SlideShare una empresa de Scribd logo

Chapter 17 a fraud in e commerce Jen

Descargar como PPTX, PDF
V
VidaB
Tecnología
1 de 27
CHAPTER 17A – FRAUD IN E-COMMERCE Jennifer Lowes
E-Business ◦ Uses information technology and electronic communication networks to exchange business information and conduct paperless transactions. ◦ Includes virtual private networks and other specialised connections through which businesses routinely connect to one another. Albrecht, Albrecht, Albrecht & Zimbelman, 2012, p 602
Elements of Fraud Risk in E-Commerce Perceived Opportunity Perceived Pressures: • Dramatic growth leading to tremendous cash flow needs. • Pressure to improve financial results due to mergers/acquisitions. • Borrowing or issuing stock. • New products requiring expensive marketing. • Unproven or flawed business models with tremendous cash flow pressures.
Elements of Fraud Risk in E-Commerce Perceived Opportunity Perceived Opportunities: • Lag between transaction developments and security developments. • Complex information systems that make installing controls difficult. • Removal of personal contact – easier impersonation or falsified identity. • Electronic transfer of funds, allowing large frauds to be committed more easily. • Compromised privacy resulting in theft by using stolen or falsified information.
Elements of Fraud Risk in E-Commerce Perceived Opportunity Rationalisations: • Perceived distance that decreases the personal contact between customer and supplier. • Transactions between anonymous or unknown buyers and sellers – you can’t see who you are hurting. • New economy thinking contends that traditional methods of accounting no longer apply.
E-Commerce Risks Inside Organisations ◦ Easier to infiltrate systems, steal money and information and cause damage when perpetrators are within firewalls and security checks. ◦ Perpetrators with inside access know the control environment, understand security mechanisms, and find ways to bypass security. ◦ Most common problem: Abuse of power granted to users. ◦ I.e. programmers with superuser access – often removal of programmers’ access is overlooked when systems go into production.
Survey ◦ > 1/3 of network administrators admitted to snooping into HR records and custom databases. ◦ 88% of administrators would take sensitive data if they were fired. ◦ 33% would take company password lists.
Data Theft ◦ First concern of e-commerce fraud as data have many useful attributes: 1. Can be converted to cash fairly easily. 2. Information is replicable, allowing perpetrators to simply copy data rather than remove them, leaving the source data intact. 3. Can be transferred easily and quickly to any location. 4. Managers lack the technical expertise to prevent and detect data theft.
Passwords ◦ Password selection cannot be fully controlled, as it is left to the end user. ◦ Common passwords can relate to personal information, so perpetrators may be able to guess the passwords of their employees. ◦ Social engineering techniques are used by hackers to gain access to passwords. ◦ Hackers take information from blogs, Facebook walls and other social network sites and use this information to ask victims for “just a little more”.
Passwords ◦ Companies may require regular password changes to try to mitigate the risk of passwords being stolen. ◦ However many employees will merely add a sequential number to the end of their password. ◦ Companies and websites generally have certain password requirements such as minimum character length, upper case, symbol, number etc.
Passwords – How many do you have? University Bank Work login Email Google Microsoft Facebook Twitter Instagram Skype TradeMe Pinterest Online shops Blogs Online communities Phone login Utility companies YouTube
Need one of these? ◦ http://www.youtube.com/watch?v=Srh_TV_J144
Risk vs Convenience?
Sniffing ◦ Logging, filtering and viewing of information that passes along a network line. ◦ The most common method of gathering information from unencrypted communications. ◦ Easily done on most networks by hackers that run freely available applications. ◦ Organisations can use firewalls, spam filters and anti-virus programmes to prevent sniffing, however employee laptops, tablets and mobile phones can be at risk when on business trips and connecting to other networks.
Wartrapping ◦ Hackers go to places such as airports where business travellers are likely to be and set up internet access points through their laptop. ◦ The access point will appear to be legitimate i.e. Auckland Airport Free Wireless. ◦ Hackers then use sniffing techniques to find passwords and other data as the traveller browses the internet through the connection.
E-Commerce Risks Outside Organisations ◦ Internet provides a rich medium for external hackers to gain access to personal systems. ◦ Ability to hack from across international borders means that tracking and prosecuting hackers is difficult.
NZ Statistics: ◦ Year to 9th August 2013: ◦ 562 online frauds reported to NetSafe ◦ $4.4 million ◦ Netsafe’s Chief Executive estimates annual losses from internet fraud to be between $100m and $400m per year. ◦ In 2012, the Ministry of Business, Innovation & Employment reported 670 bank phishing and tax refund scams in NZ.
Spyware ◦ Installs monitoring software in addition to the regular that a user downloads or buys. ◦ Peer-to-peer music and video-sharing applications are the worst spyware offenders. ◦ Most spyware programs monitor user behaviours so that the company can make a profit selling the personal data they collect. ◦ More advanced spyware can copy financial or other sensitive data from internal directories and files and send it to external entities.
Phishing ◦ Phishing involves sending emails or pop up messages asking for personal information in inventive ways. ◦ Common method is to request victims to update account details by clicking on a link to a website which appears to be the company’s website. ◦ Common targets have been bank customers, TradeMe/ebay customers, even government departments such as IRD.
ANZ ◦ In July 2013, ANZ customers were targeted by a phishing scam. ◦ Phishers sent an email to ANZ customers which appeared to be from ANZ. ◦ It stated that customers must update their account information through the link or service would be suspended. ◦ The link took customers to a fake website which replicated the logos and formatting of ANZ. ◦ The phishers gained access to bank accounts when customers attempted to log in to the fake website. www.stuff.co.nz/technology/digital-living/8985900/Phishing-scam-targets-ANZ-log-in-details
Large Retail Company (Un-named) ◦ Major retail chain targeted by overseas cyber criminals in September 2013. ◦ Phishing attack attempted to convince store staff to install rogue software on their computers. ◦ Phishers called stores claiming to be a senior member of the company and directed employees to a fake website that was designed to look like the company’s official tech support site. ◦ No data was lost as the company’s IT staff noticed what was happening and managed to block access to the website and cleaning it up. ◦ “As soon as there’s real humans involved we as Kiwis are more vulnerable because we’re extremely trusting”. www.nzherald.co.nz/business/news/article.cfm?c_id=3&objected=11130882
Spoofing ◦ Changes the information in e-mail headers or IP addresses. ◦ Perpetrators hide their identities by simply changing the information in the header, thus allowing unauthorised access.
Falsified Identity ◦ Subtle differences in internet hose names often go unnoticed by internet users. ◦ I.e. “.com” “.org” “.nz” can be easily confused but lead to completely different websites. ◦ If two similar names are owned by two different entities, one site could mimic the other and trick users into thinking they are dealing with the original website.
“GoogleDirectory” ◦ NZ company with no links to Google, launched July 2013. ◦ Promotes itself as a new online marketing tool, offering special internet advertisement packages. ◦ Over 100,000 listings – some who were contacted by the NZHerald had no idea they were listed and had not paid. ◦ One customer was told Google was re-launching in NZ as GoogleDirectory. www.nzherald.co.nz/business/news/article.cfm?c_id=3&objected=11111728
Conclusion ◦ Fraud risks in e-commerce systems are significant. ◦ Many employees do not fully appreciate the risks and methodologies that online fraud perpetrators take. ◦ As auditors, it is important to be aware of the fraud risk in e-commerce and test internal controls to minimise the risk.

Recomendados

E commerce fraud
E commerce fraudE commerce fraud
E commerce fraud
miteshppt
 
Fraud in Ecommerce
Fraud in EcommerceFraud in Ecommerce
Fraud in Ecommerce
Martyn Sukys
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
mbachnak
 
Fraud forgery and scams powerpoint
Fraud forgery and scams powerpointFraud forgery and scams powerpoint
Fraud forgery and scams powerpoint
mortgagerateutah
 
7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting
Brown Smith Wallace
 
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
N F
 
Fraud & corruption
Fraud & corruptionFraud & corruption
Fraud & corruption
Daya Dayarayan Canada
 
Fraud risk management
Fraud risk managementFraud risk management
Fraud risk management
EMAC Consulting Group
 

Recomendados

E commerce fraud
E commerce fraudE commerce fraud
E commerce fraud
miteshppt
 
Fraud in Ecommerce
Fraud in EcommerceFraud in Ecommerce
Fraud in Ecommerce
Martyn Sukys
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
mbachnak
 
Fraud forgery and scams powerpoint
Fraud forgery and scams powerpointFraud forgery and scams powerpoint
Fraud forgery and scams powerpoint
mortgagerateutah
 
7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting
Brown Smith Wallace
 
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
N F
 
Fraud & corruption
Fraud & corruptionFraud & corruption
Fraud & corruption
Daya Dayarayan Canada
 
Fraud risk management
Fraud risk managementFraud risk management
Fraud risk management
EMAC Consulting Group
 
Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...
Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...
Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...
central university of rajasthan
 
Frauds and scams
Frauds and scamsFrauds and scams
Frauds and scams
Harold Stallard
 
Credit card frauds
Credit card fraudsCredit card frauds
Credit card frauds
Jeetendra Khilnani
 
Fraud Risk
Fraud RiskFraud Risk
Fraud Risk
F a h a d Z a f a r (Bradford MBA)
 
Fraud detection
Fraud detectionFraud detection
Fraud detection
International School of Engineering
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & control
Dominic Sroda Korkoryi
 
Who Commits Fraud
Who Commits Fraud Who Commits Fraud
Who Commits Fraud
Gelman, Rosenberg & Freedman CPAs
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
jagannath ojha
 
Fraud Prevention
Fraud PreventionFraud Prevention
Fraud Prevention
Gerald Johnson
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
Vasundhara Singh Gautam
 
Fraud Investigation
Fraud InvestigationFraud Investigation
Fraud Investigation
Salih Islam
 
Fraud prevention detection control fuh 12
Fraud prevention detection control fuh 12Fraud prevention detection control fuh 12
Fraud prevention detection control fuh 12
Fuh George Cheo
 
10 Ways To Prevent Internet Fraud
10 Ways To Prevent Internet Fraud10 Ways To Prevent Internet Fraud
10 Ways To Prevent Internet Fraud
Goose & Gander
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
Network Intelligence India
 
Chapter 1 the nature of fraud
Chapter 1 the nature of fraudChapter 1 the nature of fraud
Chapter 1 the nature of fraud
VidaB
 
Fraud Risk and Control
Fraud Risk and ControlFraud Risk and Control
Fraud Risk and Control
WeaverCPAs
 
Fraud Analytics
Fraud AnalyticsFraud Analytics
Fraud Analytics
Big Data Colombia
 
Employee Fraud Prevention and Remedies
Employee Fraud Prevention and RemediesEmployee Fraud Prevention and Remedies
Employee Fraud Prevention and Remedies
SSDlaw
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
Elijah Ezendu
 
Fraud embezzlement
Fraud embezzlementFraud embezzlement
Fraud embezzlement
Ferdousa Khanam
 
E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
blogzilla
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt
shaks9151
 

Más contenido relacionado

La actualidad más candente

Chapter 1 the nature of fraud
Chapter 1 the nature of fraudChapter 1 the nature of fraud
Chapter 1 the nature of fraud
VidaB
 
Fraud Analytics
Fraud AnalyticsFraud Analytics
Fraud Analytics
Big Data Colombia
 

La actualidad más candente (20)

Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...
Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...
Causes, Effects and Management of Fraud: A Study with reference to Indian Ban...
 
Frauds and scams
Frauds and scamsFrauds and scams
Frauds and scams
 
Credit card frauds
Credit card fraudsCredit card frauds
Credit card frauds
 
Fraud Risk
Fraud RiskFraud Risk
Fraud Risk
 
Fraud detection
Fraud detectionFraud detection
Fraud detection
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & control
 
Who Commits Fraud
Who Commits Fraud Who Commits Fraud
Who Commits Fraud
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
 
Fraud Prevention
Fraud PreventionFraud Prevention
Fraud Prevention
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Fraud Investigation
Fraud InvestigationFraud Investigation
Fraud Investigation
 
Fraud prevention detection control fuh 12
Fraud prevention detection control fuh 12Fraud prevention detection control fuh 12
Fraud prevention detection control fuh 12
 
10 Ways To Prevent Internet Fraud
10 Ways To Prevent Internet Fraud10 Ways To Prevent Internet Fraud
10 Ways To Prevent Internet Fraud
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Chapter 1 the nature of fraud
Chapter 1 the nature of fraudChapter 1 the nature of fraud
Chapter 1 the nature of fraud
 
Fraud Risk and Control
Fraud Risk and ControlFraud Risk and Control
Fraud Risk and Control
 
Fraud Analytics
Fraud AnalyticsFraud Analytics
Fraud Analytics
 
Employee Fraud Prevention and Remedies
Employee Fraud Prevention and RemediesEmployee Fraud Prevention and Remedies
Employee Fraud Prevention and Remedies
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Fraud embezzlement
Fraud embezzlementFraud embezzlement
Fraud embezzlement
 

Destacado

10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt
shaks9151
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
Vishal Singh
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
m8817
 

Destacado (14)

E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt
 
Cyber fraud a threat to E commerce
Cyber fraud a threat to E commerceCyber fraud a threat to E commerce
Cyber fraud a threat to E commerce
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Mobile commerce
Mobile commerceMobile commerce
Mobile commerce
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protection
 
Transmission modes
Transmission modesTransmission modes
Transmission modes
 
Transmission modes
Transmission modesTransmission modes
Transmission modes
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
RSA E-Commerce Fraud Trends 2013
RSA E-Commerce Fraud Trends 2013RSA E-Commerce Fraud Trends 2013
RSA E-Commerce Fraud Trends 2013
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAudit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, Auditing
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 

Similar a Chapter 17 a fraud in e commerce Jen

Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
Imran Khan
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
Ben Graybar
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
Cyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsCyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools Tactics
Ben Graybar
 

Similar a Chapter 17 a fraud in e commerce Jen (20)

Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
security threats.pptx
security threats.pptxsecurity threats.pptx
security threats.pptx
 
Cyber security best practices power point presentation
Cyber security best practices power point presentationCyber security best practices power point presentation
Cyber security best practices power point presentation
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptx
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Information security
Information securityInformation security
Information security
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Cyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsCyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools Tactics
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 

Más de VidaB

E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
VidaB
 
Chapter 16 bankruptcy, divorce and tax fraud by Emma
Chapter 16 bankruptcy, divorce and tax fraud by EmmaChapter 16 bankruptcy, divorce and tax fraud by Emma
Chapter 16 bankruptcy, divorce and tax fraud by Emma
VidaB
 
Chapter 16 B Artika
Chapter 16 B ArtikaChapter 16 B Artika
Chapter 16 B Artika
VidaB
 
Chapter 15Consumer Fraud by Rachel
Chapter 15Consumer Fraud by RachelChapter 15Consumer Fraud by Rachel
Chapter 15Consumer Fraud by Rachel
VidaB
 
Chapter 14 by Svetlana
Chapter 14 by SvetlanaChapter 14 by Svetlana
Chapter 14 by Svetlana
VidaB
 
Chapter 13 Inadequate disclosures
Chapter 13 Inadequate disclosuresChapter 13 Inadequate disclosures
Chapter 13 Inadequate disclosures
VidaB
 
Chapter 12 B: Revenue And Inventory Fraud
Chapter 12 B: Revenue And Inventory FraudChapter 12 B: Revenue And Inventory Fraud
Chapter 12 B: Revenue And Inventory Fraud
VidaB
 
Chapter 12:Revenue and Inventory Fraud by J Hachet
Chapter 12:Revenue and Inventory Fraud by J Hachet Chapter 12:Revenue and Inventory Fraud by J Hachet
Chapter 12:Revenue and Inventory Fraud by J Hachet
VidaB
 
Chapter 11 b :Financial Statement fraud
Chapter 11 b :Financial Statement fraud Chapter 11 b :Financial Statement fraud
Chapter 11 b :Financial Statement fraud
VidaB
 
Chapter 11 a:Financial statement fraud
Chapter 11 a:Financial statement fraud Chapter 11 a:Financial statement fraud
Chapter 11 a:Financial statement fraud
VidaB
 
Conversion investigation methods
Conversion investigation methodsConversion investigation methods
Conversion investigation methods
VidaB
 
Conversion investigation methods
Conversion investigation methodsConversion investigation methods
Conversion investigation methods
VidaB
 
Chapter 8 investigating concealment david shen
Chapter 8 investigating concealment david shen Chapter 8 investigating concealment david shen
Chapter 8 investigating concealment david shen
VidaB
 
Chapter 5:Recognizing the symptoms of fraud
Chapter 5:Recognizing the symptoms of fraudChapter 5:Recognizing the symptoms of fraud
Chapter 5:Recognizing the symptoms of fraud
VidaB
 
Chapter 3: Fighting Fraud
Chapter 3: Fighting Fraud Chapter 3: Fighting Fraud
Chapter 3: Fighting Fraud
VidaB
 
Week 1 audit and assurance services
Week 1 audit and assurance servicesWeek 1 audit and assurance services
Week 1 audit and assurance services
VidaB
 

Más de VidaB (16)

E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
 
Chapter 16 bankruptcy, divorce and tax fraud by Emma
Chapter 16 bankruptcy, divorce and tax fraud by EmmaChapter 16 bankruptcy, divorce and tax fraud by Emma
Chapter 16 bankruptcy, divorce and tax fraud by Emma
 
Chapter 16 B Artika
Chapter 16 B ArtikaChapter 16 B Artika
Chapter 16 B Artika
 
Chapter 15Consumer Fraud by Rachel
Chapter 15Consumer Fraud by RachelChapter 15Consumer Fraud by Rachel
Chapter 15Consumer Fraud by Rachel
 
Chapter 14 by Svetlana
Chapter 14 by SvetlanaChapter 14 by Svetlana
Chapter 14 by Svetlana
 
Chapter 13 Inadequate disclosures
Chapter 13 Inadequate disclosuresChapter 13 Inadequate disclosures
Chapter 13 Inadequate disclosures
 
Chapter 12 B: Revenue And Inventory Fraud
Chapter 12 B: Revenue And Inventory FraudChapter 12 B: Revenue And Inventory Fraud
Chapter 12 B: Revenue And Inventory Fraud
 
Chapter 12:Revenue and Inventory Fraud by J Hachet
Chapter 12:Revenue and Inventory Fraud by J Hachet Chapter 12:Revenue and Inventory Fraud by J Hachet
Chapter 12:Revenue and Inventory Fraud by J Hachet
 
Chapter 11 b :Financial Statement fraud
Chapter 11 b :Financial Statement fraud Chapter 11 b :Financial Statement fraud
Chapter 11 b :Financial Statement fraud
 
Chapter 11 a:Financial statement fraud
Chapter 11 a:Financial statement fraud Chapter 11 a:Financial statement fraud
Chapter 11 a:Financial statement fraud
 
Conversion investigation methods
Conversion investigation methodsConversion investigation methods
Conversion investigation methods
 
Conversion investigation methods
Conversion investigation methodsConversion investigation methods
Conversion investigation methods
 
Chapter 8 investigating concealment david shen
Chapter 8 investigating concealment david shen Chapter 8 investigating concealment david shen
Chapter 8 investigating concealment david shen
 
Chapter 5:Recognizing the symptoms of fraud
Chapter 5:Recognizing the symptoms of fraudChapter 5:Recognizing the symptoms of fraud
Chapter 5:Recognizing the symptoms of fraud
 
Chapter 3: Fighting Fraud
Chapter 3: Fighting Fraud Chapter 3: Fighting Fraud
Chapter 3: Fighting Fraud
 
Week 1 audit and assurance services
Week 1 audit and assurance servicesWeek 1 audit and assurance services
Week 1 audit and assurance services
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Chapter 17 a fraud in e commerce Jen

  • 1. CHAPTER 17A – FRAUD IN E-COMMERCE Jennifer Lowes
  • 2. E-Business ◦ Uses information technology and electronic communication networks to exchange business information and conduct paperless transactions. ◦ Includes virtual private networks and other specialised connections through which businesses routinely connect to one another. Albrecht, Albrecht, Albrecht & Zimbelman, 2012, p 602
  • 3. Elements of Fraud Risk in E-Commerce Perceived Opportunity Perceived Pressures: • Dramatic growth leading to tremendous cash flow needs. • Pressure to improve financial results due to mergers/acquisitions. • Borrowing or issuing stock. • New products requiring expensive marketing. • Unproven or flawed business models with tremendous cash flow pressures.
  • 4. Elements of Fraud Risk in E-Commerce Perceived Opportunity Perceived Opportunities: • Lag between transaction developments and security developments. • Complex information systems that make installing controls difficult. • Removal of personal contact – easier impersonation or falsified identity. • Electronic transfer of funds, allowing large frauds to be committed more easily. • Compromised privacy resulting in theft by using stolen or falsified information.
  • 5. Elements of Fraud Risk in E-Commerce Perceived Opportunity Rationalisations: • Perceived distance that decreases the personal contact between customer and supplier. • Transactions between anonymous or unknown buyers and sellers – you can’t see who you are hurting. • New economy thinking contends that traditional methods of accounting no longer apply.
  • 6. E-Commerce Risks Inside Organisations ◦ Easier to infiltrate systems, steal money and information and cause damage when perpetrators are within firewalls and security checks. ◦ Perpetrators with inside access know the control environment, understand security mechanisms, and find ways to bypass security. ◦ Most common problem: Abuse of power granted to users. ◦ I.e. programmers with superuser access – often removal of programmers’ access is overlooked when systems go into production.
  • 7. Survey ◦ > 1/3 of network administrators admitted to snooping into HR records and custom databases. ◦ 88% of administrators would take sensitive data if they were fired. ◦ 33% would take company password lists.
  • 8. Data Theft ◦ First concern of e-commerce fraud as data have many useful attributes: 1. Can be converted to cash fairly easily. 2. Information is replicable, allowing perpetrators to simply copy data rather than remove them, leaving the source data intact. 3. Can be transferred easily and quickly to any location. 4. Managers lack the technical expertise to prevent and detect data theft.
  • 9. Passwords ◦ Password selection cannot be fully controlled, as it is left to the end user. ◦ Common passwords can relate to personal information, so perpetrators may be able to guess the passwords of their employees. ◦ Social engineering techniques are used by hackers to gain access to passwords. ◦ Hackers take information from blogs, Facebook walls and other social network sites and use this information to ask victims for “just a little more”.
  • 10. Passwords ◦ Companies may require regular password changes to try to mitigate the risk of passwords being stolen. ◦ However many employees will merely add a sequential number to the end of their password. ◦ Companies and websites generally have certain password requirements such as minimum character length, upper case, symbol, number etc.
  • 11. Passwords – How many do you have? University Bank Work login Email Google Microsoft Facebook Twitter Instagram Skype TradeMe Pinterest Online shops Blogs Online communities Phone login Utility companies YouTube
  • 12. Need one of these? ◦ http://www.youtube.com/watch?v=Srh_TV_J144
  • 14.
  • 15. Sniffing ◦ Logging, filtering and viewing of information that passes along a network line. ◦ The most common method of gathering information from unencrypted communications. ◦ Easily done on most networks by hackers that run freely available applications. ◦ Organisations can use firewalls, spam filters and anti-virus programmes to prevent sniffing, however employee laptops, tablets and mobile phones can be at risk when on business trips and connecting to other networks.
  • 16. Wartrapping ◦ Hackers go to places such as airports where business travellers are likely to be and set up internet access points through their laptop. ◦ The access point will appear to be legitimate i.e. Auckland Airport Free Wireless. ◦ Hackers then use sniffing techniques to find passwords and other data as the traveller browses the internet through the connection.
  • 17. E-Commerce Risks Outside Organisations ◦ Internet provides a rich medium for external hackers to gain access to personal systems. ◦ Ability to hack from across international borders means that tracking and prosecuting hackers is difficult.
  • 18. NZ Statistics: ◦ Year to 9th August 2013: ◦ 562 online frauds reported to NetSafe ◦ $4.4 million ◦ Netsafe’s Chief Executive estimates annual losses from internet fraud to be between $100m and $400m per year. ◦ In 2012, the Ministry of Business, Innovation & Employment reported 670 bank phishing and tax refund scams in NZ.
  • 19. Spyware ◦ Installs monitoring software in addition to the regular that a user downloads or buys. ◦ Peer-to-peer music and video-sharing applications are the worst spyware offenders. ◦ Most spyware programs monitor user behaviours so that the company can make a profit selling the personal data they collect. ◦ More advanced spyware can copy financial or other sensitive data from internal directories and files and send it to external entities.
  • 20. Phishing ◦ Phishing involves sending emails or pop up messages asking for personal information in inventive ways. ◦ Common method is to request victims to update account details by clicking on a link to a website which appears to be the company’s website. ◦ Common targets have been bank customers, TradeMe/ebay customers, even government departments such as IRD.
  • 21. ANZ ◦ In July 2013, ANZ customers were targeted by a phishing scam. ◦ Phishers sent an email to ANZ customers which appeared to be from ANZ. ◦ It stated that customers must update their account information through the link or service would be suspended. ◦ The link took customers to a fake website which replicated the logos and formatting of ANZ. ◦ The phishers gained access to bank accounts when customers attempted to log in to the fake website. www.stuff.co.nz/technology/digital-living/8985900/Phishing-scam-targets-ANZ-log-in-details
  • 22. Large Retail Company (Un-named) ◦ Major retail chain targeted by overseas cyber criminals in September 2013. ◦ Phishing attack attempted to convince store staff to install rogue software on their computers. ◦ Phishers called stores claiming to be a senior member of the company and directed employees to a fake website that was designed to look like the company’s official tech support site. ◦ No data was lost as the company’s IT staff noticed what was happening and managed to block access to the website and cleaning it up. ◦ “As soon as there’s real humans involved we as Kiwis are more vulnerable because we’re extremely trusting”. www.nzherald.co.nz/business/news/article.cfm?c_id=3&objected=11130882
  • 23. Spoofing ◦ Changes the information in e-mail headers or IP addresses. ◦ Perpetrators hide their identities by simply changing the information in the header, thus allowing unauthorised access.
  • 24.
  • 25. Falsified Identity ◦ Subtle differences in internet hose names often go unnoticed by internet users. ◦ I.e. “.com” “.org” “.nz” can be easily confused but lead to completely different websites. ◦ If two similar names are owned by two different entities, one site could mimic the other and trick users into thinking they are dealing with the original website.
  • 26. “GoogleDirectory” ◦ NZ company with no links to Google, launched July 2013. ◦ Promotes itself as a new online marketing tool, offering special internet advertisement packages. ◦ Over 100,000 listings – some who were contacted by the NZHerald had no idea they were listed and had not paid. ◦ One customer was told Google was re-launching in NZ as GoogleDirectory. www.nzherald.co.nz/business/news/article.cfm?c_id=3&objected=11111728
  • 27. Conclusion ◦ Fraud risks in e-commerce systems are significant. ◦ Many employees do not fully appreciate the risks and methodologies that online fraud perpetrators take. ◦ As auditors, it is important to be aware of the fraud risk in e-commerce and test internal controls to minimise the risk.

Notas del editor

  1. Can anyone think of any perceived opportunities to commit e-commerce fraud?
  2. Can anyone think of any rationalisations of e-commerce fraud?
  3. The textbook discusses some surveys in which more than a third of network administrators admitted to snooping into HR records and custom databases, 88% of administrators would take sensitive data if they were fired and 33% said they would take company password lists. This obviously makes it important not to use the same password for work accounts as you do for personal accounts.
  4. Some websites allow customers to log in using Facebook. This makes it easier for customers to log in and not have to remember additional passwords, however it can be quite risky as if your Facebook page gets hacked they may have the ability to log in to other websites using facebook connect. How many people leave Facebook logged in on their phones or computers? What happens if your phone gets stolen? Instant access to any website which uses facebook connect.
  5. Grabone on the left, gives you the option to remember credit card details. Treatme, on the right doesn’t have an option. I used Treatme to buy something a few weeks ago and saw that it had stored my credit card details from a previous purchase made months earlier. I couldn’t believe I would have been so stupid to save the details so looked into it and found it doesn’t give you the option.If someone obtained your Facebook password, they could use the Facebook connect function to log in to different websites, and if your credit card details are stored, make multiple purchases.
  6. We will now look at e-commerce risks outside the organisation. The internet provides a rich medium for external hackers to gain access to personal systems. The ability to hack from across international borders means that tracking and prosecuting hackers is difficult.
  7. In the year to 9th August, there were 562 online frauds reported to NetSafe which totalled $4.4 million.However, Netsafe’s Chief Executive estimates annual losses from internet fraud to be between $100m and $400m per year.In 2012, the Ministry of Business, Innovation & Employment reported 670 bank phishing and tax refund scams in NZ.
  8. Last month, a major NZ retail chain was targeted by overseas cyber criminals. A phishing attack attempted to convince store staff to install rogue software on their computers.The phishers called stores claiming to be a senior member of the company and directed employees to a fake website that was designed to look like the company’s official tech support site. In this case, no data was lost as it was picked up by IT staff quickly and they were able to block access to the website and clean up the computers.There was a quote from Andy Prow, managing director of Aura Information Security, who said “As soon as there’s real humans involved we as Kiwis are more vulnerable because we’re extremely trusting”.What do you think NZ companies can do to prevent such phishing scams?Need to ensure there is a clear process to follow when phone calls or emails are received claiming to be from a senior employee. For example, returning phone calls to the IT department for confirmation. Also need a clear chain of command so that junior store employees understand they are not to download anything.
  9. This is an email I received a few weeks ago. I had actually just bought a new computer and Office software, which includes Outlook so I wasn’t initially suspicious when I saw it in my inbox. It was when I opened it and looked at the address it came from and who it was sent to that made me realise it probably wasn’t legitimate. The sender’s email address is infotechmsn@naver.com. Naver is actually a South Korean search engine. The email also isn’t addressed to my email, but to customer care at Hotmail.co.uk.The fact that such an email wasn’t picked up as spam when it was sent to a Hotmail address, which uses Outlook, is worrying and it would be easy for people to assume it was a legitimate email and click the link.
  10. Customers were reported as saying that they thought it was strange that when they Googled GoogleDirectory nothing came up. They had to type in the URL address to access the website. Now when you search for the company on Google the first hit is to the Dodgy Business website and the remaining hits all point to the company being a scam. You can see from the picture that the font is identical to Google’s and “directory” is in smaller text underneath.