- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
“I read about fraud all the time – hackers, online gangs, angry employees, etc.. It seems like it’s on the rise. Why is this so hard to detect and how can we prevent fraud in our organization?”
It is true that fraud is increasing, and it does seem that we read about incidents on an almost daily basis. This is a factor of the rise in the amount of sensitive information that is now online, an increased number of online applications that access this information, and the growing number of users who use online services for financial services. The result is more opportunity for fraud, with less effort, so it’s no surprise criminals have moved their activities online and that insider-led fraud is on the rise.
Let’s look at insider-led fraud first. Insider-led incidents involve a malicious employee or contractor who uses company systems to commit some form of fraud against the company itself. One of the motivations behind the Sarbanes-Oxley regulation was to ensure companies have the proper internal controls to prevent this type of fraud.
Everyone seems to use the example of an accounting clerk adding her brother-in-law as a new payee, then also cutting a payment to him and splitting the proceeds. This is a common example of a separation-of-duties control to prevent fraud, but there are plenty of others. Consider, for example, quote fraud in the insurance industry, where someone in the insurance company provides details to a rival firm so the rival can outbid and win a contract.
There are many variations on insider-led fraud, and these continue to grow as new applications and business processes come online. Separation of duties control monitoring, and privileged user data access monitoring are two common methods of detecting this type of fraud.
The other type of fraud we read about is led by external criminals against an organization’s customers. This type usually includes some form of account takeover to enter fraudulent transactions and drain the customer’s account.
Account takeover techniques might include phishing, smishing (phishing via SMS text messages) and vishing (phishing using VOIP services such as Skype). Each of these tricks the customer into divulging his account credentials which are then used to steal funds.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment