Cyberfraud & identity theft: the hidden costs of business process outsourcing

Offshore business process outsourcing involves additional risks, according to Anne Rouse and David Watson. Here they outline some of these with strategies for their management.

Acknowledging risks when deciding to outsource business processes : the case of data theft

Outsourcing is generally framed in terms of benefits and cost savings, rather than risks. One important risk is “data theft”. This paper draws upon a longitudinal study into IT and business process outsourcing to present a theoretical model incorporating risk. Sources include qualitative interviews with purchasers, non purchasers, and vendors of outsourced business process services. It concludes that data theft is an under-acknowledged risk in all business process outsourcing (BPO), but is higher for offshore outsourcing. This risk may be mitigated, but when factored into the business case can invalidate typically small cost savings. In acknowledging and adequately costing this risk, decision-makers may find BPO, particularly where offshore vendors are involved, less attractive.

Piggyback hunting-browsing the internet in Australia via unsecured wireless networks : virtual theft or acceptable behaviour in an online world?

In a world that is increasingly dominated by the Internet, there is a growing demand for low cost access at the users convenience. The expansion of wireless Internet networks, in particular unsecured wireless Internet networks, gives rise to novel challenges for the regulation of Internet access. The ability to access unsecured wireless Internet networks with ease and with very little impact upon the owner of the network suggests that such 'piggybacking' may be criminal behaviour or may amount to an actionable civil wrong. This paper will explore the legal ramifications of piggybacking an unsecured wireless network with knowledge that there is no entitlement to the use of the network and will consider what Australian authorities should do about this situation. This paper will look at the position in Australia and juxtapose this with that of the United Kingdom and the United States of America. In both the United Kingdom and the United States of America prosecutions have taken place of individuals who knowingly accessed unsecured wireless
networks for their own personal use.

A multidiscipline approach to governing virtual property theft in virtual worlds

The crime of virtual property theft has become a serious problem in virtual worlds in recent years. Players of these games are repeatedly falling victim to this crime, with little or no repercussion for the offender. Virtual property often has a substantial real world monetary value and the theft of such items impacts greatly on victims. The problem of virtual property theft is complex, involving many legal, regulatory and technological factors. As such, trying to address this problem in a single dimension is not sufficient, each factor need to be addressed with a multidisciplinary approach. In addressing this problem, this paper provides a model for describing the issue of virtual property trading and the issues associated with virtual property theft. The paper also proposes an approach for handling virtual property theft based on improvements to laws related to virtual property and theft, improvements to the virtual world software components and better regulation from governments.

Virtual property theft detection framework

 The issue of virtual property theft in virtual worlds is a serious problem which has ramifications in both the real and virtual world. Virtual world users invest a considerable amount of time, effort and often money to collect virtual property items, only to have them stolen by thieves. Many virtual property thefts go undetected, with thieves often stealing virtual property items without resistance, leaving victims to discover the theft only after it has occurred. This paper presents the design of a detection framework that uses an algorithm for identifying virtual property theft at two key stages: account intrusion and unauthorized virtual property trades. Initial tests of this framework on a synthetic data set show an 80% detection rate with no false positives. This framework can allow virtual world developers to tailor and extend it to suit their specific virtual world software and provide an effective way of detecting virtual property theft while being a low maintenance, user friendly and cost effective.

Smartphone applications, malware and data theft

The growing popularity of smartphone devices has led to development of increasing numbers of applications which have subsequently become targets for malicious authors. Analysing applications in order to identify malicious ones is a current major concern in information security; an additional problem connected with smart-phone applications is that their many advertising libraries can lead to loss of personal information. In this paper, we relate the current methods of detecting malware on smartphone devices and discuss the problems caused by malware as well as advertising.

Facilitating online privacy on eCommerce websites: an Australian experience

As traditional organizations using their websites for eCommerce transactions are increasing at an exponential rate, privacy concerns of users are also on the rise. To gain an insight into these concerns, existing policies and legislation, we conducted the research reported in this paper, in 2003. To augment the literature synthesis, a multiple case study analysis was conducted, based on six large organisations in Australia. Our research findings suggested that in the Australian context, an online privacy policy (OPP) on the website which complies with the Privacy Act, supported by few best practices are reasonably able to address online privacy concerns. However, these findings are restricted in time frame, indicative and relevant in the Australian context. Nevertheless, we hope to stimulate academic research enquiry and discussion forums through this research.

A conceptual model for graphical authentication

Reasons for the adoption of smart cards and biometric authentication mechanisms have been discussed in the past, yet many organisations are still resorting to traditional methods of authentication. Passwords possess several encumbrances not the least of which includes the difficulty some users have in remembering them. Often users inadvertently write difficult passwords down near the workstation, which negates any security password authentication, may provide and opens the floodgates to identity theft. In the current mainstream authentication paradigm, system administrators must ensure all users are educated on the need for a password policy, and implement it strictly. This paper discusses a conceptual framework for an alternative authentication paradigm. The framework attempts to reduce complexity for the user as well as increase security at the network and application levels.

Security issues within virtual worlds such as second life

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed. An area of advancement has been in the development of virtual worlds, where people can interact together via virtual characters. Virtual World systems have been so complex that virtual lives can be lived, including all aspect of life such as education, commerce, social activities etc. Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism and terrorism, also exist in the virtual worlds. The more developed these virtual worlds become the greater the breaches of security will be in the virtual as well as the real world.This paper explores and categorises several security issues within the Virtual World of Second Life. It contributes to practice and research by emphasising the importance of security awareness for businesses and the general public in Virtual Worlds.

Cyber crime influencing businesses in South Africa

This study shows that cyber crime is a recent addition to the list of crimes that can adversely affec tbusinesses directly or indirectly. This phenomenon was not directly prosecutable in South Africa until the enactment of the ECT Act in July 2002. However this Act also prevents businesses to fully prosecute a hacker due to incompleteness. Any kind of commercially related crime can be duplicated as cyber crime. Therefore very little research appears or has been documented about cyber crime in South African companies before 2003. The motivation to do this study was
that businesses often loose millions in cyber attacks, not necessarily through direct theft but by the loss of service and damage to the image of the company. Most of the companies that were approached for interviews on cyber crime were reluctant to share the fact that they were hacked
or that cyber crime occurred at their company as it violates their security policies and may expose their fragile security platforms.
The purpose of this study was to attempt to get an overall view on how South African businesses are affected by cyber crime in the banking and short term insurance sector of the South African industry and also to determine what legislation exist in this country to protect them.
The case study approach was used to determine the affect of cyber crime on businesses like banks and insurance companies and higher education institutions. Each case was interviewed, monitored and was observed over a period of a year. This study discloses the evaluation of the results of how cyber crime affected the cases, which were part of this study. The banks and higher education institutions felt that they were at an increased risk both externally and internally, which is likely to increase as the migration towards electronic commerce occurs. The insurance industry felt that they are not yet affected by external cyber crime attacks in this country.

Security Issue challenging facebook

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed; many of these newer applications are described as being Web 2. A web 2 application such as Facebook has allowed people around the world to interact together. One of the interesting aspects of Facebook is the use of third parties applications and the interactions that this allows.

Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism also exist in online environment, and Web 2 applications are not exception to these issues. This paper explores and categorises several security issues within the Facebook environment. It contributes to practice and research by emphasising the importance of security awareness for businesses and the general public in the use of Web 2 applications such as Facebook.

Crime rates, male youth unemployment and real income in Australia: evidence from Granger causality tests

This article applies Granger causality tests to examine the relationship between seven different categories of property crime and violent crime against the person, male youth unemployment and real male average weekly earnings in Australia from 1964 to 2001 within a cointegration and vector error correction framework. It is found that fraud, homicide and motor vehicle theft are cointegrated with male youth unemployment and real male average weekly earnings. However, there is no evidence of a long-run relationship between either break and enter, robbery, serious assault or stealing with male youth unemployment and real male average weekly earnings.