Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Chapter 17 PowerPoint - Houston Community College Learning Web

Fraud Examination, 4E
Chapter 17: Fraud
in E-Commerce
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Learning Objectives
 Understand e-commerce
fraud risk.
 Take measures to prevent
fraud in e-commerce.
 Detect e-business fraud.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
Pressures to Commit E-commerce Fraud
 Dramatic growth, which has created tremendous cash
flow needs.
 Merger or acquisition activity, which creates pressures
to “improve the reported financial results.”
 Borrowing or issuing stock, additional pressures to
“cook the books.”
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
 New products, which
require intensive and
expensive marketing and
for which an existing
market does not yet exist.
 Unproven or flawed
business models, with
tremendous cash flow
pressures.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
Opportunities to Commit E-commerce Fraud
 New and innovative technologies for which security
developments often lag transaction developments.
 Complex information systems that make installing
controls difficult.
 The transfer of large amounts of information, a factor
that poses theft and identity risks such as illegal
monitoring and unauthorized access.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
 Removal of personal contact, which allows for
easier impersonation or falsified identity.
 Lack of “brick-and-mortar” and other physical
facilities that facilitate falsifying Web sites and
business transactions.
 Inability to distinguish large and/or established
companies from new and/or smaller companies,
making it easy to deceive customers by falsifying
identity and/or business descriptions.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
 Electronic transfer of funds, allowing large frauds to be
committed more easily.
 Compromised privacy, which results in easier theft by
using stolen or falsified information.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
Rationalization to Commit E-commerce Fraud
 The perceived distance that decreases the personal
contact between customer and supplier.
 Transactions between anonymous or unknown buyers
and sellers—you can’t see who you are hurting.
 New economy thinking contends that traditional
methods of accounting no longer apply.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
Risks Inside an Organization
 Data theft
 Social engineering
 Sniffing
 Wartrapping
 Vandalism
 Employee laptops
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
E-commerce Fraud Risk
 Risks Outside an Organization
 Computer viruses
 Spyware
 Phishing
 Spoofing
 Falsified identity
 Database query (SQL) injections
 Bust-out
 E-mail and Web visits
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
 In e-business settings, reducing pressures and eliminating
rationalizations has thus far proved difficult.
 Security Through Obscurity
 Keeping security holes, encryption algorithms, and processes secret in an
effort to confuse attackers.
 Experience shows that obscurity only heightens the challenge to a hacker!
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
 One of the best ways to prevent fraud in an e-business
settings is to focus on reducing opportunities, usually
through the implementation of appropriate internal
controls.
 Internal controls involve five different elements:
(1) The control environment
(2) Risk assessment
(3) Control activities or procedures
(4) Information and communication
(5) Monitoring
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
The following are the most important components
of the control environment:
Integrity and Ethical Values
Board of Directors and Audit Committee
Participation
Management’s Philosophy and Operating Style
Human Resources Policies and Practices
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
Risk Assessment
 Identifies the risks of doing business with e-business
partners
 Focuses on the control environment of business
partners
 Identifies the risks involved in electronic exchange or
information and money
 Intrusion detection
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
Control Activities
 Adequate separation of duties
 Proper authorization of transactions and activities
 Adequate documents and records
 Physical control over assets and records
 Independent checks on performance
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
Adequate Separation of Duties
 Make sure individuals who authorize transactions are
different from those who actually execute them.
 Doing so prevents the most common fraud in
purchasing: kickbacks and bribery.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
Proper Authorization of Transactions and
Activities
 Passwords
 Firewalls
 Digital signatures and certificates
 Biometrics
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
Adequate Documents and Records
 Electronic Documents:
 sales invoices, purchase orders, subsidiary records,
sales journals, employee time cards, checks, etc.
 In e-commerce, additional controls must be put in
place.
 Encryption
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
Physical Control over Assets and Records
Three categories of controls protect:
 IT equipment
 Programs
 Data Files
Physical controls are used to protect computer
facilities.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
 Independent Checks on Performance
 Organizations should always conduct checks on their e-business partners
(Dun & Bradstreet reviews, full-fledged investigations)
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Preventing Fraud in
E-commerce
 Understand the management or business partners and
what motivates them.
Three items :
 Backgrounds
 Motivations
 Decision-making influence-must be examined.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Detecting E-commerce Fraud
Data-driven Fraud Detection
 Endeavor to understand the business or operations of
the organization
 Identify what frauds can occur in the operation
 Determine the symptoms that the most likely frauds
would generate
 Use databases and information systems to search for
those symptoms
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Detecting E-commerce Fraud
 Analyze the results
 Investigate the symptoms to determine if they are being
caused by actual fraud or by other factors
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Detecting E-commerce Fraud
 Technical Knowledge
and Experience
 It is extremely important for
fraud investigators who
specialize in e-commerce to
understand the tools and
methods that perpetrators
use.
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Detecting E-commerce Fraud
 Web-servers
 E-mail clients and servers
 Intrusion programs (nmap, Airsnort, Wireshark,
etc.)
 Unix
 Perl, Python, Ruby and Bash scripting languages
Albrecht, Albrecht, Albrecht, Zimbelman
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
Related documents
Calc 4.3 Homework Quiz
Calc 4.3 Homework Quiz
Introduction to Cost & Managerial Accounting
Introduction to Cost & Managerial Accounting
Aspects of Documentary Evidence Obtaining
Aspects of Documentary Evidence Obtaining
Chapter 3 - Organizational Culture
Chapter 3 - Organizational Culture
Chapter 1 TEST REVIEW World History
Chapter 1 TEST REVIEW World History
chapter 5.2 ppt. - Jasper City Schools
chapter 5.2 ppt. - Jasper City Schools
Download