EFraud: Motives, Techniques, and Research Agenda Presentation at the Second Student Conference of Re

1
E-Fraud Motives, Techniques, and Research Agenda
Presentation at the Second Student Conference
of Research in BusinessApril 2008, HEC Montreal

• Muhammad Aljukhadar
• PhD Student
• HEC Montreal

2
From 687,000 Fraud Complaints in 2005

• Identity theft complaints 37
• Internet Auctions 12
• Foreign Money Offers 8
• Shop-at-Home/Catalogue Sales 8
• Prizes/Sweepstakes and Lotteries 7
• Internet Services and Computer Complaints 5
• Business Opportunities and Work-at-Home plans 2
  
• Advance-Fee Loans and Credit Protection 2
• Telephone Services and Other 19
• Internet-related complaints accounted for 46 of
  all fraud complaints
• The percent of Internet-related fraud complaints
  tripled in three years

3
Examples

• 3.4 million Bell Canada customers whose personal
  information was stolen recently
• 41 million TJX Inc. (owner of Winners and
  HomeSense) will pay in a settlement with Visa
  over a breach that exposed millions of client
  card numbers (another 24-million to MasterCard)
• 50 of German corporations now employ Chief
  Privacy Officers (CPO)
• (http//www.theglobeandmail.com/servlet/story/RTGA
  M.20080409.wgtprivacy10/BNStory/GlobeTQ/home)

4
What is e-Fraud

• E-fraud is the unlawful and intentional use or
  deployment of an electronic medium and/or
  peripheral to make a misrepresentation which
  causes actual prejudice or which is potentially
  prejudicial to another.

Based on Snyman (2002) definition of fraud
5
E-Fraud exists when

• A material false statement
• A knowledge on the perpetrators part that the
  statement was false when it was uttered.
• A reliance on the false statement by the victim
• Resulting damages (Albrecht and Albrecht,
  2002)
• Fraud involve a breach of community
  standards, also known as legal policy (Granova
  and Eloff, 2004)

6
Current Academic Work

• Majority on auction e-Fraud (curry 2001)
• Online deception (Grazioli and Jarvenpaa 2003)
• Deception across several studies (Grazioli 2004)
• Pavlou and Gefen (ISR 2005) studied e-fraud as
  psychological contract violation
• Online community can reduce auction e-fraud (Chua
  et al. 2007 MISQ)

7
Who is affected by e-fraud?

• Customers are victimized most often.
• E-fraud affect many parties.
• Sellers through lost fees (Kauffman and Wood
  2005) cheating by false payment (e.g., bad
  checks) lost merchandise owners of property
  rights can have their rights diluted by
  counterfeits lost customers through heightened
  perceptions of risk (Grossman and Shapiro
  1988a,1988b).

8
Major E-Fraud Techniques

• Data theft hackers access secure or non-secure
  sites, get the data and sell it
• Sniffing viewing of the information that passes
  along a network or channel
• Unauthorized access to password databases This
  could be done by insiders, or outsiders through
  hacking a firewall
• Falsified Identity https// connection, which
  indicates a secure server connection. A falsified
  identity poses a great threat on the safety of an
  e-banking or e-commerce transaction
• Spoofing changing the header info in an email
  message or web request in order to hide identity
  and make the email appears to be originated from
  a trusted authority
• Customer Impersonation If a customer falsified
  his or her identity, the business lose money
  and/or time on responding
• False Web Sites one of the most techniques used
  in e-fraud and is referred to as bustout
  (Albrecht Albrecht, 2002)

9
Auction E-Fraud (adapted from Curry 2001)
10
Propositions set 1
Profitability (seller third party)
_
_
E-fraud
Vulnerability

_
PCV Buyer
PCV Seller
Trust
_


_
Transaction Intention
Perceived Risk



Transaction Behavior
Price Premium
11
Propositions set 2
Preventive (Why e-fraud occur)
Perceived Pressure

Perceived Opportunity

E-fraud

Rationalization
12
Propositions set 3
Reactive (how to manage e-fraud
Preventive (Why e-fraud occur)
Anti-scheming techniques
Perceived Pressure
_

Consumer Education
_
Perceived Opportunity

e-fraud
_
Risk Management

_
Rationalization
_
Managing inside attacks
Prosecution law enforcement
13
Questions? Suggestions?