NowtAdminCase Studiesmodule1Module2Module3Module4Module5Module6Glossary

  
nowtKnowledge,Data,informationValue of InformationControl of informationLimits of InformationSocial ImpactCommunicationsProfessionalsCrimeThe LawHealth and Safetynowt
endMalpracticefraudtheftpriacyhackingblue publishingvirus life cycleviruses or nottypes of virushoaxesquizquestionsend
 

Fraud

Computers are responsible for managing money, stock and other valuable resources. Employees working with the computer may spot weaknesses that allow them to commit fraud. They could, for example, divert stock to a point where they could collect and sell it. They could add items to customer accounts but instruct the system to accept the correct amount while diverting the balance to their own account. With less finesse they could simply instruct the computer to pay money into a foreign bank in their name and then flee the country.

The scale of computer operations and their automatic nature makes some frauds both possible and worthwhile. Instructing the computer to round bank interest payments down instead of up will produce, at best 0.5p per customer. Customers will not notice such a small amount missing from their interest payment but the net gain for the fraudster could be œ10000 on 2 million accounts. This sum would be generated every time interest was calculated.

The type of person likely to commit a computer related fraud is likely to be a trusted employee who has discovered a loophole in the system. Over the centuries methods of auditing and checking have been developed to detect and prevent fraud in paper-based systems. When computers were first introduced, many of these preventative methods were not carried through into the new electronic systems. Unscrupulous employees were therefore able to device methods to defraud their employer.

Preventing such fraud involves a variety of methods which include:

  • Ensuring that each transaction leaves an audit trail from start to end. The audit trail will consist of both paper documentation and an audit log compiled and maintained by the system. This allows an auditor to follow transactions, ensuring that they have been properly dealt with at each stage and that no unauthorised alterations have been made.
  • Separating the various stages involved in processing a transaction so that no single person is responsible for all of them. This makes it harder for a single individual to corrupt the system.
  • Restricting access to the system so that employees have only the type of access (read/write/change) needed for the tasks that they are responsible for.
  • Install software to look for and report odd or peculiar transactions.

 

   

© LEV