Computer-assisted fraud almost seems exciting. It pits the clever computer wizard against the big, established computer-run company. In fact, this sense of adventure does attract some people to this form of crime. Computer-assisted fraud is a crime — no different than embezzlement and in some ways a more serious threat to the assets of the company and to the privacy of its workers, suppliers and customers.

Types of High Tech Crime

Computer Component Theft: Major methods of component theft are burglary and robbery at manufacturing sites, storage facilities and retail stores. Other methods include cargo theft, employee theft and fraud. Most of the component theft is committed by highly organized gangs that move equipment rapidly throughout the country by selling stolen goods up to a dozen times before shipping them out of the country to waiting "gray" markets overseas.

Telecommunications Fraud: The theft of long distance telephone service, toll fraud, is accomplished by various means from high-tech methods, such as hacking into company PBX telephone systems to low-tech schemes, such as looking over the shoulder of callers using public phones to steal access numbers and PINs.

Cloning: The process of programming one cellular phone to match the electronic serial number and mobile ID number of a legitimate phone is called cloning. The cloned phone then can incur charges on the legitimate account.

Subscription Fraud: Usually accomplished after identity theft, this stolen information is used to pose as someone else and set up credit-based accounts that may be used for 90 days before detection.

Theft of Proprietary Information: Stolen information still is the fastest way to develop new products.

Computer Intrusion: Hackers break into business and government computers to commit fraud, to destroy or alter records or simply to create havoc. Hacking is so complex and sophisticated that only specially trained investigators understand what is happening and their evidence collection and investigation methods are much different than for traditional crimes.

Counterfeiting: Scanners, color printers and other photographic types of equipment have become so affordable that criminals can create excellent copies of checks, false identifications, and currency.

Software Piracy: Although the federal copyright acts and laws offer protection against copyright infringement, piracy continues to grow at alarming rates. In North America, one of every four major software applications are pirated.

One of the major difficulties of investigating computer crime is the transjurisdictional nature of high-tech crime. Crimes committed via the Internet happen virtually anywhere in the world. Another important factor is the small size and high value of computer components. Lack of crime reports to law enforcement is another stumbling block to detection because most companies are reluctant to let large thefts (either hardware or software) become public knowledge. They also don't want to advertise their vulnerability to other criminals, and they have a lack of confidence in law enforcement's ability to respond.

Security Precautions

Most of the keys to preventing computer crime are similar to other safeguards against embezzlement. Here are a few more:

Documentation
Document procedures in writing for systems development, maintenance and security. Test the procedures and update the documentation regularly.

Physical Security
Secure data processing facilities by using locks, security guards, badges, access cards, electronic controls, access codes and passwords. Secure remote terminals, personal computers and communications lines, especially those connected to networks.

Security Policies
Communicate clear company policies to all employees for data access, security standards, security codes and security violations. Periodically revise security codes and immediately delete codes of terminated employees.

Restricted Access
Limit who has access to system files and documentation, and track access with user logs. Control and monitor access to confidential data. Incorporate features in systems to identify repeated attempts to gain access. Log-off users after periods of inactivity.
 
Back-up
Regularly back up software and data files so that data can be recovered when lost, damaged, contaminated or altered, intentionally or unintentionally.

Rejected Transactions
Correct rejected transactions on a timely basis to limit the exposure to transactions circumventing normal processes and controls.

Master File Transactions
Assign someone who is not involved in routine data processing to reconcile critical master file transactions with documentation so that all file changes are authorized.

Separate Duties
Where possible, segregate the tasks of developing systems from the jobs that involve using the systems. Control access to specific accounts by restricting them to certain individuals. Systems people should not be involved in addressing customer or supplier account discrepancies. Segregate the identification of errors and reconciliation of batch control totals from systems applications.

Management
Apply the same sort of careful planning, organizing, staffing and controlling skills to your data processing operation that you would to any other area. Realize that access to computers is no different than access to the financial books and files about your business.

If you suspect or detect computer-assisted fraud, act quickly. Contact the authorities immediately. Rely on the experts and follow the same precautions you would for handling embezzlement or theft.

Back to top of page