MALAYSIA COMPUTER SECURITY ISSUE ADDRESSED Usual areas of computer fraudCOMPUTERS are highly sophisticated tools with versatile capabilities – from enabling global communications and manning transport and traffic systems to facilitating global commerce and industry.

We have become very dependent on computers in almost all aspects of our daily lives. These machines process and store vast quantities of information – from the mundane, like flight details, hobbies and recipes, to the highly confidential like government defence and security intelligence, sensitive business information, personal data and credit details.
Maintaining these machines in good working order and safekeeping the retained information from abuse, however, are highly complex tasks, as security is easily breached if we are careless.

It is like having a large house with lots of doors and windows. We must have a good alarm system and ensure that seldom-used doors and windows are always shut or sealed off.

The number of persons with access to the main door must be limited. Enforcement of established procedures becomes a pertinent issue, especially since you first must be aware that abuse has occurred!

Information on paper is easy to protect – we just need to store it in a quality safe. But how do we keep digital information under lock and key? Digital information floats in a network. It is precisely this inability to secure the information that leads to its abuse.

Imagine where even simple personal information may be obtained to perpetrate a crime: Your employees’ details are stored in your payroll/HR database. Any person who has stolen such details may assume an employee’s identity, and apply for credit cards or even ask for a replacement card, using their personal details for verification.

The list is endless: issuance of unauthorised purchase orders, payment of salaries to non-existent staff or payment to non-existent suppliers, supply of goods to bad or fictitious customers etc.

How will you know whether this has or has not happened in your own organisation? What measures have you taken to ensure this cannot and will not happen in your own company? Are all automation and friendly software to be blamed or the users themselves?

The current fastest growing problem in global computer fraud is identity theft.

More popularly known as ‘phishing’, it occurs when someone attempts to get hold of your personal and credit details – the person then assumes your identity and transacts with third parties, leaving a trail of expenses and liabilities for you and the vendor to sort out.

These transactions are dealt via the Internet (without face-to-face contact), and it is practically impossible to trace the culprits unless you are lucky.

Employers, government agencies and other corporate entities that store or have access to our bio-data, professional and tax data, medical data, and Mykad data are regularly subjected to countless phishing attempts, and must be secured well. (For more information and ideas on preventing identity theft, go to http://www. identitytheft.org)

Computer fraud is the direct or indirect result of unauthorised, and sometimes authorised, access to computers and their applications, and the data residing therein. The invariable result is gain for the perpetrators and damage to the rightful owners.

Several “creative” approaches are employed. Understanding how these schemes work will enable us to reduce or block some of them and, at times, anticipate their moves.

Computer fraud is accomplished through manipulation of input, programs, data, output and the routes through which data travel.

Examples of common internal computer fraud schemes are billing schemes, inventory fraud, payroll fraud, skimming, cheque tampering and register schemes.

Quite often, these schemes harm large companies – e.g. fraud by damaging or modifying data; or programs (e.g. programs that process payroll or dispense cash via ATMs are altered or vandalised). The reasons for such crimes, in addition to financial gain, include economic advantage over competitors, industrial espionage and military or naval espionage.

Common external computer fraud schemes include telecommunications fraud (free calls); hacking – either for fun or to steal data; Internet fraud – selling some product/service; software piracy – theft of intellectual property (Source: Fundamentals of computer fraud, 1999, Association of Certified Fraud Examiners: Austin, TX).

Credit card fraud is a virulent extended form of computer fraud and is quite widespread in some countries. Theft of data contained on magnetic stripes of credit cards is accomplished by skimming the cards at a merchant outlet or accessed by a hacker from some storage system.

The appropriated data is encoded onto a blank card, and the cloned card is then used to run up huge expenses. It can happen to anyone, as even Bill Gates got stung recently.

CONTINUED at weblink...............