Title: EFraud: Motives, Techniques, and Research Agenda Presentation at the Second Student Conference of Re
1E-Fraud Motives, Techniques, and Research Agenda
Presentation at the Second Student Conference
of Research in BusinessApril 2008, HEC Montreal
- Muhammad Aljukhadar
- PhD Student
- HEC Montreal
2From 687,000 Fraud Complaints in 2005
- Identity theft complaints 37
- Internet Auctions 12
- Foreign Money Offers 8
- Shop-at-Home/Catalogue Sales 8
- Prizes/Sweepstakes and Lotteries 7
- Internet Services and Computer Complaints 5
- Business Opportunities and Work-at-Home plans 2
- Advance-Fee Loans and Credit Protection 2
- Telephone Services and Other 19
- Internet-related complaints accounted for 46 of
all fraud complaints - The percent of Internet-related fraud complaints
tripled in three years
3Examples
- 3.4 million Bell Canada customers whose personal
information was stolen recently - 41 million TJX Inc. (owner of Winners and
HomeSense) will pay in a settlement with Visa
over a breach that exposed millions of client
card numbers (another 24-million to MasterCard) - 50 of German corporations now employ Chief
Privacy Officers (CPO) - (http//www.theglobeandmail.com/servlet/story/RTGA
M.20080409.wgtprivacy10/BNStory/GlobeTQ/home)
4What is e-Fraud
- E-fraud is the unlawful and intentional use or
deployment of an electronic medium and/or
peripheral to make a misrepresentation which
causes actual prejudice or which is potentially
prejudicial to another.
Based on Snyman (2002) definition of fraud
5E-Fraud exists when
- A material false statement
- A knowledge on the perpetrators part that the
statement was false when it was uttered. - A reliance on the false statement by the victim
- Resulting damages (Albrecht and Albrecht,
2002) - Fraud involve a breach of community
standards, also known as legal policy (Granova
and Eloff, 2004)
6Current Academic Work
- Majority on auction e-Fraud (curry 2001)
- Online deception (Grazioli and Jarvenpaa 2003)
- Deception across several studies (Grazioli 2004)
- Pavlou and Gefen (ISR 2005) studied e-fraud as
psychological contract violation - Online community can reduce auction e-fraud (Chua
et al. 2007 MISQ)
7Who is affected by e-fraud?
- Customers are victimized most often.
- E-fraud affect many parties.
- Sellers through lost fees (Kauffman and Wood
2005) cheating by false payment (e.g., bad
checks) lost merchandise owners of property
rights can have their rights diluted by
counterfeits lost customers through heightened
perceptions of risk (Grossman and Shapiro
1988a,1988b).
8Major E-Fraud Techniques
- Data theft hackers access secure or non-secure
sites, get the data and sell it - Sniffing viewing of the information that passes
along a network or channel - Unauthorized access to password databases This
could be done by insiders, or outsiders through
hacking a firewall - Falsified Identity https// connection, which
indicates a secure server connection. A falsified
identity poses a great threat on the safety of an
e-banking or e-commerce transaction - Spoofing changing the header info in an email
message or web request in order to hide identity
and make the email appears to be originated from
a trusted authority - Customer Impersonation If a customer falsified
his or her identity, the business lose money
and/or time on responding - False Web Sites one of the most techniques used
in e-fraud and is referred to as bustout
(Albrecht Albrecht, 2002)
9Auction E-Fraud (adapted from Curry 2001)
10Propositions set 1
Profitability (seller third party)
_
_
E-fraud
Vulnerability
_
PCV Buyer
PCV Seller
Trust
_
_
Transaction Intention
Perceived Risk
Transaction Behavior
Price Premium
11Propositions set 2
Preventive (Why e-fraud occur)
Perceived Pressure
Perceived Opportunity
E-fraud
Rationalization
12Propositions set 3
Reactive (how to manage e-fraud
Preventive (Why e-fraud occur)
Anti-scheming techniques
Perceived Pressure
_
Consumer Education
_
Perceived Opportunity
e-fraud
_
Risk Management
_
Rationalization
_
Managing inside attacks
Prosecution law enforcement
13Questions? Suggestions?