UiPath Community: Communication Mining from Zero to Hero
E commerce fraud chapter 17 B Ahmed
1.
2. - Understand what measures should be taken to
prevent fraud in e-commerce.
- Understand How to detect E-Business Fraud
3. - Preventing E-C fraud involves reducing
or eliminating the elements that
motivate fraud.
- Detecting E-C fraud needs more
computer expertise
4. 1. Security Through Obscurity
2. the control environment
3. risk assessment
4. control activities or Procedures
5. information and communication
6. monitoring
5. 1. Security Through Obscurity
Keeping security holes, encryption algorithms,
and processes secret in an effort to confuse
attackers.
6. » The key to the front door is stashed under a
rock nearby, or under the welcome mat.
» It is right out in the open for the hackers to
grab, but mostly he won't be able to find it
without huge efforts of searching.
7. 2. The Control Environment
The components of the control environment
Integrity and Ethical Values
Board of Directors and Audit Committee Participation
Management’s Philosophy and Operating Style
Human Resources Policies and Practices
8. tone at the top
A repeated commitment from corporate
leadership throughout the company to emphasize
the importance to the company of compliance
and ethical conduct, which is embraced and
integrated into every level of business operations.
Michael Volkov, Kreller Group, September 2012
9. 3. Risk Assessment
» Risk assessment identifies the risks of doing
business with e-business partners.
Focus on
- the control environment of those organizations
&
- The electronic exchange of information
and money.
10. Procedures that counter the risk of
data theft
Sniffing
unauthorized access to passwords
falsified identity
Spoofing
customer impersonation
false Web sites
e-mail or Web site hijacking
11. 4. Control Activities
» control activities generally fall into the following
five types:
A. Adequate separation of duties.
B. Proper authorization of transactions and activities.
C. Adequate documents and records.
D. Physical control over assets and records.
E. Independent checks on performance.
12. What control is useful for each example?
1.Employees forget or fail to follow procedures, or
become careless.
2. locks on doors, 24-hour monitoring and safe
storage space are examples of …..
3. sales invoices, purchase orders, employee time
cards in hard-copy and electronic form.
4. servers and computers access.
5. kickbacks and bribery, when one individual
becomes too close to suppliers or customers.
13. Video
» Proper authorization of transactions and
activities.
Biometrics as an example.
https://www.youtube.com/watch?v=eZTfgNIiNUA
14. Remember. Chapter 6
Steps to proactive fraud examination:
1. Endeavour to understand the business or operation of the
organization.
2. Identify what frauds can occur in the operation.
3. Determine the symptoms that the most likely frauds would
generate.
4. Use databases and information systems to search for those
5. analyse the results, and investigate the symptoms to determine if
they are being caused by actual fraud or by other factors.
15. » Use technology to catch technology fraud.
- fraud investigators who specialize in e-
commerce should understand the tools and
methods that perpetrators use.
As
- hacker tools could be use in troubleshoot
networks and catch perpetrators rather than to
hack into systems.
16. » What skills are required to detect and
investigate e-business fraud?
1. Web servers
2. E-mail clients and servers
3. intrusion programs like Nmap, Airsnort, and
Wire shark
17. What other skills are required to detect and
investigate e-business fraud?
18. Challenge
» e-business transactions make fraud easier to
commit. (Access everywhere and every time)
Opportunity
» they also make it much easier and faster to
detect. (electronic databases to analyse)
Focus On
more computer expertise
19. Security through obscurity should be supported
by other tools.
Standards based systems like VPNs, firewalls,
public and private, and other means should be
employed and monitored at all times.
Regular audits of user behaviour on the system
should be done.
Employees need to be trained on e-commerce
fraud.