Access the full text.
Sign up today, get DeepDyve free for 14 days.
References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.
Peter G. N e u m a n n IPRAUD BY COMPUTER authorization, which was no obstacle because the employee knew someone else's password. T h e first transaction was successful. T h e second one failed accidentally (due to a 'technical malfunction'), which was noted the next working day. Suspicions led to the arrest o f the employee (SEN 13, 2, Apr. 1988, 5). ¢ An A T M - c a r d - c o u n t e r feiting scam p l a n n e d to make bogus cards with a stolen card encoder, having obtained over 7,700 names (with personal identifiers, PINs) from a bank database. A n i n f o r m a n t t i p p e d off the Secret Service before the p l a n n e d mass cash-in, which could have netted millions o f dollars (SEN 14, 2, Apr. 1989, 16). C o m p u t e r - r e l a t e d financial fraud continues to be a problem. Here are a few cases from the Risks archives. Frauds ¢ Volkswagen lost almost $260 million as the result o f an insider scam that created phony currencyexchange transactions and then covered them with real transactions a few days later, pocketing the float as the exchange rate was changing. This is an example o f a salami att a c k - - a l b e i t with a lot of big slices (SEN 12, 2, Apr. 1987, 4). Four insiders and one outsider were subsequently convicted, with the maxim u m jail sentence being six years, so their efforts were not entirely successful! ¢ Losses from automatic teller machines (ATMs) are numerous. T h e archives include a $350,000 theft that bypassed both user authentication and withdrawal limits, $140,000 lost over a weekend due to a software bug, $86,000 stolen via fabricated cards and espied authentication n u m b e r s (PINs), $63,900 obtained via the combination o f a stolen card and an ATM p r o g r a m error, and o t h e r scams. ¢ O t h e r frauds include a collaborative scam that acquired 50 million frequent-flier miles, an individual effort that gained 1.7 million miles, a collaborative effort involving millions o f dollars worth o f bogus airline tickets, and a bank c o m p u t e r system employee who snuck in an o r d e r to Brinks to deliver 44 kilograms o f gold to a remote site, collected it, and then disappeared. ISSIDE ¢ First National Bank o f Chicago had $70 million in bogus transactions t r a n s f e r r e d out o f client accounts. One transaction exceeded permissible limits, but the insiders m a n a g e d to intercept the telephone request for manual authorization. However, that transaction then overdrew the Merrill-Lynch account, which resulted in the scare being detected. Seven men were indicted, and all o f the money was recovered (SEN 13, 3, July 1988, 10). ¢ T h e Union Bank o f Switzerland received a seemingly legitimate request to transfer $54.1 million (82 million Swiss francs). T h e automatic processing was serendipitously d i s r u p t e d by a c o m p u t e r system failure, requiring a manual check--which uncovered the bogosity. T h r e e men were arrested (SEN 13, 3, July 1988, 10). ¢ T h e Pennsylvania state lottery was presented with a winning lottery ticket worth $15.2 million that had been p r i n t e d after the drawing by someone who had browsed t h r o u g h the on-line file o f still-valid unclaimed winning combinations. T h e scare was detected because the ticket had been p r i n t e d on card stock that differed from that o f the legitimate ticket (SEN 13, 3, July 1988, 11). ¢ On Christmas Eve 1987, a Dutch bank employee m a d e two bogus c o m p u t e r - b a s e d transfers to a Swiss account, for $8.4 million and $6.7 million. Each required two-person RISKS Conclusions In general, c o m p u t e r misuse is getting m o r e sophisticated, keeping pace with improvements in comp u t e r security. Access controls can h i n d e r outsiders. F r a u d by insiders, however, remains a p r o b l e m in many commercial environments (often not even requiring technology, as in the U.S. savings and loan fiasco, now exceeding $1.5 trillion). High-tech insider fraud can be difficult to prevent if it blends in with legitimate transactions. ost o f the preceding thwarted attempts were foiled only by chance, which is not reassuring, particularly because m o r e cautious p e r p e t r a t o r s might have been successful. We do not know the extent of successful frauds. Financial institutions tend not to r e p o r t them, fearing losses in customer confidence and escalations in insurance premiums. This leaves us wondering how many successful cases have not been detected, or have been detected but not r e p o r t e d . Better system security, authentication (of users and systems), accountability, auditing, a n d real-time detectability would help somewhat. More honest r e p o r t i n g by corporations and gove r n m e n t a l bodies would help reveal the true extent of the problems, and would be beneficial to all in the long term. Otherwise, c o m p u t e r aided f r a u d will continue. [] M Thwarted Attempts ¢ T h e First Interstate Bank o f California came within a whisker of losing $70 million as the result o f a bogus request to transfer funds over the a u t o m a t e d clearinghouse network. T h e request came via c o m p u t e r tape, accompanied by p h o n y authorization forms. It was detected and cancelled only because it overdrew the debited account. T h e FBI is investigating (SEN 17, 3, July 1992). lS4 August 1992/Vol.35, No.8/COMMUNICATIONS OF T H E ACM
Communications of the ACM – Association for Computing Machinery
Published: Aug 1, 1992
You can share this free article with as many people as you like with the url below! We hope you enjoy this feature!
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.