Download (direct link):
Cox notes the Internet is favored by employees inclined to take actions against their organizationâ€™s interests for three reasons: (1) more financial transactions are consummated on the Internet; (2) the Internet affords a relatively anonymous venue to commit these acts; and (3) new laws acted to make obsolete some internal controls auditors have relied on in more traditional environments.45
The 2002 Computer Crime And Security Survey of large corporation and governmental agencies is also revealing in grasping the dimensions of these problems. It notes, in part, that while 90 percent of respondents reported computer security breaches, only 34 percent reported these to a law enforcement agency. While only 44 percent were able to put a dollar value on their losses due to compromise of intellectual property, those that did estimated losses in excess of $170 million. Organizations reporting financial frauds estimated those losses as being in excess of $155 million. Finally, 78 percent of respondents advised their employees had violated Internet access and use policies.46
Unfortunately, the survey as released does not indicate what percentage of such incidents were committed or abetted by insiders, thus making them occupational fraud.
GartnerG2, a research service from Gartner, Inc., reported the following findings: â€śMore than $700 million in online sales were lost to fraud in 2001, representing 1.14% of total annual online sales of $61.8 billion. Online fraud losses
THE STATE OF OCCUPATIONAL FRAUD
for 2001 were 19 times as high, dollar for dollar, as fraud losses resulting from offline sales.â€ť47 The persons who engage in such acts often show a great deal of ingenuity and resourcefulness, sometimes combining two or more technologies or techniques to make their tasks easier and ours harder.
Douglas Watson, writing in the March/April 2002 edition of The White Paper, likewise reports on a study conducted by the Nevada State Attorney General, who found that while the average bank robber gets about $2,500 and the average bank embezzler gets about $25,000, the average computer crime reaps about $500,000. The report further notes that the average computer-related fraud is $1.9 million. Such activities may be seen by the unscrupulous not only as highly profitable, but also relatively safe, since the report also indicates that only 1 percent of computer crime is detected, only 7 percent is reported to law enforcement, and only 3 percent of the cases that are investigated and prosecuted result in jail time.48
The Internet Fraud Complaint Center, a joint undertaking by the FBI and the NWCCC, reports that auction fraud is now the number one computer-related crime. Last year the NWCCC logged 7,193 complaints representing losses amounting to $5.4 million, and it estimated that fewer than 10 percent of persons defrauded even bother to file complaints. The usual reasons, we are informed, are because the victims are embarrassed or do not know where to turn. That one also sees such reactions on the part of many organizations, great and small, when they encounter occupational fraud does not give us great confidence that we shall know the true dimensions of organizational fraud anytime soon. Cameron, citing an April 2000 report by Meridian Research, notes that estimated credit card losses to U.S. business were $9 billion in 2001, and could reach $40 to $60 billion by 2005.49
Such scams, reprehensible as they are, do not directly affect us, since they do not meet the definition of occupational fraud. Yet the experience of the NWCCC is still instructive, for what we see developing in the commercial marketplace usually finds its way into our organizations. One technique now starting to appear involves combining a fraudulent sale on the Internet with identity theft (the assumption of another personâ€™s legitimate identity to commit or facilitate a crime). The more enterprising fraudsters now offer nonexistent goods for sale and ask the unsuspecting buyer to wire their money to a bank account. This often gives the buyer a level of assurance, since they falsely believe if the goods are not delivered they can use the bank account information to track down the other party.
Such, alas, is not the case, for the bank account is also fraudulent, having been set up with an identity stolen from yet another victim. The fraud perpetrator merely lets money accumulate, drains the account, and then repeats the process all over again.50
Such identity thefts are, unfortunately, perceived in some circles as a minor or nuisance crime. An article by Adam Clymer in The New York Times may help dis-
pel this notion. Clymer notes: â€śFederal authorities announced a nationwide sweep of identity theft arrests today, charging the people with using false credentials to cover up a murder, sell homes belonging to the elderly, and exercise
176,000 stock options belonging to an unknowing company executive.â€ť51
Attorney General John Ashcroft has called identity theft â€śone of the fastest growing crimes in the United States,â€ť with an estimated 500,000 to 700,000 victims each year. He noted that U.S. attorneys around the country had brought 25 new identify theft cases in the last 24 hours before his remarks. While this level of increased enforcement is encouraging, a study of DOJ data conducted by the Transactional Records Access Clearinghouse of Syracuse University indicated that about one-third of those convicted of identity theft did not receive prison time and of those that did the average sentence was less than one year.