chapter 17

What are the learning objectives of Chapter 17?

Understand e-commerce fraud risk, take measures to prevent fraud in e-commerce, and detect e-business fraud.

What creates unique risks in e-business environments?

Aspects of the Internet-driven economy that create pressures and opportunities specific to e-commerce fraud.

What are examples of internal fraud risks in e-commerce?

Data theft, password theft, social engineering, sniffing, wartrapping, and portable devices with large-capacity memory.

What are examples of external fraud risks in e-commerce?

Viruses, worms, trojans, spyware, phishing, spoofing, SQL injections, bust-out schemes, false websites, and hijacking.

What is 'security through obscurity'?

A tactic of keeping security strategies and encryption secret to confuse attackers, though true security comes from transparent, well-tested systems.

What is the best way to prevent e-business fraud?

Reducing opportunities through appropriate internal controls.

What are the five elements of internal controls?

Control environment, risk assessment, control activities, information and communication, and monitoring.

Which three control elements are most important in e-business?

Control environment, risk assessment, and control activities.

What is the purpose of risk assessment in e-business?

To identify the risks of doing business with e-business partners and risks in electronic exchanges.

What are examples of control procedures to counter e-commerce risks?

Encryption, firewalls, digital signatures, biometrics, and intrusion detection.

What are examples of control activities?

Separation of duties, proper authorization, adequate records, physical controls, and independent checks.

How does adequate separation of duties prevent fraud?

By ensuring that no single employee controls all parts of a transaction, reducing the risk of bribery.

What are the most common authorization controls in e-commerce?

Passwords, firewalls, digital signatures, and biometrics.

Why is encryption important in e-commerce?

It protects sensitive electronic documents from being intercepted or altered.

What physical assets and records must be protected in e-business?

Facilities, computers, servers, software, applications, and data—both onsite and offsite.

Why are independent checks important in e-commerce?

They help detect fraud by verifying the performance of e-business partners and systems.

What are the key components to examine in independent checks?

Backgrounds, motivations, and decision-making influence of partners.

What are the steps in data-driven fraud detection?

Understand the business, identify possible frauds, determine symptoms, search using data systems, analyze results, investigate symptoms.

What technical knowledge is useful in e-commerce fraud investigation?

Understanding web servers, email systems, intrusion programs (e.g., Nmap, Wireshark), Unix/Linux, Windows vulnerabilities, scripting languages, and IDS tools.