting field to specialize in because of its highly technical nature and its need for the modern application of fraud principles. It is one way you can specialize and differentiate from other fraud examiners.  Use this chapter as a high-level overview of this type of work and as a starting point to more in-depth books.

3. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Learning Objectives  Understand e-commerce fraud risk.  Take measures to prevent fraud in e-commerce.  Detect e-business fraud.

4. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. E-commerce Fraud Risk Pressures to Commit E-commerce Fraud  Dramatic growth, which has created tremendous cash flow needs.  Merger or acquisition activity, which creates pressures to “improve the reported financial results.”  Borrowing or issuing stock, additional pressures to “cook the books.”

5. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. E-commerce Fraud Risk Opportunities to Commit E-commerce Fraud  New and innovative technologies for which security developments often lag transaction developments.  Complex information systems that make installing controls difficult.  The transfer of large amounts of information, a factor that poses theft and identity risks such as illegal monitoring and unauthorized access.

6. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. E-commerce Fraud Risk Rationalization to Commit E-commerce Fraud  The perceived distance that decreases the personal contact between customer and supplier.  Transactions between anonymous or unknown buyers and sellers—you can’t see who you are hurting.  New economy thinking contends that traditional methods of accounting no longer apply.

7. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. E-commerce Fraud Risk  Risks Inside an Organization  Data theft  Social engineering  Sniffing  Wartrapping  Vandalism  Employee laptops

8. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. E-commerce Fraud Risk  Risks Outside an Organization  Computer viruses  Spyware  Phishing  Spoofing  Falsified identity  Database query (SQL) injections  Bust-out  E-mail and Web visits

9. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Preventing Fraud in E-commerce Security Through Obscurity Keeping security holes, encryption algorithms, and processes secret in an effort to confuse attackers. Appealing, yet ineffective…only heightens the challenge to a hacker! Rather than take chances with security through obscurity, employ robust, time-tested security methods

10. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Detecting E-commerce Fraud Data-driven Fraud Detection 1.Endeavor to understand the business or operations of the organization 2.Identify what frauds can occur in the operation 3.Determine the symptoms that the most likely frauds would generate 4.Use databases and information systems to search for those symptoms

11. Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Detecting E-commerce Fraud Data-driven Fraud Detection (continued) 5.Analyze the results 6.Investigate the symptoms to determine if they are being caused by actual fraud or by other factors