Degree project in Informatics at Master Level, specialization in Information Systems

Contemporary Online Banking Fraud in Norway A Case Study

Author: Daniel Weenås Aspvik, Preben Weenås Aspvik Supervisor: Nuno Otero Examiner: Associate Professor Päivi Jokela Date: 2020-05-28 Course Code:4IK50E, 15 credits Subject: Information Systems Level: Graduate Department of Informatics

Abstract

Banks are currently battling rising of fraudulent activities as it damages their relationship with their customers. Online banking fraud is decreasing trust and confidence among the customers and decreasing operating performance and increasing cost for the banks. This paper looks at online banking fraud in Norway and answers the research questions (1). How are bank customers attacked through the internet? and (2). How are banks trying to prevent fraudulent attacks against their customers? Interviews and document collection were used for data gathering, and in total, four interviews were conducted with academics and business professionals. The data were analysed using thematic analysis. The findings suggest that BankID fraud, Card fraud, CEO fraud, Investment fraud, Love scams and Phishing are among the most frequent attacks in Norway at present. Attacks contain elements of social manipulation, constantly change and are customized to target victims. The attacks have in common that they all are showing patterns of professionalizing. The study found that Norwegian banks are technologically advanced regarding fraud detection and authentication, and have put efforts into awareness against online banking fraud. However, the main issue of online banking fraud in Norway is seemingly grounded in the interactions made by the customers with the technology and not the prevention system the banks deploy.

Keywords

E-banking fraud, Fraud prevention, Fraud techniques, Internet Banking, Internet fraud, Informatics, Information systems, Norway, Online banking fraud, Online security

Acknowledgements

First and foremost, we would like to thank our supervisor Nuno Otero and Anita Mirijamdotter, for guidance, comments, and suggestions while writing this thesis.

Completing this thesis would not be possible without the expertise of Anne Dybo, Ibrahim Jama, Kristian Gjøsteen, Sebastian Claydon Takle, and Terje Aleksander Fjeldvær. We would like to sincerely thank them for their significant contribution to this research project.

We would also like to thank the sources that allowed us to use documents from their websites.

Tromsø, 28th of May 2020 Daniel Weenås Aspvik & Preben Weenås Aspvik

Table of Contents

ABSTRACT .............................................................................................................................. 2 KEYWORDS ............................................................................................................................ 2 ACKNOWLEDGEMENTS ........................................................................................................ 2 GLOSSARY OF IMPORTANT TERMS ................................................................................... 5

1 INTRODUCTION ................................................................................................................... 6 1.1 INTRODUCTION AND RESEARCH SETTING ............................................................................................ 6 1.2 PURPOSE STATEMENT AND RESEARCH QUESTIONS ........................................................................ 6 1.3 TOPIC JUSTIFICATION ............................................................................................................................... 7 1.4 SCOPE OF RESEARCH AND LIMITATIONS .............................................................................................. 7 1.5 THESIS ORGANIZATION ............................................................................................................................ 7

2. LITERATURE REVIEW ........................................................................................................ 9 2.1 RESULT OF LITERATURE REVIEW ......................................................................................................... 11

2.1.1 Fraud techniques ........................................................................... 11 2.1.2 Technological fraud prevention techniques ............................................ 13 2.1.3 Social measures for prevention .......................................................... 14

3 METHODOLOGY ................................................................................................................ 16 3.1 QUALITATIVE TRADITION ........................................................................................................................ 16 3.2 METHODOLOGICAL APPROACH ............................................................................................................ 17

3.2.1 Case Study ................................................................................... 17 3.3 METHODS/TECHNIQUES FOR DATA COLLECTION ............................................................................ 18

3.3.1 Document collection ....................................................................... 18 3.3.2 Semi-structured Interview ................................................................ 19

3.4 METHODS/TECHNIQUES FOR DATA ANALYSIS ................................................................................. 19 3.4.1 Thematic analysis .......................................................................... 20

3.5 RELIABILITY AND VALIDITY .................................................................................................................... 21 3.6 ETHICAL CONSIDERATIONS ................................................................................................................... 23

4 EMPIRICAL FINDINGS ....................................................................................................... 25 4.1 THEMATIC ANALYSIS ............................................................................................................................... 25 4.1 FRAUD TECHNIQUES ............................................................................................................................... 28

4.1.1 Malware ..................................................................................... 28 4.1.2 Phishing ...................................................................................... 29 4.1.3 Deepfake’s .................................................................................. 30 4.1.4 Investment Fraud ........................................................................... 31 4.1.5 CEO fraud .................................................................................... 32 4.1.6 Love scams .................................................................................. 33 4.1.7 Card fraud ................................................................................... 34 4.1.8 Current events .............................................................................. 35 4.1.9 Social manipulation ........................................................................ 35 4.1.10 Organized and Systematic ............................................................... 36 4.1.11 BankID fraud ............................................................................... 38

4.2 PREVENTION TECHNIQUES .................................................................................................................... 39 4.2.1 Technological prevention ................................................................. 39 4.2.2 Social measures for prevention .......................................................... 41

5 DISCUSSION ....................................................................................................................... 44 5.1 FRAUD TECHNIQUES ............................................................................................................................... 44

5.1.1 Social entry ................................................................................. 44

5.1.2 Target selection ............................................................................ 45 5.1.3 Malware ..................................................................................... 45 5.1.4 AI ............................................................................................ 45 5.1.5 Love scam ................................................................................... 46

5.2 FRAUD PREVENTION ............................................................................................................................... 46 5.3 ETHICS ....................................................................................................................................................... 47

6 CONCLUSION ..................................................................................................................... 49 6.1 CONCLUSIONS ......................................................................................................................................... 49 6.2 CONTRIBUTION ........................................................................................................................................ 49 6.3 FUTURE RESEARCH ................................................................................................................................ 49

REFERENCES ....................................................................................................................... 51 APPENDIX ............................................................................................................................. 61

APPENDIX A: SUGGESTED INTERVIEW PROTOCOL/GUIDE .................................................................... 61 APPENDIX B: CASE STUDY PROTOCOL ..................................................................................................... 63 APPENDIX C: INITIAL THEMES - DOCUMENTS .......................................................................................... 66

FIGURE OVERVIEW

Figure 1: Summary of attacks and prevention methods ...................................................... 24 Figure 2: Thematic map – Attacks ....................................................................................... 26 Figure 3: Thematic map – Prevention. ............................................................................... 26 Figure 4: Iterative improvements loop. ............................................................................... 35 Figure 5: Professionalization of attacks by level. ............................................................... 36

TABLE OVERVIEW Tabel 1: General advice – prevention ............................................................................... 40 Table 2: Case study protocol .............................................................................................. 60 Table 3: Initial themes ....................................................................................................... 102

Glossary of important terms

The thesis glossary of important terms describes terms that are not covered in the literature review or the findings, as they are necessary to understand the patterns and connections described in the thematic analysis.

BankID: is digital identification and signing technology used by all the banks in Norway, as well as digital services provided by the government, and others who have adopted it like businesses. Identification and signing with BankID could be seen as an equivalent to a passport and a physical signature on paper (Om oss - BankID, 2020).

BankID fraud: no definition of BankID fraud was found, though it can be described by merging the definition of BankID and Identity theft. BankID fraud could be explained as the unwarranted use of BankID for identification or digital signing to resulting in a loss for the victim (Om oss - BankID, 2020; Lov om straff straffeloven – Kapittel 21. Vern av informasjon og informasjonsutveksling – Lovdata, 2020).

Card not present fraud (CNP-Fraud): is a type of fraud where transactions are being performed without the cardholder being present (Preventing payment fraud | Barclaycard Business, n.d.).

Card fraud: can be defined as planning to or using a credit card for unjust gain, including using credit card information without the card (Credit card fraud | crime, 2020).

Identity theft: the definition of identity theft in this thesis will take a basis in Norwegian law, specifically Straffeloven § 202. In the paragraph, it is stated that identity theft is the act of unwarranted acquirement of someone's proof identity, or that one makes use of an another's identity, or that one uses similarity of one's identity to either perform the achievement of unjust gain for oneself or losses for another (Lov om straff straffeloven – Kapittel 21. Vern av informasjon og informasjonsutveksling – Lovdata, 2020).

Loan fraud: can be defined by using the FBI’s definition of mortgage fraud, and Straffeloven § 202 as when someone takes out a loan on false premises, such as misrepresentation of identity, or in any way provide misinformation during the loan application process for an unwarranted gain (Financial Institution/Mortgage Fraud | Federal Bureau of Investigation, n.d.; Lov om straff straffeloven – Kapittel 21. Vern av informasjon og informasjonsutveksling – Lovdata, 2020).

Wire fraud: Will make use of the definition of wire fraud described in 18 U.S. Code § 1343, were wire fraud which has been defined as:

“Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice…" (Legal Information Institute, n.d. , p.1)

1 Introduction

1.1 Introduction and Research setting

Internet banking has revolutionized how the average customer is interacting with their bank. At any given time and independent of geographical location, customers can retrieve data and information from the bank’s information systems. Transactions, accounts, applications and requests can be managed without the need of entering a conventional bank, creating opportunities for new business, more personalized content and reduction in costs for both the bank and their customers (Sikdar, Kumar, and Makkad, 2015).

The internet is a global network consisting of interconnected computers that allows world- wide communication and sharing of information. As local activities and interactions become more available across distance, so does assumedly the opportunity to perpetrate illegal activities on a larger scale (Ritzer, 2007). As a result, different methods for conducting fraud is becoming more prevalent today having a negative impact on the lives of the victims both emotional and financial (KPMG, 2019; Hoffmann and Birnbrich, 2012; Modic and Anderson, 2015; UK FINANCE, 2019). A growing trend can be observed when looking at fraud worldwide related to using internet-based techniques on the internet banking segment (KPMG, 2019). Banks are aware of the problem and are currently battling the rising fraudulent activities as it appears to damage their relationship with their customers. Fraudsters are decreasing trust and confidence among the customers and decreasing operating performance and increasing cost for the banks (Hoffmann and Birnbrich, 2012). This study will focus on the phenomenon of online banking fraud in the Norwegian banking segment.

This study took place in Norway during the spring semester of 2020 as a part of the distance learning program - M.Sc. Information Systems at Linnaeus University. The participants of the study are experts within the field of internet banking fraud in Norway and the eligibility criteria were set from academic or professional merits. Experts should be knowledgeable about the topic and have spent a considerable amount of time studying and/or working with the issue.

The participants working as business professionals are employed by some of the biggest banks in Norway operating in segments such as personal-, business-, corporate- and private banking. The banks are delivering services such as loans, savings, insurance, pension, and investment services. One participant is leading his bank's cybercrime centre, and another one is the technical manager of threat and intelligence, the last one works with fraud awareness and communication. The academic is employed as a professor by one of the highest-ranking and largest universities in Norway, which offers a great variety of programmes within multiple fields of studies. The advisor is a fraud expert working within the Norwegian law enforcement entity that specialises in investigation and prosecution of economic and environmental crime. The employees of this entity are multidisciplinary, working in teams with responsibility for specific crime areas.

1.2 Purpose Statement and Research Questions

The purpose of this study is to explore online fraud in banking in Norway from an information system perspective by looking at which methods are used to defraud victims, and how the financial institutions are trying to prevent these acts in Norway.

To summarize, there is a need to understand better the contemporary methods for defrauding bank customers on the internet, and how banks are trying to prevent these frauds in Norway.

To be more specific, the following research questions need to be addressed:

1. How are bank customers attacked through the internet? 2. How are banks trying to prevent fraudulent attacks against their customers?

1.3 Topic Justification

During the literature review, limited literature regarding online banking fraud in Norway was found. The interviews conducted with the experts confirmed a lack of previous studies as all experts mentioned that there were few academic studies in Norway about the topic.

Norway could be considered a high-income country with a high degree of technological advancements, possibly making the Norwegians more suitable targets for fraudsters than citizens of other countries.

The findings of this study will be valuable for the public, financial institutions, and organizations looking to decrease the number of fraud cases on the internet related to banks as uncovering the methods and good practices for prevention could reduce the damage done by fraud attacks. Findings would also be valuable for informing the public about what are the contemporary fraud techniques and how do fraudsters set up these attacks.

This study will pursue to fill the gap by examining internet banking fraud in the Norwegian banking segment resulting in an overview of contemporary fraud methods and prevention techniques.

1.4 Scope of research and limitations

The scope of this research is limited to internet banking fraud in Norway. This study will include how fraud attacks are done and how these attacks are prevented.

A limitation related to this study is the complexity of the Norwegian banking industry. National laws and regulations could limit the amount of information banks are willing to share as they must follow strict compliance guidelines. The same limitation could apply for the crime-fighting authorities as some information is sensitive and cannot be shared. The number of participants could affect the result of this study as not all banks, public authorities, and parts of academia are represented. As there is a lack of research in this area in studied in Norway, it could affect the theoretical lenses, thus affecting the study's result. As the study is a qualitative case study, a limitation could be that result may not be generalized as the population studied might deviate from the broader population. The primary data collection for this thesis interviews, limitations could occur from social elements attached to the interviewer and the interviewee, such as values and biases. The interviews were translated from Norwegian to English which is an element that could distort the sayings of the interviewees, resulting in a loss of meaning or information.

1.5 Thesis Organization

The thesis will be organized into six different chapters.

Chapter 1 introduces the thesis by looking at the topic being studied, limitations, scope and the purpose of the study.

Chapter 2 consists of a literature review containing two parts, where the first part seeks to understand some of the conventional fraud techniques concerning online banking fraud. The second part centres on finding literature that describes potential preventative techniques, both social and technological.

Chapter 3 describes the methodology of the thesis discusses the different aspects of it:

• The characteristics of the selected approach (Qualitative) is explained • The definition of the methodical approach (Case study) and arguments for why this is

suitable for the study • Explanation of the data collection techniques (Semi-structured interviews, Document

collection). A description, plan, and justification related to the collection techniques • Description of the Data analysis (Thematic) method/technique • Reliability and Validity • Ethical Considerations

In Chapter 4, the study examines fraud techniques and how fraud is being prevented by addressing the social and technological aspects.

Chapter 5 is the discussion where we look at the findings in the context of previous literature on the topic by looking at similarities and contradictions.

Chapter 6 concludes the study as well as addressing further research.

2. Literature Review

This thesis follows the stages of the systematic literature review process in support of information system research presented by Levy and Ellis (2006), where the “input- processing-output” approach is followed. The framework is used to ensure that a good literature-based foundation is made for our research by doing a methodological analysis and synthesis of literature of high quality.

The guidelines provided by Levy and Ellis (2006) for conducting the literature review can be synthesized into the following steps:

1. Input 2. Processing

a. Know the literature b. Comprehend the literature c. Apply d. Analyze e. Synthesize f. Evaluate

3. Output

Input:

This stage looks at the gathering and screening of the literature following the guidelines of Levy and Ellis (2006). The justification for this is that we want to ensure that we do not input literature that is irrelevant, inaccurate, or of poor quality. Inclusion and exclusion criteria will support this stage by removing bad input as all published material quality is not equal. The inclusion and exclusion criteria we will use as a tool to control quality and eliminate content that does not hold a sufficient standard such as; literature containing questionable sources, non-refereed work, corporate biases, stem from “fake” conferences with a primary goal of making money rather than academic growth.

The literature search was carried out between February and April 2020. When the material was gathered, the literature remained or was removed according to the criteria for inclusion and exclusion.

The inclusion criteria used to choose relevant literature were: 1. Literature from peer-reviewed journals 2. Literature with sufficient background in IS research 3. Literature found through multiple established databases 4. Literature that is applicable for the proposed study

These following exclusion criteria were used to select relevant literature were: 1. Literature is not peer-reviewed 2. Literature is not related to IS research 3. The literature uses questionable sources 4. Literature deemed as unethical 5. Literature from “fake” conferences 6. Literature from predatory journals (Low quality, for-profit journals)

The literature search was conducted with Oria, which is a service by UNIT (formerly known as BIBSYS) UNIT is the Norwegian Directorate for ICT and Joint Services in Higher Education & Research (Unit, 2020). The service has collected studies from 245 established scholar databases known for high-quality academic research work (Oria, 2020).

As keywords in the IS field are continuously changing due to rapid progress in the research area and therefore have a limited life span, we use multiple keywords to find literature of relevance. Buzzwords and words grounded in underlying theoretical constructs and theories will be used when searching for literature as we want to investigate prior work as well as the latest research on the topic (Levy and Ellis, 2006).

The keywords that were chosen to find relevant literature were

1. bank + fraud + internet 2. banking + fraud 3. banking + scam 4. ebanking + fraud 5. fraud + internet 6. identity + fraud + techniques 7. internet + banking + fraud 8. online+ banking+ fraud+ prevention 9. phishing + bank 10. phishing + banking

Processing:

According to Levy and Ellis (2006), the processing stage starts by extracting knowledge from the gathered literature. Merely pointing to the literature found relevant for the study will not be sufficient when conducting IS research. The meaning and significance of the literature added will be addressed in a way that comprehension is demonstrated. Application of the literature we have gathered will be made by determining concepts relevant to the study and classifying the literature into appropriate categories. Why the information collected is of importance will be determined during the analyse phase as we will be looking further into how the literature is connected, divided, and compares to one another. The literature will be reassembled so that facts and knowledge from different literature are combined to create a synthesized discussion. Ending the processing stage, we will clearly distinguish between theories, views, and facts in order to evaluate the collected literature.

Output:

In compliance with Levy and Ellis (2006), the output will come as a result of the steps that have previously been completed by following the guidelines for conducting the literature review. It will eventually result in a clear and logical presentation of the literature showing high-quality argumentation combined with related issues. Concludingly the literature review will discuss and conclude on the issues addressed as well as defining a clear research contribution.

To be able to provide a full understanding of fraud on the internet, we have reviewed several literary works thoroughly. The review examines the techniques used by criminals to defraud victims, and after that, look at how various methods could prevent these attacks. The

techniques are regarded as methods for deceiving, stealing, or tricking the victims into giving away information of value such as passwords, social security numbers, and personal details or illegally obtain money from the victims. Tools for preventing attacks could be considered as practices that detect attacks, stop attacks, and informs potential victims.

As previously mentioned, the systematic literature review process in support of information system research presented by Levy and Ellis (2006) was used. The search process started as a manual search for articles between 2015-2020 in Oria from journals writing about topics within IS research using the chosen keywords. The researchers reviewed each piece of literature, and potentially relevant papers were kept. As there was limited with Norwegian papers about the topic, only international literature was kept as they were potentially relevant, and the Norwegian papers found were not.

A quality assessment was made using the inclusion and exclusion criteria. As Oria allows filters, we chose only to retrieve literature from peer-reviewed journals. Since Oria contains literature only from established databases, we presumably removed the risk of questionable, unethical, and other types of poor sources. A second read-through of the papers was done to ensure that the literature had sufficient background in IS research, was applicable for the study, and if the sources appeared credible.

After the quality assessment was made, the literature kept was classified into appropriate categories creating the different subsections in the literature review displaying how the literature connects, divides, and compares to one another, resulting in the clear and logical presentation of the literature. Facts and knowledge obtained from the literature review are tied together with our findings in Chapter 5, creating a synthesized discussion showing a clear and logical presentation of the literature together with our findings displaying high-quality arguments combined with related issues.

2.1 Result of literature review

2.1.1 Fraud techniques

Abu-Shanab and Matalqa (2015) investigated security and fraud issues related to e-banking. The most frequently appearing attacks concerning online banking systems were found to be; social engineering attempts, control gaining attacks, and credential theft. Levi et al. (2016) analysed national statistics gathered about 106,681 cyberfraud incidents in England and Wales. When first looking at the data, they found that the number of incidents was networked technologies only stood for a marginal proportion of the total number of frauds reported. Further looking into the data, they found that the conclusion was only valid if the first contact by the attacker was looked at. In their study, Butler and Butler (2018) noted that attackers are increasingly using messaging platforms, social networks, and apps to get to potential victims.

2.1.1.1 Malware

Malware refers to a type of unwanted software that allows the attacker to take control of the victim's computer. The software appears in forms such as Trojans, worms, key loggers, or screen grabbers (Chaudhry, Chaudhry and Rittenhouse, 2016; Dzomira, 2015). When deploying a type malware attack called session hijacking, fraudsters will typically try to make victims click on a link, which then downloads the malware onto the target's computer.

The assailant will afterward wait for the victim to log on to their online bank and then proceed to steal their session (Dzomira, 2015). Chaudhry, Chaudhry, and Rittenhouse (2016) discovered multiple types of malware attacks in their study, namely, System Reconfiguration Attacks, DNS-based Phishing, and Web Trojans. Modifying a victim's computer settings with malevolent intentions is known as a System Reconfiguration Attacks. Attackers reconfigure software or files in order to redirect the user to websites or other traps. "Pharming" is when an attacker modifies host files to overturn the Domain Name System (DNS). The URL request will return a false address and direct the victim to a fake website. Web Trojans is a form of malware that will capture the victim's credentials and forward them to the attacker. These cloned websites are known more formerly as phishing attacks.

Ebem, Onyeagba, and Ugwuonah (2017) noted in their study that victims often support their attackers by being incautious or by not having the ability to identify scams. However, malware attacks stood in contrast to other attacks as they presumably harder to discover. Jansen and Leukfeldt (2016) observed the same phenomena as victims often were unaware that they were automatically exposed to malware when visiting a regular website with weak security that allowed attackers to implement malicious code. Combining malware with other attacks such as spam was found to be an increasing problem (Singh, 2007).

2.1.1.2 Phishing

The act of illegally obtaining personal and financial information by appearing to be trusted companies and urging the victims to give away sensitive information through various platforms is commonly known as phishing (Amro, 2018; Butler and Butler, 2018; Dzomira, 2015).

Ebem, Onyeagba, and Ugwuonah (2017) conducted a study investigating Nigerian internet banking fraud. They concluded that conventional identity theft techniques in Nigeria were based on social engineering methods such as phishing. The success of social engineering techniques was also observed by Chaudhry, Chaudhry, and Rittenhouse (2016), which investigated different procedures for exercising phishing attacks in their study. Attackers were found to possess high technical knowledge of systems, protocols, and computer communication allowing the methods for phishing to adapt and appear legitimate consistently. The same study additionally added that technical competence, often in many cases, was supported by social manipulation. Examples of such social engineering could be to pretend to call from the victim's bank and then direct them to a fake website where sensitive information could be captured. This combination of technical and social skills would likely make potential victims more trustful proceeding to reveal their information without hesitation.

However, Dzomira (2017) discovered that the technical skills of the attacker could be at a lower level, and the attacks would at the same level succeed. For instance, would messages that appeared to be from the bank telling customers to dial a phone number to solve a fictional problem, potentially be just as effective as luring the victim to a website. It might indicate that the social engineering element adapted into the technology is the factor that is making the phishing attacks effective.

Jansen and Leukfeldt (2016) studied banking customers in the Netherland looking at potential determinants resulting in victimizations. Their qualitative study included interviewing 30 online banking fraud victims. These interviews indicated that the selection of victims is

random, and the victimizations seem to be a coincidence as the evidence pointed out that the suitable targets are non-existent. Singh (2007) presented the term 'spear phishing' in his study about online frauds in banks with phishing. Initial to the study, ' puddle phishing' was the preferred method of the attackers. 'Puddle phishers' would direct their attacks against large banks and regional areas. 'Spear fishers,' on the other hand, target small companies or individuals when looking for victims.

Dzomira (2017) findings in a more recent study were that wealthier nations with more internet users per unit of the population had higher numbers related to cybercrime activity. The same study noted that phishers were found to target bank customers, online payment services, and banks, where it was easy for the attackers to understand the potential relationship victims have to their bank. Based on the findings, it appears that the attackers are targeting victims and that everybody is not exposed to the same amount of risk in the general population. For instance, could a customer from a wealthy country using a small bank with online payment services from the evidence be more likely to be exposed to fraud then a customer from a less prosperous using a big bank without online payment services.

2.1.1.3 Love scams

Rege (2009) investigated online dating scams and identity fraud with his document analysis. Love scams/Romance scams were defined as when attackers establish a relationship with a victim using digital channels to commit a wide range of frauds. The fraudsters would, from the evidence, target victims with good credit ratings incautious with their bank account details and credit card information. Their findings report that the love scams attackers are ripping photos from legitimate dating site profiles and modelling websites to create fake profiles on other dating sites. Stolen online payment information was also found to be used to seduce the victims and create trust by buying flowers or other gifts. Levi et al. (2016) found that love scams were the most" hands-on" approach for attacking victims in contrast to other fraud techniques, as it would require frequent contact with the victim. The same study mentioned a revival of criminal networks were identity data can be bought. This information could be used to create fake identities or, as previously mentioned, to buy gifts to flatter the victims.

2.1.2 Technological fraud prevention techniques

2.1.2.1 Neural Networks

Shafi’I et al. (2018) used artificial neural networks (ANN) to detect phishing pages. Their argument for developing this approach was that other techniques such as user verified black and whitelists were not sufficient against newer phishing sites or when the fraudster makes use of spear phishing.

Their approach made use of feature extraction to create datasets from websites of real websites and fraudulent websites. They then created an architecture and trained it until the adequate performance was met, and used a confusion matrix for analysing the results. In all, they found their approach accurate for detecting phishing sites. Daliri (2020) made use of ANN for the detection of fraudulent activity based on customer information, using a combination of the Harmony Search Algorithm (HSA) and ANN. Suggesting that ANN can be adapted to multiple fraud techniques. The approach was created due to new fraud techniques appearing, but the progression of newer sufficient prevention systems was found insufficient, which were presumed to be because of the absence of significant patterns. In

their system, HSA was used to optimize the ANN, which was used to detect fraud. The accuracy of the approach was deemed sufficient for the use of fraud detection. Patel et al. (2019) created a fraud detection framework with the use of Recurrent neural networks (RNN) and long-short term networks (LSTM), making use of data about customer behaviour such as user journeys, personal data like age and gender, account and transactional data. Their approach was justified because previous methods are not coping with newer methods of fraud, arguing that the self-learning by the LTSM will ensure accuracy as patterns change regarding transactions and user journeys. Their model was compared to models based on SVM, and it was found that LTSM in general performed better than SVM models.

2.1.2.2 Clustering

Carminati et al. (2015) proposed to use clustering to create a decision support system for banking fraud using transactional data with semi-supervised/unsupervised and anomaly detection. They created the system due to finding that previous systems do not give adequate information to analysts. One of the main issues mentioned regarding the study of this field was presumed to be the lack of possibility to perform studies on real-life fraud. The proposed system looks at transactions in relation to customers, then clustering customers with resembling behaviours, looking for any deviations from previous behaviours and current behaviour. The system detected fraud at a high rate and was at the time of publishing tested in a bank. Darwish (2020) suggested a model for credit card fraud prevention with the use of artificial bee colony(ABC) and k-means algorithms. The reasoning behind their model was that they found that previous systems relied on detecting fraud where the transaction has already occurred. Other issues they found could occur with fraud systems that could not adapt to new fraud techniques and issues regarding data structure. Their approach worked by looking at previous transactions and combining ABC and k-means clustering to cluster similar transactions for training. For detection, recent transactions were compared with previous behaviour with a KNN-classifier.

2.1.3 Social measures for prevention

Dzomira (2016) investigated if southern African banks made use of fraud awareness as a preventative technique against internet banking fraud. The study was argued to be performed due to concerns of fraud, causing distrust of online banking and was conducted on randomly chosen commercial banks from the southern African development community(SADC) countries. It was found that banks in the study did, to a low degree, offer awareness around this issue.

Awareness was also a suggested solution by Ebem, Onyeagba, and Ugwuonah (2017) who looked at identity theft and financial crimes in Nigeria, and if there was any correlation between the high rate of this crime. Low computer skills, as well as absence information about the topic. During their research, they suggested solutions to prevention against various phishing techniques. For the prevention of Email Based Phishing, they found multiple indicators of this. Multiple recipients, which they argued as the simplest way of detecting this method, were due to large amounts of recipients indicating automation. Second, was to perform a link preview to check if the links in an email take individuals to the address suggested in the email. Checking the landing URL after clicking the link, see if the addressee in the URL bar does contain HTTP:// or HTTPS://, look if subdomains are connected to the main domain, and check if the site does have an SSL-certificate. For the prevention of fraud made by calls or text messages, they suggested that customers of the banks learn their banks'

numbers to detect illegitimate calls. The installation of antivirus was proposed as a solution due to many of the antivirus software containing anti-phishing solutions. Awareness was suggested as a preventative measure because they found that most of the victims in Nigeria were older and usually had low proficiency in reading and writing. Their proposed ways to tackle this issue were through the use of radio/tv ads, but also reminders via email and SMS

Jansen and Leukfeldt (2016) looked at factors leading to online banking customers' victimization through phishing and malware. They suggested the use of filters in inboxes for the prevention of phishing, and they also found that most of the victims in the study were already taking well enough technical security measures, though it was found that the victims were prone to disclose vital security information to the fraudsters. Improvement of Awareness was suggested like Dzomira (2016) and Ebem, Onyeagba, and Ugwuonah (2017) to be a preventive measure, and it was argued that customers would be more mindful regarding threats if they understand the possible implications of disclosing their security information to others. It was also found that this information must be delivered in simplistic ways, as some find it complicated.

A more recent study Jansen and van Schaik (2018), followed up on the aspect of customer behaviour from Jansen and Leukfeldt (2016) study, trying to find out how to get customers to take the necessary precautions to protect themselves, looking at both technical and behavioural measures. Their study was conducted using a questionnaire to collect data about Dutch citizens, and analysis was conducted using SmartPLS 2.0. It was used to create a model for the field of online banking regarding precautionary online behaviour. The results indicated that customers who have been using online banking services for longer were more likely to be cautious. It was argued that this was because they understood the security issues, which led to an interest in exhibiting this type of behaviour. They argued that current awareness programs could be done better by having individuals that are representative of a group lead as examples showing how to do or explain the theme of online banking fraud. Also argued was that one should be as transparent as possible when communicating with customers, so that they will understand the implications of not taking precautionary measures, and that online banking fraud is something that customers can prevent by themselves. They concluded that relying only on technical solutions for the prevention of online banking fraud is not sufficient, but that one should incorporate the human aspect of it as well.

3 Methodology

3.1 Qualitative tradition

When there is a lack of understanding generally of a phenomenon, and there has occurred a need to explore it, qualitative research could be used to understand the fundamental reasons for the actions of humans in relation to that phenomenon. Qualitative research can also support the detections of issues as they are forming, therefore creating the opportunity to enhance a system as it grows (Miles and Huberman, 1994). When creating explanations of processes and events that led to a certain outcome, qualitative research is particularly useful (Kaplan and Maxwell 2005).

This thesis will follow the qualitative tradition, as described by Creswell (2014). The qualitative research tradition holds a set of core characteristics commonly agreed upon: using the researchers as a key instrument, natural setting, multiple sources of data, inductive and deductive analysis, participant's meanings, emergent design, reflexivity, and holistic account. These terms are explained in the following paragraph.

Researcher as a key instrument: Qualitative researchers acquire data by using themselves as the key instrument. Data is collected as the researcher look at behaviour, inspects documents, or communicate with the participants. Commonly they do not use instruments created by others or surveys in order to obtain data (Creswell, 2014).

Natural setting: A qualitative researcher will traditionally gather data from participants were the problems or experiences that are being studied are occurring. In contrast to experiments, the researchers do not bring the participants into a constructed situation or assign them tasks, but instead, they directly interact or observe them in their natural environment (Creswell, 2014).

Multiple sources of data: The qualitative researcher tends to rely on data triangulation when conducting studies. Observations, interviews, documents, and audio-visual data are generally used together instead of being dependent on a single source of data. The multiple types of data are then put into categories or themes by analysing and organizing the gathered data (Creswell, 2014).

Participant meanings: Qualitative researchers aim to learn the meanings of the participants regarding the issue or problem, and not the meaning the researchers or authors of other literature might hold (Creswell, 2014).

Inductive and deductive data analysis: Through an inductive process, the qualitative researchers create categories, patterns, and themes from the bottom up. The researchers will go through and analyse themes and their database until they have an adequate number of themes. Deductively thereafter, the data from the themes will be used to decide if more proof can aid each theme or if additional information gathering is required (Creswell, 2014).

Emergent design: The plan at the start of the qualitative research cannot be rigidly followed as the process of qualitative research is emergent. All stages of the research are dynamic, as entering the field of study might modify or shift the direction of the research. As mentioned previously, the researcher wants to look at the participant's meaning in their natural setting and, therefore, not force initial prejudices and thoughts into the design (Creswell, 2014).

Holistic account: A qualitative researcher will investigate multiple angels of an issue, trying to find all elements involved, creating a bigger picture. Visual models of the definable aspects of a central phenomenon or process support the creation of a holistic picture (Creswell, 2014).

Reflexivity: When collecting data, the qualitative researcher will consider how their interactions, culture, personal background, and experiences might shape their findings, themes they create, and meaning the give to the collected data. This core characteristic is less about the value and the biases in the study but more about how the past and background of the researcher can steer the direction of the study (Creswell, 2014).

3.2 Methodological Approach

3.2.1 Case Study

Yin (2018) argues that there are three conditions that one should take into account when performing the selection of research methods:

"(a) the form of research question posed, (b) the control a researcher has over actual behavioural events, and (c) the degree of focus on contemporary as opposed to entirely historical events." (Yin, 2018, p.39).

The selected qualitative method for this thesis is a case study based on Yin (2018) description of when to use different research methods. For this thesis to be compatible with a case study according to Yin (2018), the form of the research question(s) needs to be either how or why. This thesis will comply with Yin (2018), as the research questions are:

1. How are bank customers attacked through the internet? 2. How are banks trying to prevent fraudulent attacks against their customers?

The second point addressed is the control of behaviour of the events, which will require that one does not have the control, that one can argue is the case in this study since we cannot control the behaviour of the fraudsters or the banks. The last point regarding the selection of research methods is that if the study looks at contemporary events, which this study does due frauds are something that is an ongoing issue with online banking.

Yin (2018) argues three types of case studies: explanatory, descriptive, and exploratory. In this thesis, it will make use of the descriptive case study, which has been described by Yin as

"A case study whose purpose is to describe a phenomenon (the "case") in its real-world context." (Yin, 2018, p.350)

Which were found fitting due to the aim of this thesis is to describe online banking fraud techniques and prevention techniques in Norway. Furthermore, Yin (2018) has described case studies to consist of two parts. The first part is that a case study deeply examines a case in the real world, and more specifically, in situations when the context and case do not seem to have a clear distinction. The second part of the description states that a case study uses various sources of data for providing evidence, where six of these are frequently used, namely

"... documentation, archival records, interviews, direct observations, participant observation, and physical artefacts." (Yin, 2018, p.156).

Furthermore, this study will make use of a single case study design. Yin argues that single case studies justified under study five conditions:

"(a) a critical test of existing theory, (b) an extreme or unusual circumstance, or (c) a common case, or where the case serves a (d) revelatory or (e) longitudinal purpose." (Yin, 2018, p.90)

For this study, the rationale of a common case was found fitting. As the justification of a single case study, due to the common case as described by Yin as

"...to capture the circumstances and conditions of an everyday situation". (Yin, 2018, p.87

This one could argue that online banking fraud since it can be considered as an everyday situation. More specifically, in this thesis, we will make use of a holistic single case study, which has been described by Recker (2013) as when you take a global view when looking at the phenomena in question. We are not going to focus on any particular online banking fraud technique or fraud prevention in Norway but aim to look at the phenomena as a whole.

In regards to case studies in information systems research Van der Blonk (2003) argues that there is a need for researchers in the field to legitimize and position their research concerning other types of research. He presents a typology with four distinct types: Chronology, Play, Biography, and Voices. According to van der Blonk (2003), the chronology is the most used in information systems research. This type frames the narrative from a historical perspective, progressing in a linear structure form set around facts, where the author does not take an active part in the narrative but instead assumes the role of an analyst. The case has a non- linear story, that can be composed of more than one time structures and being built upon the opinions and social structures. The typology chosen for this thesis's writing form was chosen because the studies aim is in focus as well as the linear progression of the thesis.

A case study protocol was developed based on the work of Maimbo and Pervan (2005) and Yin (2018) (see Appendix B). The reasoning behind the implementation is the argued benefits of a case study protocol by Yin (2018), who argues the benefits of improved communication, data collection, quality of the results, and reliability.

3.3 Methods/Techniques for Data Collection

3.3.1 Document collection

Documents can be regarded as a source of evidence that is digital or on paper, which can give insights through information regarding what is being studied. (Yin, 2018)

Yin (2018) argues that documents as a data source have the advantages of being able to cover extensive areas of knowledge, and of a high specificity giving precise descriptions of details related to a case, as well as allowing for the collection of data without being an annoyance, and being a stable source of evidence allowing multiple assessments. Disadvantages related to

using documents were found to mostly bias issues, either produced by the creator or if the documents are selected to fit a narrative. Other disadvantages were that the documents might be retained from access, and the documents might be hard to find.

The collection of documents was performed due to finding limited literature regarding online banking fraud in Norway and being a primary step for forming interview questions. The document collection also serves to discover which methods fraudsters make use of and which potential preventative measures are being implemented in this area, to get an understanding of the current state of online banking fraud in Norway.

Document collection and analysis were performed on public documents, more specifically digital newspapers, with the permission of the rights holders. Documents were found to be the preferred initial data collection method. The reason for this is the same, as presented by Creswell and Creswell (2018). The advantage of documents as data collection type is that it is accessible without being obtrusive. The reason for this being that information related to banking can be challenging to obtain. This approach will serve as a more natural point of entry for the investigation of online banking fraud.

3.3.2 Semi-structured Interview

Edwards and Holland (2013) define semi-structured interviews as a series of topics or a list of topics that the researchers want to cover during the interview. These topics/questions could be in order or not depending on the research goals and questions. The collection of these topics/questions are also called an interview guide, and our interview guide will be a set of questions that the interview could use. Edwards and Holland (2013) state that semi-structured interviews let the researcher set the direction of the interview and, therefore, topics pursued. We see this as fitting for our thesis, as this will enable us to answer our research questions 1. How are bank customers attacked through the internet? and 2. How are banks trying to prevent fraudulent attacks against their customers? Also, semi-structured interviews will be beneficial as it allows the interview to be less intrusive encouraging two-way communication and it allows for confirmation of what is already known while at the same time enabling learning to take place (Recker, 2013).

The advantages of this method were argued by Yin (2018) as that of semi-structured interviews allows for a focused approach when looking at inquiries related to the case and provides insights into providing subjective aspects from the interview participants. Disadvantages regarding this method were found to be as with documents mostly issues related to bias, such as questions that are not sufficiently put together, and biases occurring due to the response provided the participants of the interviews, and biases introduced due to the wrong recollection of the interview if the interview is not recorded.

An interview protocol was created based on Milagros (2016) work and Creswell and Creswell’s (2018) sample interview protocol. Advantages with such a protocol are that the researcher knows what issues to explore, which direction to pursue, and how to use the limited interview time in the best way possible. Besides, the protocol allows the questioning to be more systematic and comprehensive (University of Michigan, 2020).

3.4 Methods/Techniques for Data Analysis

3.4.1 Thematic analysis

In order to analyse the interviews and the documents collected, a thematic analysis will be conducted. Benefits related to the thematic analysis is that it will allow us to observe and make sense of shared experiences and meanings by identifying commonalities in the data (Braun and Clarke, 2012).

Harper (2012) defines Thematic analysis as a way to analyse and find patterns in datasets, and illustrate which themes are of significance when describing the phenomena. The thematic analysis's final product should highlight the essential constellations of meaning apparent in the data. A theme is then a specific pattern of meaning identified in the data. Further, Harper (2012) explains that manifested content can be contained in themes, which is something observable in the data.

As this study is trying to answer the research questions (1) How are bank customer attacked through the internet and (2) How are banks trying to prevent fraudulent attacks against their customers, we find that it will be appropriate to use Thematic analysis as we then could compare the themes with the categories in the literature review.

With the focus on applying the thematic analysis correctly in this study, the steps presented by Maguire and Delahunt (2017) will be followed:

1. First, the researchers should read and re-read the transcripts in order to familiarize themselves with the data. Before proceeding, the researchers should be familiar with all the data or data corpus (all the interviews or other data). Notes should be taken to capture early impressions.

2. The next phase is to generate initial codes in order to structure the data in a systematic and meaningful way. The initial coding separates the data into smaller chunks of content. How the researcher codes will be determined by the research perspective and research questions. Codes are examined in order to fit together in a theme.

3. Themes are patterns that encapsulate significant and interesting parts of the data. The third step is concerned with searching for themes. The definition of a theme is flexible, meaning that there are no strict rules regarding what a theme is. The themes often describe patterns in the data relevant to the research question.

4. During this step, preliminary themes found are looked at to see if it is any need for change or a need for further work to be done. It is done by reviewing the themes. Maguire and Delahunt state what one should be concerned with during this step:

" • Do the themes make sense? • Does the data support the themes? • Am I trying to fit too much into a theme? • If themes overlap, are they really separate themes? • Are there themes within themes (subthemes)? • Are there other themes within the data?" (Maguire and Delahunt, 2017, p.3358)

5. This step is considered the finalization of the themes, looking at the meaning of themes and subthemes, and whether there are any interactions or relations to them. This step is about defining the themes.

6. The final step is about writing up and creating a final report by making use of the research.

3.5 Reliability and Validity

Thyer (2010) would define reliability in qualitative research to at which degree the findings found by several interpreters are adequately congruent. Reliability refers to the extent to which other researchers doing similar observations in analysis and the field can create similar interpretations and results. In other words, qualitative reliability has to do with the ability to remeasure results from other qualitative studies.

In qualitative research, validity looks at how appropriate the processes, data, and tools chosen by the researchers are for their research. Examples would be looking if the research question is appropriate for the wished-for outcome, the chosen methodology is suitable for answering the research questions, if the design matches the methodology, if the sample and methods for analysis are fitting, and if the conclusions and results are reasonable for the context and sample (Leung, 2015).

This study will try to eliminate risks or threats related to validity and reliability in qualitative research. Brink (1993) suggested that errors are a crucial factor affecting validity and reliability in qualitative studies; this thesis will try to be aware of these suggested errors and sources of errors:

The researcher:

Qualitative studies use the researcher as the key instrument for data gathering. Therefore, if biases and the researcher's competency are not considered, it might affect the quality of the data. Subjects could also be affected by the fact that a researcher is present as some participants might try to show themselves from their best sides, distort or hold back information. How the researcher looks, and dresses might affect the participants as well. Observation of subjects and discoveries could be influenced by the researcher's values, and a tendency to unconsciously selectively record and observe parts of the data over other data (Brink,1993).

If the researcher is thought of as an outsider by the participating group, the researcher might not be able to gather certain information without being aware of the fact, and an invalid understanding of the data may occur. However, there is a danger in "going too native" or presuming the participants' points of view or way of behaving. Researchers might no longer be able to objectively observe the ongoing interaction or may develop a bias against the viewpoint of the group (Brink, 1993).

The subjects participating in the project:

A primary concern related to data collection from interviews is if the interviewees are telling the truth. Bias might appear from the characteristics of the interviewee or responses. It could also appear from internal aspects of the participants, such as motivation, recall, mood, fatigue, state of health, or anxiety. Interviewees could, in many cases, decorate the truth by making

things seem better than they are, or in other cases, worse. Some participants might be "people pleasers," trying to please the researcher by responding in ways they think is expected of them. A fear of replying with negative responses might also occur as some participants do not want to feel that the research is "looking down" on them (Brink, 1993).

The situation or social context:

Participants might act differently in various social circumstances or situations. They may behave differently in groups than if they are interviewed individually, by, for instance, hesitating to answer accurately. The location could also affect the gathered data as some participants might fear being overheard in specific environments (Brink, 1993)

The methods of data collection and analysis:

An indefinite presented design for the research increases the risk of accusations of unreliable and invalid findings. Unclear presentations of methods, unsatisfactory descriptions of strategies for inquiry of data, and poor documentation do not allow other researchers to provide a proper judgment. Sampling bias could appear as a result of underrepresenting or overrepresenting in the studied phenomena. Researchers might be too reliant on readily accessible information or information from "elite" participants (individuals with high status, education, e.g.). When researching unfamiliar environments and groups of people, the researcher might not choose the right participants out of inexperience. Another significant risk for the data is that the researcher could represent data as more congruent, regular, or patterned than it is when coding for categories and themes (Brink, 1993).

To avoid the errors mentioned above and to increase the validity and reliability, the following could be attempted, according to Brink (1993):

Before undertaking qualitative studies, the researcher should be trained to conduct interviews and observations, and awareness of biases should be created at different points of the research. An Investigation of the research's underlying assumptions and values regarding the research could be completed so they can be available for the readers. It should be ensured that the participants understand the nature of the research (What is being studied, how data is collected, what is the role of the researcher, etc.) (Brink, 1993).

A trusting relationship with the participants ought to be established, and if possible, the researcher should stay in the setting for an extended period. Whenever possible, interview the same participant multiple times, trying to make observations more than once. The acquired result should be compared with other evidence. Methods and strategies for data collection ought to be presented and described thoroughly in the study. Preferably, when conducting the study, have participants approve findings and analysis (Brink, 1993).

Detailed and precise notes form the field should be written and inspected by an outside researcher if available. Being mindful that participants might be affected by social context is vital for the qualitative researcher. Participants should be chosen based on whether they have enough knowledge, the ability to recall, and the ability to respond sufficiently (Brink, 1993).

If the researcher is unsure of which participants to choose, they should look at the evidence or seek help from other experts to make a sound judgment. As discoveries are made, the

researcher should continue to select subjects according to the findings. If possible external feedback on the data analysis procedure ought to be given to the researchers (Brink, 1993).

Data obtain must be validated by the participants if possible. Triangulation should be used in the qualitative study (the use of two or more data sources). Measurements should be conducted over an extended period, with multiple participants, in multiple contexts, and individually. The researcher should try to disconfirm their finds and explain the setting (social and physical) in which the data are gathered in the study. Procedures should also be described from start to finish (Brink, 1993).

The researchers writing this thesis have tried to address the concerns regarding reliability and validity by training on interviews before conducting the study and always having two interviewers present to eliminate the potential biases from the interviewers as individuals. The interviewees have explained the nature of the study and have had an opportunity to approve findings and analysis, which could increase the validity and reliability. Interviews have been transcribed and coded individually. After that, they have been discussed as a measure to increase the level of objectivity to the findings. The participants chosen for this study can all recall and respond sufficiently to the questions asked and enough knowledge about the topic to add value to the study's findings. More than one source has been used in this study, and document analysis has been to support our findings in the interviews. Literature has been used to create external validity by either challenging our findings or by supporting them. A case study protocol was used to increase reliability by guiding the researchers when carrying out the data collection.

3.6 Ethical Considerations

This thesis will follow the definition that research ethics has to do with the researcher's responsibility for his or her selection of research approach and the result of that research (Iivari, Hirschheim and Klein, 1998).

We will use research ethics as general rules and practical guidelines to ensure that we are in line with good research practice.

We hope to achieve high ethical standards for our research by following the four principles formulated by Merton and Storer (1973), also known by its acronym CUDOS.

Communism: Informing the research community and the public about the research findings to establish knowledge as open and accessible (Merton and Storer, 1973).

Universalism: Conducted science should be assessed according to scientific criteria (Merton and Storer, 1973).

Disinterestedness: The researcher's motivation for conducting science should be to add new knowledge to the public and not commercial gain or other self-centred motivation (Merton and Storer, 1973)

Organized scepticism: Researchers should avoid announcing a conclusion until there is enough evidence to construct it. The research should always be questioned and scrutinized (Merton and Storer, 1973).

When completing our research, we will ask ourselves the ethics questions for responsible conduct of research proposed by Pimple (2002):

Is it true? - Does the data collected reflect reality, or is the data falsified or forged? If the data does not reflect reality, it should be considered not true. The question could be rephrased to some degree to "Is it good science?" (Pimple, 2002).

Is it fair? - Are we giving credit to the rightful authors when standing on the shoulders of other researchers, or are we copying other's work (plagiarism)? Do we threat human subjects or animal subject dignity and respect? Are we having the right attitudes toward funding agencies, sponsoring institutions, and governments? This question is concerned about social relations in the world of science (Pimple, 2002).

Is it wise? - Would the research we are conducting harm or improve the social and physical world in its present or future state. As we are limited by factors like time, money, the question is vital in the field of research ethics to ask this question (Pimple, 2002).

To ensure a high ethical standard, we will, to the best of our ability, obtain all necessary permission from the stakeholders related to this study, give informed consent and strive for anonymity and confidentiality in matters that require such caution.

As interviews are a significant source of data in this study, ethical considerations for the collected data will be of importance. To ensure that we respect and do not harm our participants in any way we will attempt to follow the good practices identified by the University of Glasgow (2020) for conducting interviews:

The interview plan should be written to the participant as the interviewee should have access to a written version of the interview plan. It will also be explained thoroughly to the interviewee before the interview starts to ensure a full understanding of what is about to happen (University of Glasgow, 2020).

The interviewee will have to agree with the location set for the interview and offered alternatives, both public and private, if necessary (University of Glasgow, 2020).

The interviewer's safety will be kept intact as the interviewer familiarizes himself with issues related to his safety (University of Glasgow, 2020).

Confidentiality will be necessary, and interviewees will not be named. Exceptions can be made if permission has been explicitly sought, and the interviewee's name is critical for the research (University of Glasgow, 2020).

The interviewer will ask the interviewee for permission to use recorded data (written form, audio-visual, notes, etc.). The data should only be used in congruence with the wishes of the interviewee. Agreement to be interviewed should be put in writing, or if this is not possible, an explanation is obliged. Permission to publish or preserve the data as a public resource is obliged, ideally in a written format (University of Glasgow, 2020).

4 Empirical Findings

As mentioned in the introduction, one of the research questions was, “How are bank customers attacked through the internet?” The statements from the participating experts and the document analysis indicate that BankID fraud, Card fraud, CEO fraud, Investment fraud, Love scams and Phishing are among the most frequent attacks in relation to online banking fraud in Norway. According to the experts, the approaches of the threat operators are frequently changing within all types of fraud and adapt to current events. Attacks will, in many cases from the statements of the experts, be customized to trick a preselected segment of internet users. The techniques used for fraud in the past could often rely on a single actor; however, contemporary methods will, in many cases, be built and depend upon organizational structures. The experts state that the attackers operate on many different levels, but the most successful methods for fraud seem from the evidence extracted from the interview to be created by well-educated criminals running large-scale operations.

The second research question aimed to answer, “How are banks trying to prevent fraudulent attacks against their customers?”. Technical prevention measures were described at a high level by those interviewed, as the experts did not disclose any specific details about machine learning techniques and the algorithms being used, neither was this found in the online newspapers. However, social preventative measures were disclosed in detail, where experts explained in detail how they go about creating awareness, as well as findings in online newspapers about what they advise people to do for not becoming a victim of fraud.

Figure 1. Summary of attacks and prevention methods.

4.1 Thematic analysis

During the thematic analysis we followed the steps in a thematic analysis as described by Maguire and Delahunt (2017) following the first step, we started to get familiar with the documents and the transcripts of the interviews to get a better overall understanding of

content. We then proceeded to generate initial codes by using open coding, which has been described by Recker:

“is a process aimed at uncovering and naming concepts from within data. Concepts may be grouped to higher-level categories to reduce the number of uncovered concepts on a higher level of conceptual abstraction.”. (Recker, 2013, P.92):

Reading through the documents and translated interviews, creating codes as fraud techniques, prevention techniques, or other fitting codes were found. Documents were coded through the use of Weava highlighter chrome extension and interviews by the RQDA R-package. In all, 19 initial codes were found.

Initial codes:

• Academic Argument • Advice • Artificial Intelligence • Awareness • Bank Argument • BankID • CardEnumeration • CardFraud • CNPFraud • Cryptocurrency • Email Phishing • ExpertArgument • IdentityTheft • InvestmentFraud • LoanFraud • LoveScam • Phishing • PreventionSystems • Real-Time phishing • SMS Phishing • Workfraud

Further, we progressed by creating the initial themes by the creation of an excel document (see Appendix D) organizing all the documents by fraud type. In all eight initial themes and nine initial sub-themes were found regarding fraud methods.

Initial themes Initial subthemes

• BankID • CardFraud • IdentityTheft • InvestmentFraud • LoveScam • Phishing • WireFraud

• BankID • CardNotPresent • Email Phishing • LoanFraud • InvestmentFraud • Lovescam • Real-time Phishing • SMSPhising • Vishing

And 2 initial themes and 8 initial sub themes regarding fraud prevention techniques

Initial themes Initial subthemes

• Social fraud prevention • Technological fraud prevention

• Awareness • Artificial Intelligence • Posts • Presentations • News articles • Session Monitoring • Social media • Transaction Monitoring

These were then progressed to the next step of reviewing the themes, where redundant themes were removed to create more distinct themes and subthemes. Themes were also improved by looking at definitions of terms, explaining terms in the interviews, and explaining terms in documents. The finalization of themes was done through the creation of a thematic map using Mindmup, where the relation of themes and subthemes are explained.

The techniques marked in blue represent main fraud techniques, and the grey ones represent sub techniques, where their relationships are displayed with the use of black lines. The red dotted lines explain the relationship of how one could use these techniques in conjunction with each other. For example, Investment fraud is a type of wire fraud that can make use of phishing, and more precisely, real-time phishing in conjunction with vishing.

Figure 2. Thematic map – Attacks.

This thematic map explains the different types of fraud prevention techniques that are being used by the banks.

Figure 3. Thematic map – Prevention.

4.1 Fraud techniques

4.1.1 Malware

Malware would as report by the experts, often come in forms of Trojans when looking at the Norwegian banking segment. According to the experts, Trojans have existed for about 15 years in Norway. They spread quite freely in the past as security on computers was worse. One expert explained that session stealing, and redirecting was in common in the past. An example of Trojan behaviour would be that the Trojan would show an error message prompting the user to log in again after one attempt. The next login attempt would then set up a transaction inside the online bank, capturing the session. The expert noted that the victim does not connect to the Trojan on purpose, but rather is unaware of the ongoing situation. Further, the expert pointed out that newer Trojans have become more sophisticated:

“but then the Trojans of course have become more sophisticated, they have modelled how users often behaves” – Interview 3

The modelling of user behaviour could, for instance, be that the Trojan is using a varied amount of time when clicking around in the online banking solution. The expert's statements indicate that these types of attacks are rare at present, along with other types of malware, as few would mention them in the interviews. The document analysis conducted on the topic resulted in few findings of Trojans or malware in recent times. (E24: Sjekk hvem som lures trill rundt av e-post-svindlere, 2015)

4.1.2 Phishing

Experts expressed that phishing is an attack that could be executed by most actors as it does not require the ability to put together major operations:

“Just to fill in a bit … so that … buying of a phishing kit and do that …. is something totally different from … having a big operation with 200 employees that are doing investment fraud”– Interview 1

Therefore, the experts stated that it will always be bottom level actors that are doing phishing as it is within their competence area. The most common methods for phishing, according to the experts, are through email and SMS:

“The two most common are, of these methods are email and SMS, and the reason for this is people are clicking links (Uhm...) giving away their information (Uhm...) card information and confidential information like bank accounts, card numbers, control numbers, and expiration dates” – Interview 4

The attackers in Norway are seemingly progressing to be more focused on getting their victims to make use of BankID for authentications purposes, such as authenticating transactions (Dinside: Svindlerne stakk av med 36.000 kroner – nesten umulig å se at nettsiden var falsk, 2017) An example of this is that the attackers made victims authorize themselves when they thought they were applying for jobs:

“let's just pretend that it was …. then it would say has a collaboration with the bank … with a secure applying process (umm ... ) and … to be able too procced with the application we wish that you confirm with your BankID” – Interview 1

This advancement of the standard phishing schemes that has been observed is called Real- time phishing, which is a technique where the fraudsters send out emails or call the victims, and the victims are then told to verify account information using fake BankID authentication sites, which are in real-time giving the fraudster BankID access to log into the online banking and perform transactions (E24: Advarer bankkunder mot svindelbølge, 2020; E24: Advarer mot svindelmetode Stjeler BankID på telefonen, 2019; E24: Norske nettbankkunder svindlet for millioner, 2019; Nettavisen: Med denne e-posten kan bankkontoen din tømmes, 2018).

The documents found confirms the sayings of the experts as earlier instances of phishing were seemingly more focused on trying to gather sensitive information such as social security numbers, usernames, passwords, and card information (Dagbladet: Nyhetsstudio -Sparebank 1 advarer mot svindel, 2019; E24: Advarer mot å gå på kroken: Danske Bank-kunder utsatt for svindelforsøk, 2013; E24: Ser på dette som svært alvorlig, 2015).

It was found that phone phishing and BankID attacks, according to some of the experts, would have more severe consequences compared to other methods:

“In the last half year … they have been going more over to phone ... which creates more serious consequences for the individual …. and with phishing they are using it more for a single transaction either on card or in the online bank account … while … this turned with the Olga case in September … that they emptied … fully everything that had to do with the bank accounts” – Interview 1

As for those who were more prone to be affected by phishing, it is suggested that middle-aged men were more prone to fall victim to this fraud technique (E24: Sjekk hvem som lures trill rundt av e-post-svindlere, 2015). Phishing as a technique, some experts have stopped counting as they are commonly at present integrated as a part of a more significant type of attack, making them harder to identify.

“We actually stopped counting phishing since it's so hard. ... ”– Interview 1

Experts statements indicate that phishers try to take advantage of brands when phishing:

“there is so much phishing on all types of brands … there is Netflix …. the tax authority … Ikea …. Shell … all of them” - Interview 1

It is seemingly because they want fraudulent traps to seem more legitimate.

4.1.3 Deepfake’s

Deepfake's are according to the experts used by the more experienced fraudsters creating a new threat for the banks and the legal entities. The observed starting point of these scams are according to the experts love scams were the attackers use manipulated videos in order to create a persona that the victim gets attached to:

“then they engage in what they believe is through with video. (Uhm .. ) and then (Stutters) it’s just fake, whatever they tell them, they get an answer back but … like … the video is manipulated by the scammers. … Yeah.” – Interview 2

The technologies are adopted by scammers from countries where the general public is well educated, and the crime is more organized:

“It may be that these deep fakes are coming from Israel, I'm not quite sure about this, but (Uhm...) it’s highly likely, because they are very technologically advanced. “- Interview 2

The experts did not have much information regarding the technique that could indicate that this is a new phenomenon. During the document analysis, there was no mention of deepfake’s, which conceivably supports that this is a new technique, or it might imply that most fraudsters do not use it at present.

4.1.4 Investment Fraud

Investment fraud is a new type attack that according to the experts, was not thought of until recently and some experts have observed a massive increase in these types of fraud in recent times:

“But we can say that what is … is that last year we had an increase in investment fraud from the year before …. 125 % ... more than a doubling” – Interview 1

The documents found confirms this outbreak of investment fraud mentioned by the expert as multiple sources have reported about the issue (Dagbladet: Jeg holdt på å bli gal, 2019; Dagbladet: Nordmenn rundlurt for flere millioner I bitcoin- svindel - Pengene er nok borte for godt, 2018; E24: Antall svindelforsøk mot norske bankkunder doblet, 2020; E24: Bankkunder lurt for mange hundre tusen I bitcoin-svindel, 2017; Nettavisen: Kryptovaluta Kristian 46 ble svindlet for 180.000 kroner like før bryllupet, 2018).

The experts describe them as false trading platforms were victims are not able to withdraw their deposits:

“The point is to get to you to deposit money... You see that the money grows on the platform... but... from the criminal's side the plan is that you will never get it out... and here they first use …. they trick you into a platform and then they call you and give you investment advice ... (Umm...) and such that make you lose a lot of money” – Interview 1

Statements from the experts show that a common approach is to post advertisements on social media in order to lure the victims on to the platforms.

“When you... on investments ... there is a lot of use of fake adverts on Facebook... Its extreme its everywhere …” – Interview 1

“Have you seen there are some fake news article on Facebook?” – Interview 4

In order to create a sense of legitimacy, the fraudsters will commonly use the names of famous Norwegian investors showing massive returns on profit:

“What we see right now. It’s Bitcoin scams, where people believe that, that Petter Stordalen have …. earned a lot of money on Bitcoin or Olav Thon and

(incomprehensible name) that is what I work with the most right now” – Interview 2

This attack approach has been reported by multiple sources coinciding with the experts statements (Dagbladet: Bitcoin-svindlere lurer eldre for store summer, 2018; Dagbladet: Jeg holdt på å bli gal, 2019; E24: Antall svindelforsøk mot norske bankkunder doblet, 2020).

Experts say that further, the attackers will call the victims after they have registered on the platform asking for more investment with a promise of more fictive returns or access to their online bank account to help them “invest” more but instead empty their accounts:

“Then you get sent to the next, which say let me (Uhm...) Let me get in your online bank, and I'm going to help you invest, and then they empty the money out of the account” – Interview 4

Victims are mostly older men from the expert’s statistics:

“on bitcoin scams (Investment fraud) there is a lot of older people”– Interview 2

“on investment … an overweight of men (uhm...) and we also see that there is 60+ that they go after … its 60 to 65 that is the big mass … there is some 50+ also” – Interview 1

“also if we look at investment fraud, there it’s still older and often men, that gets defrauded, because men invest by circumstances (Uhm...) maybe (Uhm...) invests more, if you can say it that way, and looking at gender, maybe greedier, and invests a bit more thinking then I will retire, then have not invested” – Interview 4

4.1.5 CEO fraud

Experts describe this fraud as an attacker posing as an authority figure within or outside a company. The fraudster will usually look through various social media, company websites, and internal networks in order to establish a picture of the organizational hierarchy:

“so they work like we do, when I do investigations, then I will go to Facebook sites, LinkedIn, and websites, and are making queries in the Brønnøysund Register Center right, and yeah google people and yeah.” – Interview 2

Experts explained that the attackers would then send a mail after reviewing the organizational hierarchy to financial mangers or employees with financial power asking them to transfer money to a given account rapidly:

“I’m the head CEO in the US, and I'm going to acquire another company in eastern Europe, and I'm in need of cash. If you would go along with this now, then I'm going to raise your salary, and give you a higher position”– Interview 2

One expert explains why these attacks are effective in the following way:

“and then it’s a lot of people that gets hooked by this (Uhm...) because you might have a bit of respect for your boss maybe, or maybe want to perform your work tasks exemplary, maybe do it fast, and maybe impress the boss with this I can do, and then the money is gone” – Interview 4

The documents collected found that this type of fraud was not mentioned by any sources.

4.1.6 Love scams

Experts have observed that there have been mostly love scams before 2018/2019. Nevertheless, those that are doing other types of scams, such as investment fraud and CEO fraud, will also do love scams from the suggestions of the experts:

“And then we see a change in modus as a consequence of that … of that … the ones that are doing high … what should we say... high scale fraud or next level …. Thus … CEO fraud and investment fraud also does love scams which is more simple” – Interview 1

The reason for this crossover of the new and the old techniques seems to be that the fraudsters use the love fraud victims as mules for other attacks and steal their identity. The love scams victims are being used for money transfer, and their personal information could, for instance, be used to create false companies in foreign that they either use as investment firms or shell companies for other types of fraud:

“Because the demand of what we call mules … people that move money between their own accounts in Norway... thus... they are victims for love fraud … and at the same time become criminals … because they … transfer money between own accounts and between himself... “– Interview 1

“We saw that when they got that passport … they used that to create false companies … in foreign countries that they again … used as investment firms or shell companies... so it has something to do with understanding … that these organizations … are really good at using the opportunities that appear” – Interview 1

Fraudsters are presently targeting women from the age of 50 and up on dating websites and social media in Norway. Often according to the experts, the fraudster seeks out retired individuals that have lost their significant other and are widowed, exploiting their loneliness and gain their trust through building relations:

“on dating (love scams) there are a lot of women over 50 years, when it comes to others it’s often mature people” – Interview 2

“for love (scams) there is an overweight of woman …. and there it is 55 and up which also is scammed there.” – Interview 1

One expert observed that a trend is that the victimization is becoming more gender-neutral:

“In 2019, it was, it was in fact mostly men that were scammed regarding love scams ... it’s men that are leading the statistics a bit, but it’s not a lot. It’s about 0.0000 maybe 1%”. – Interview 4

The findings of love scams from the document analysis indicate that Facebook is a popular arena for this type of scam, but dating apps such as Tinder have been used in some of the newer cases in Norway (Dagbladet: Trodde hun hadde funnet kjærligheten –ble svindlet for flere hundretusen, 2017; Dinside: ID-tyven er oftere en av dem som står offeret nærmest, 2018; Dinside: Nå svindles kjærlighetssyke nordmenn på Tinder og sosiale medier, 2018; VG: Svindlet av Simon Leviev– saksøkt av fire norske banker, 2020)

Regarding how these fraudsters go about when performing there were argued in a news article to be four phases that the fraudsters make use of when committing a love scam (Dagbladet: Trodde hun hadde funnet kjærligheten –ble svindlet for flere hundretusen, 2017). The first being the contact phase where the fraudster establishes contact using social media or dating sites when this contact has been established, the fraudster will then move onto other platforms. In the next phase, the fraudster tries to get to know the victim better by conversation, as well as gathering information that can be found online. In this phase, the fraudster will start using affectionate remarks and build up trust. In the third phase, the fraudster will attempt to get money out of the victim. It is done through making up a story, ending with the need for cash. The last phase consists of the fraudster trying to get as much money out of the victim as possible, manipulating the victim to avoid the advice of quitting the transfers, as well as trying to push the victim to take out loans.

4.1.7 Card fraud

In 2016 it was reported that where was an increase regarding card fraud in Norway from previous years. It was a considerable increase in regards to this type of fraud occurring online, and a reported increase in CNP - fraud where fraud is committed through either the use of phone or the internet (E24: Rekordår for kortsvindel I 2016 Over 17 milliarder tapt I Europa, 2017), this was also reported by a more recent article where it was stated that this was now the most common type of card fraud (E24: Ny robot-tjeneste skal redusere kortsvindel med 40 prosent, 2019).

One expert found that phishing for card information that could be used for CNP-fraud was common:

“The two most common are, of these methods are email and SMS, and the reason for this is people are clicking links (Uhm...) giving away their information (Uhm...) card information and confidential information like bank accounts, card numbers, control numbers, and expiration dates,” – Interview 4

“…and that’s basically what you need to shop online, and use credit or debit card” – Interview 4

A more contemporary news article regarding, discussed another type of card fraud where the fraudsters would try out different card numbers in a series until they found one, which could be used to perform purchases online. (E24: Rundt 1.000 DNB-kort rammet av nye svindelforsøk, 2020). This type of card fraud was not mentioned during the interviews.

4.1.8 Current events

Common for all types of frauds is that attacks often will be based on current events, according to the experts. A contemporary event is the coronavirus, were some experts saw a massive increase in investment fraud in the first days:

“So, we see that the threat operators take advantage of … definitely... The scenario we are within” – Interview 1

Approaches of the fraudsters during the coronavirus outbreak would be to get victims to invest in non-existing vaccine producing companies or in the bearish stock market:

“But instead of a regular investment fraud, one invests in a company that that maybe produced a vaccine or maybe invest because the stock market has crashed. And then again is a side effect of the corona situation” – Interview 1

However, as explained by the experts, it was not only an increase in only investment frauds but in all attacks in general:

“But what has changed is the approach for the threat operators. So, all almost … within the modes … not single frauds, but within all the modes … we have examples that there is done a sort of corona approach” – Interview 1

For instance, love fraudsters would pretend to be stuck in a country with corona restrictions, and phishers would try to take advantage of employees working from home. An example of this is that phishers could say that they are also working from home and if the victim could resend sensitive information or transfer money to another account:

“hi, since I'm currently working from home, and that’s why I didn’t catch your inquiry could you send the inquiry to another mail-addressee, could you send the money to another account and etc., and people, when you sit at home, such as with, like I'm sitting at home now, then you are more (Uhm...) if I were employed as the responsible for the finances in a company (Uhm...) then I don’t have anybody to discuss with “– Interview 2

Similar attacks in the past do not only relate to contagious diseases but other disasters/catastrophes such as tsunamis or hurricanes, as reported by the experts:

“It’s a very classical, if there are any catastrophes, like tsunamis, (Uhm...) things like that, then fraudsters will abuse that.” – Interview 2

4.1.9 Social manipulation

From the interviews, a pattern of social manipulation in fraud techniques can be observed. The expert's suggestions show that the techniques are very different when it comes to the level of technical knowledge required by the fraudsters, and the techniques are still succeeding with less technical knowledge. The expert's sayings indicate that the traps' design and how convincing they are regarding the victim's situation is more important than their hardware and software comprehension:

“Even though we can think that this is too easy for them or we would have done it better if we were going to do it …. that is not how it works … they do what is necessary to... deliver what they are supposed to … how much money can they make in the shortest amount of time” – Interview 1

One expert said the following about social manipulation:

“something that I'm especially concerned about, and social manipulation (Uhm...) is something that we have seen from when they began with the first CEO frauds. “– Interview 2

According to the experts, some of the attacks are so convincing that the victim will not even believe legal entities and some cases have gone so far that the banks would have to put limitations on for foreign transfers for the victim until he/she realizes that they are being scammed:

“It was a (Stutter) a lady that complained to The Norwegian Financial Services Complaints Board because she couldn’t send money to her boyfriend” – Interview 2

One expert said the following about the attackers:

“it’s, what they do, what they’re good at, you’ll have to remember that they are cynical, they are the best sellers, psychological knows what works, what don’t” – Interview 4

Experts say that in most phishing cases, the fraudster does not talk to individuals indicating that the messages they send out appear legitimate enough to manipulate the victim into giving away personal information. An expert also adds that:

“people don’t think about, how the bank, how your bank, your bank communicates with you” – Interview 4

4.1.10 Organized and Systematic

As mentioned previously, a finding from the interviews with the experts is that fraudsters operate with organizational structures. The fraudsters are attacking victims as a full-time job, and experts say that there is a general professionalizing of the threat actors. One expert said:

“A general professionalizing of all actor groups within all modes within the three years … I can't see any actor group that we have been monitoring … where I can say that the actors haven't” – Interview 1

The analysis of the documents found similar patterns as a source reported that the language, appearance, and the fraud forms seem more professionalized and very different from earlier types of fraud (E24: Antall svindelforsøk mot norske bankkunder doblet, 2020).

The fraudster, according to the experts, is good at exploiting opportunities, as observed in the current event section of this thesis findings. The fraudsters are also good at adapting to countermeasures done by legal entities and financial institutions.

An expert spoke about how systematic these fraudsters work in the following way:

“How systematic they are working … I think it really can be documented that they are good at selecting … and in such concrete things like the Olga scam (known cases in Norway) ... that we looked at in the autumn … there it was obvious that they are selecting concrete groups...” – Interview 1

The criminals are working in iterative loops removing non-successful attacks and improving upon already working attacks.

Figure 4. Iterative improvement loop.

One expert explains the loop like this:

“If you have made more money it was the right change … if you have made less money you go back to what you have been doing the week before … thus … it's such a loop these groups are working within.” – Interview 1

Experts suggest that today's situation and the situation one month from today can be very different when it comes to online banking fraud.

From the expert interviews and the documents collected, a figure was made to display the different types of attacks paired with how professionalized they are.

Figure 5. Professionalization of attacks by level.

4.1.11 BankID fraud

Authentication security in Norwegian online banks is seemingly technological robust as there were found no news articles mentioning breaches, and there were no mentions during the interviews. Some experts argued that the use of BankID fraud is not that common compared to other types of fraud:

“It’s not that common, the banks are doing a very good job...” - Interview 2

In this type of fraud, there are seemingly often people close to the fraudsters who make use of this. The reason for this is that it can be done opportunistically, since people are not being conscious regarding hiding their login details or changing their passwords frequently enough. The creation of BankID could also be performed when the victim is young, giving the opportunity of unwarranted use of the parents later, making it a simple way of committing fraud:

“Very often is closely related, like people which are already in your family, and then (Uhm...), then it’s not at all uncommon that spouses have the same password or something like that “– Interview 3

“... people don’t change their passwords (Uhm...) over time you have for example, examples where children have established a BankID, typically when 13-15 years old, maybe or something like that. ”– Interview 3

“So then they have that BankID, and then they don’t change the password for years, and then the parent who helped them create the BankID at that time, then gets some gambling addiction or something like that, and then (Uhm...) plain and simply defrauds their own child” - Interview 3

Also suggested from interviews is that one of the causes of BankID fraud could be that of the victims not being able to protect themselves for various reasons such as low comprehension of the Norwegian language, illiteracy, or low technological mastery:

“So, this is an attack which, like, a part of us would be able to protect ourselves against, if we were thinking about this (Uhm...) but a lot of will have big issues with protecting themselves against this, there exists a lot of people that are, what can I say, not sufficient in the Norwegian language, or that are either directly illiterate or that are closely to illiterate”- Interview 3

“…hearing pretty seldom that there are any nonsense with their BankID, because the finish are more tech, like a lot of technicians in Finland, and its maybe in general a country where the technology have both come far and people are proficient, but it’s nothing unique still, because you hear about cases in Finland where people have given away their BankID, (Uhm..) yeah, maybe so yeah maybe, maybe we could there are a bit of BankID, it’s a bit weird that in Norway that people give away credentials (Uhm...) It’s also different cases, because you have, you have family that steals your BankID password” – Interview 4

4.2 Prevention techniques

4.2.1 Technological prevention

Regarding technological fraud prevention techniques, there were various techniques implemented by the banks to prevent fraud. One bank expert mentioned the use of Gartner's five-layer model as a theoretical basis for fraud prevention, describing briefly how this model works:

"And they have a five-layer model that says you must look at the end point, you must look at the sessions... a session is everything that a customer is doing in their online banking … from when they login to they log out … it could be money transferring … it's a small part out of it ... but it's all the click that you are doing in the online bank account … also you could look at … yeah... We could call it in good Norwegian for …... "abnormalities"… something … something ... that deviates from the normal..." - Interview 1

All of those interviewed from the banks mentioned they use systems that monitor the transactions of the customers scoring transactions, where they observe factors similar to that described in the Gartner's five-layer model, looking at:

If the customer is logged in, transaction patterns of the customer's, the amount of the transactions, if transfers fit with previous patterns, and looking at IP-addresses, operative systems, typing speed, or if customer information is changed.

"… They are still the best systems that are on the market. They are a risk motor that can be integrated with many many sources (umm..) and create scorings on transactions based on information from those sources. This is really cool stuff" – Interview 1

"And …. we had also a new detection solution that in practice …. look at everything that is happening in for instance... the online banking... (uhm...) looks at if it's your IP or your computer (uhm...) if you are using the same operative system that you usually do... if you in a way... (uhm...) how fast you are typing in your BankID …. really everything. If you do a change in your phone number or email address … if you move all of your money to your own account for then trying to transfer it out... (uhm..) We have in a way two systems there." – Interview 1

From what found in the interviews, it seems banks are making use of some sort of artificial intelligence:

"But, the best thing that we have seen now is machine learning (Uhm...) artificial intelligence, that can (Uhm...) sort out different payments, that can catch, what can I say (Uhm...) weird behaviour, you see the behaviour of the transactions, for example look after suspicious activities in online banking. The system will give the bank much needed information. The artificial intelligence is helping banks to discover suspicious payment going out of the bank ... in many cases its scam." – Interview 4

However, no mentioning in the interviews or news articles regarding what type of artificial intelligence was used by the banks. Some mentioned that they are implementing supervised learning, and were talking about their current systems where the banks write alarms and that there are different models based on different types of transactions:

"Then there are different models that … in a way … we don't have what's inside the model … that I don't know … but there are different models if we look at business customers … with foreign transaction … business with domestic transactions … private customers with foreign transfers … private customers with domestic transfers … so there are models for each of them … (umm...) I don't know if there anything else I could explain about it … it’s not me that is working with that … that is why we have employed rocket scientists "- Interview 1

"...No (umm...) you can say that we are temporarily at a hard coding of those rules that look at customer behaviour... "- Interview 1

"… but … we install the systems that in a way should have a supervised model … and what its important is that we can't look at the transaction volumes when we work with AI we need to look at the alarms... If you look at the transaction volumes … there will always be a great possibility that something is not fraud … because 99.5 % of the transactions would alarm then … so what we need to do is ... at least look at the alarms we have and improve those with the use of supervised learning … when we code something as fraud … the computer will learn that … " – Interview 1

As for how online banking fraud prevention techniques have progressed, there seems to be a rapid progression technology wise on how they used to handle fraud, and how they are working with it today:

“everything that has to do with E-fraud as we call it … crime on the internet … now it is handled in a way that is maybe the most professional way in Europe and three years ago when I started working … there was a dude with an old software … that’s is like … it cannot be compared” - Interview 1

In recent years, the experts have been rebuilding their organization to better prevent fraud with the use of multidisciplinary teams, which may consist of former investigators from the police, data scientists, and engineers that develop it-systems:

"we have a really interdisciplinary team … (umm...) … with investigators …. some have experience with. ... from ... the police … others have experience from banking … some have short experience … bank people … (umm...) then we have the data scientists and we have an engineer … also … we have put …. we develop … it-systems inside the same section..." – Interview 1

“we went heavy on data analysis … so we actually have two (umm...) data scientists … one has a PhD from Cern ... Rocket scientist … the other one has a master's degree in computer science and experience from the e-service (military) … so in a way there are highly qualified people that work with data analysis “- Interview 1

For card fraud prevention, a system for the automatic detection of fraudulent transactions is being tested by Nets and KPMG, which make use of artificial intelligence. It has reported in more prolonged bouts of testing to reduce fraudulent transactions significantly. (E24: Ny robot- tjeneste skal redusere kortsvindel med 40 prosent, 2019)

4.2.2 Social measures for prevention

Awareness is also a measure that has been taken by banks and law enforcement/agencies that deal with fraud. The interviews with the experts indicate that they mostly make use of news articles where they warn about different fraud techniques and give advice on how one could protect oneself. The bank's websites and targeted efforts, such as presentations for groups they consider vulnerable, for instance, pensioner's associations, were also mentioned:

“And also ... you could use the banks news ... which is a … really … visited site … at least in this corona crisis …. (uhm...) and there is a lot of presentations … around... both for customers and internally ... ” - Interview 1

“Yes, that we do. Especially regarding dating, we have taking a lot of measures for awareness. If you google my name, you will find a lot of a warnings in media about that.” - Interview 2

“Yes, we do a lot, I work specifically with what is called awareness, that I hold presentations for example pensioners associations, that we always search for these groups, and try to make them smarter regarding that this is fraud, teach them how the fraudster work, that we have done, and we also have other banks doing the same, we have (Uhm .. ) the police that goes out with a lot of information, so we work closely against all demographical places in Norway, and groups in general if we see an special group then we market and write

about (Uhm...) articles, we use Facebook we use Instagram, we use, maybe media, to a big degree media” -Interview 4

As for what advice has been given, it’s in general is to:

Table 1

General advice - prevention Advice In-text reference Don’t click on links (Dagbladet: Nyhetsstudio - Sparebank 1

advarer mot svindel, 2019; E24: Advarer mot å gå på kroken Danske Bank-kunder utsatt for svindelforsøk, 2013; E24: Ny epostsvindel rettet mot bankkunder, 2015; E24: Ser på dette som svært alvorlig, 2015; Nettavisen: Med denne e-posten kan bankkontoen din tømmes, 2018)

Don’t open attachments (E24: Advarer mot å gå på kroken Danske Bank-kunder utsatt for svindelforsøk, 2013)

Don’t give out personal information, card information or similar

Dagbladet: Nyhetsstudio - Sparebank 1 advarer mot svindel, 2019; E24: Advarer mot å gå på kroken Danske Bank-kunder utsatt for svindelforsøk, 2013; E24: Bankkunder lurt for mange hundre tusen I bitcoin-svindel, 2017; E24: Ny epostsvindel rettet mot bankkunder, 2015; E24: Ser på dette som svært alvorlig, 2015; Nettavisen: Med denne e-posten kan bankkontoen din tømmes, 2018)

Login into your online banking via the bank's website; not external links

(E24: Ser på dette som svært alvorlig, 2015)

Check the email address of the sender (E24: Advarer bankkunder mot svindelbølge, 2020; E24: Sjekk hvem som lures trill rundt av e-post-svindlere, 2015)

Keep the operating system and software's updated

(E24: Sjekk hvem som lures trill rundt av e- post-svindlere, 2015)

Don’t give out passwords and pin codes (E24: Advarer bankkunder mot svindelbølge, 2020; Nettavisen: Her er feilene banken overså Lånte hundretusener på falsk lønnsslipp, 2019)

When contacted be sure that you are speaking to the bank, or if unsure, hang up and call customer service

(Dinside: Disse damene er ekstra svindelutsatt, 2019)

Look for suspicious transactions (Dinside: DNB advarer – Pass opp for SMS- svindel, 2019)

Look for notifications about changes in addresses

(Dinside: DNB advarer – Pass opp for SMS- svindel, 2019

Look for information about credit checks that you didn’t initiate

(Dinside: DNB advarer – Pass opp for SMS- svindel, 2019

Look for information about raised credit limits or granted credit.

(Dinside: DNB advarer – Pass opp for SMS- svindel, 2019

Regarding what you should do if you suspect fraud it has been mentioned: report the fraudster to the police block cards, change passwords for the possibly affected services, and notify the bank (Nettavisen: Advarer mot ny svindelmetode Stjeler BankID på telefonen, 2019; Dinside: DNB advarer: – Pass opp for SMS-svindel, 2019).

When it comes to love fraud it was advised to be critical of what you share on social media, hide your friends list and your cellphone number, don’t accept friend requests from unknowns (Dagbladet: Trodde hun hadde funnet kjærligheten –ble svindlet for flere hundre tusen, 2017), as well as be wary of someone contacting you on dating sites and social media, who wants you to continue the conversation on email or private chats, wanting to build trust talking in a very affectionate way, posting glamorous photos projecting status and wealth, appearing to be from the United States and is on travel, wanting to after a short time to come to visit, but there is always a delay, then it is often a need for money, and it could also be the need for help to release an asset, before traveling (Dinside: Nå svindles kjærlighetssyke nordmenn på Tinder og sosiale medier, 2018).

For investment scams, the advice where to, Google investment companies and the word scam, check if the company that takes care of the investments is legit, ask for written emails and be critical to the information you receive, never give out access to your online banking, and ask advice from Økokrim or your bank before investing. (Dagbladet: Bitcoin-svindlere lurer eldre for store summer, 2018)

5 Discussion

5.1 Fraud techniques

Abu-Shanab and Matalqa (2015) stated that most frequently appearing attacks in relation to online banking systems were social engineering attempts, control gaining attacks, and credential theft. In our findings, we stated that the statements from the participating experts indicate that BankID fraud, Card fraud, CEO fraud, Investment fraud, Love scams and Phishing, are among the most frequent attacks in relation to online banking fraud currently in Norway. The most frequent attacks in Norway could be categorized under these three types; however, how these types are performed today are from our findings very different as few of them were found during the literature review in previous literature.

A reason for this could be the increased professionalization among the actors that are carrying out fraud. Organizational like structures allow the attackers to conduct multiple types of attacks once they have found a victim. Instead of relying on one type of attack, such as phishing, the most successful attackers could, from our findings, for instance, first trick individuals into investment fraud. After that, call and with the help of social manipulation steal identity information, assets, or deploy malicious attacks such as real-time phishing. Identity information could then again be used for new types of fraud, such as loan fraud or the creation of synthetic identities. Examples of this were found during our document analysis were fraudsters would mix social manipulation, BankID-fraud, and phishing (Nettavisen: Advarer mot ny svindelmetode Stjeler BankID på telefonen, 2019; Nettavisen: Med denne e-posten kan bankkontoen din tømmes, 2018).

The organizational structures allow for a streamlined process where the victim is almost treated as a customer. The victims could, from the evidence, feel that they are getting help, but they are being scammed as victims of several types of fraud. Assumedly more fraud techniques are getting woven together as a result of the increased professionalization making the attacks more of a package than a single technique from the observations in this study. Further studies could look at how current and previous techniques are merging in order to create new attacks. It must be noted that there will always be bottom level actors doing what is within their competence level, and while the most successful fraudsters are professionalizing their processes and making them more organizational, there will from the evidence always be less devious attacks deployed.

5.1.1 Social entry

Abu-Shanab and Matalqa (2015) mentioned that one of the most frequently appearing attacks in relation to online banking systems were social engineering attacks. Levi et al. (2016) observed that the first contact with the victims was usually of a less technical level, and Butler and Butler (2018) noticed a growth in the use of messaging platforms, social networks, and apps to get to potential victims. It could indicate that fraud related to online banking systems use social manipulation and entries as a gateway to access and trick victims with technical methods and that this is one of the most critical factors for successful attacks at present. A supporting argument can be found in our findings as hardware and software comprehension would be less important than understanding what would make the victim trust the attacker and the technique/platform used to trick them. It is supported by the findings of Dzomira (2017) as it was discovered that the technical skills of the attacker could be at a lower level, and the attacks would at the same level succeed.

5.1.2 Target selection

Jansen and Leukfeldt's (2016) study of banking customers in the Netherland found indications that the selection of victims is random and that victimizations seem to be a coincidence. However, Singh (2007) presented two terms, "spear fishing" and "puddle phishing," suggesting that the attackers would predetermine who their victims would be. The fact that the "spear fishing" definition of Singh (2007) exist would from the evidence stand in contrast to Jansen and Leukfeldt (2016) conclusion that "everyone is at risk" for victimization. One could argue that Singh (2007) only investigated fraud in relation to phishing, but our finding confirms the legitimacy of the terms related to targeting. Dzomira (2017) further supports our and Singh's (2007) findings as it was observed that fraudsters targeted customers, online payment services, and banks where it is easy for the attackers to understand the potential relationship victims have to their bank. From the conducted interviews and the document analysis, several patterns of targeting occurred in our findings. Examples could be the "Olga case" famous in Norway, where attackers would attack women named Olga by searching for them online. Additional patterns from our findings would be, for instance, that fraudsters generally would target older individuals and would attack certain genders for certain types of scams standing in contrast with the findings of Jansen and Leukfeldt (2016). As the study of Jansen and Leukfeldt (2016) was conducted only in the Netherlands and our study is conducted in Norway, further studies could be conducted in order to try to generalize our findings that fraudsters are targeting victim’s various attacks.

In our study, some of the experts suggested that middle-aged to old aged customers might be at more risk of getting defrauded, which coincides with studies by Ebem, Onyeagba, and Ugwuonah (2017) which showed that a majority of those affected by identity fraud were middle-aged to an older age. Some experts argued that some of the fraud techniques targeted the gender of those age groups more than others. Women were more prone to be affected by love scams and men more of investments scam. However, another expert found that an equal number of women and men are being targeted. If this was a coincidence or if the targeting is gender-neutral is up for debate and might require further studies.

5.1.3 Malware

In line with the findings of Dzomira (2015) and Chaudhry, Chaudhry, and Rittenhouse (2016), one expert explained that session stealing, and redirecting was in common in the past as they could spread freely as security was worse. False error messages that made the user give away their session was mentioned in the findings, and an expert pointed out that that victim does not connect to the Trojan on purpose, but rather is unaware of the ongoing situation. This observation matches the finding of Jansen and Leukfeldt (2016) as they pointed out the same in their study.

5.1.4 AI

Chaudhry, Chaudhry, and Rittenhouse (2016), in their phishing study, found that attackers possessed great technical knowledge of systems, protocols, and computer communication allowing the methods for phishing to adapt and appear legitimate consistently. From findings in this study, we could see that this holds for other techniques since we found that fraudsters use new technology such as Deepfake’s to trick victims, and that malware has evolved through a series of iterations as security of the financial institutions have been improved. Financial institutions have, from the findings of this study, been the part that has used artificial

intelligence. However, from our observations, it could be likely that the attackers could use this technology increasingly not only for deepfake’s but to, for instance, select targets by training classifiers to separate an easy victim’s social media profile from a difficult victim’s social media profile as the attackers are well educated and flexible. Further studies could look at if this is a phenomenon that has already started happening or if it could be possible from a data mining perspective to separate people that would easily be victimized from people that are hard to victimize. Other studies could investigate if deepfake’s could make CEO fraud easier for the attackers as it might enable them to imitate high ranking employees either by phone calls or video calls with the help of the latest technology.

5.1.5 Love scam

Levi et al. (2016) found that love scams are the most hands-on fraud technique compared to others. It is in line with this study’s findings as Facebook is one of the most popular arenas for love scams, and having conversations on Facebook would require the attacker to instigate conversations with the victims actively. Another finding was that new cases of love scams have appeared on dating apps such as Tinder. A probable reason for this could be that attackers are trying out a new segment. Many potential victims might now be aware that fraudster operates on Facebook as the financial institutions and legal authorities from our findings are trying to make the public more conscious of how the fraudster operate. It is also conceivable that the reason for this change in platform from traditional social media and dating sites to dating apps such as Tinder is a result of the apps geolocation-based nature. Victims might feel more secure when the fraudster is nearby than if the person is in another country. This assumption could be investigated further in new studies. Levi et al. (2016) found that captured personal information from love scams could be used for further scams. The findings in this study confirms this as victims were found to be used for money transfer, and their personal information could be used to create false companies in foreign that they either use as investment firms or shell companies for other types of fraud.

5.2 Fraud prevention

5.2.1 Awareness as prevention

During this study, it seems that online banking fraud in Norway is an issue of the interactions being made by the customers with the technology, rather than an issue with technological attacks against the online banking platforms or their customers. One expert in a bank mentioned that there was seemingly a less fraud committed with a similar authentication system of BankID in Finland, this was assumed to be because they finish having a more technological population. It coincides with the findings of Jansen and Leukfeldt (2018), which showed that more experienced online banking users tended to be more careful. This was due to understanding the consequences of the use of technology. Another expert suggested that some people can protect themselves from BankID fraud. However, the expert also elaborated that it could be illiteracy issues or not knowing the Norwegian language that causes these individuals not to take these measures. Falling in line with studies from Dzimira (2016), Ebem, Onyeagba and Ugwuonah (2017) and Jansen and van Schaik (2018), where they found that low education could be a risk factor regarding online banking fraud.

In order to prevent this, awareness for the education and prevention of negligence might be an essential factor for preventing events of future fraud in Norway as suggested in the studies about online banking fraud in other countries conducted by Dzomira (2016), Ebem, Onyeagba

and Ugwuonah (2017), Jansen and Leukfeldt (2016). Though found in online newspapers and the interviews of experts, spreading awareness is something that banks are already working on, this as well as targeted actions against vulnerable groups, which were argued in the work of Jansen and Schaik (2018), Ebem, Onyeagba and Ugwuonah (2017) as a preventative measure against fraud. Suggesting that the prevention of fraud by awareness might require further development in regards to how one reaches out against these vulnerable groups. Solutions that one could be implementing are mandatory training for all online banking customers, though it could be seen as invasive. Also, it might not be effective over time due to the lack of adaptation to newer fraud techniques. Another less invasive solution that one could implement is small notices on the online bank's transaction pages. These notes could include warnings about different contemporary types of fraud and reminding the customers to stay vigilant. These notices could also be targeted against different groups if the banks observe that are more cases related to different groups.

5.2.2 Technological prevention

During the last years, there has seemingly been a significant improvement in how the banks are dealing with online banking fraud. As mentioned in the interviews, the experts are implementing newer fraud detection systems based on artificial intelligence and are building out their organizations to improve fraud handling. It is a heavy focus on data analysis by incorporating the use of data scientists, which may give the banks an advantage in catching new fraud trends. There were not any mentions of specific types of artificial intelligence used by the banks. However, it seems like they are using techniques similar to the approaches found in the literature review, of either neural networks or clustering due to the mentioning of session and transaction monitoring.

Something that seems just as important as selecting the right type of artificial intelligence seems to be how the banks write their models and alarms. As mentioned by the experts, it is necessary to avoid false alarms, which can be resource daunting, both regarding time and monetarily.

During the study, it was found few instances of entirely technological attacks against online banking customers or banks. One could assume this is because customers of online banks in Norway generally use antivirus software, which may reduce the instances of technological attacks, such as with Trojans. As found in the study by Jansen and Leukfeldt (2016) about online banking fraud in the Netherlands, the victims of online banking malware are generally not negligent about security software. Though if this is the case in Norway needs further research. As for authentication security of Norwegian online banks, it seems that BankID is robust from a technological perspective, as there was no mentioning of breaches found in online newspapers and interviews.

5.3 Ethics

An issue regarding ethics, which could be argued, is that this study can act as a facilitator for fraudsters to learn previous, not discovered methods. While it could be a risk of publishing this study, it was not seen as a significant concern when brought up during the interviews. The experts mentioned that fraudsters are already familiar with these techniques, which leads one to believe that the banks are already well equipped and familiar with dealing with these techniques. If though this were the case, fraudsters may not make use of the mentioned techniques since they might have a low rate of efficacy, due to the banks preventing them,

leading to fraudsters not wanting to make use of them. As mentioned in the interviews, the primary metric for the selection of a fraud technique is the measurement of income, and fraud schemes with low success rates may get abandoned for newer and more profitable techniques.

6 Conclusion

6.1 Conclusions

Based on qualitative analysis of interviews, documents, and previous literature on the topic, it can be concluded that bank customers in Norway are attacked with multiple types of techniques and that the attacks are constantly changing. The findings indicate that BankID fraud, Card fraud, CEO fraud, Investment fraud, Love scams and Phishing, are among the most frequent attacks in Norway at the present time. Common for the attacks is that they contain elements of social manipulation that are supported by technological approaches such as creating fake websites or spoofing email addresses. The attacks are frequently customized to target different victims, for instance, individuals with higher positions in a company or based on age segments. Patterns of professionalizing are occurring in all types of attacks and is currently a trending phenomenon. An example of this is that many attackers use structures similar to those of organizations to support the attacks.

Regarding preventing online banking fraud, the banks are making use of artificial intelligence as a measure to prevent online banking fraud, monitoring transactions, and customer behaviour to detect anomalies. They are seemingly at the forefront regarding the technological aspect of it. On the social aspects of fraud, the banks are mostly using awareness as a tool for prevention. Discussing fraud in online banking fraud in news articles, holding seminars to exposed groups, blog posts, and on social media.

6.2 Contribution

This study will be a significant contribution to the topic of online banking fraud in Norway within academia as no similar studies were found during the literature review or mentioned by the experts. Regarding the international research about the topic, it will also be a considerable contribution as it will add new knowledge to area of study about online banking fraud. Our contribution to the banking industry and law enforcement entities will be a summarized overview of the current attacks and prevention methods in Norway. For the public, this thesis will presumably contribute with awareness about how the attackers operate and hopefully lead to fewer cases of fraud.

6.3 Future Research

As mentioned in the discussion, future research should try to investigate how old and new attacks are merging and how/if attackers are selecting their targets. Artificial intelligence should be research upon in relation to online banking fraud as its presumably the next technology to be used by the fraudster to either find or attack victims. The assumption about victims feeling safer when there is a displayed / visual confirmed nearness on app or web applications could be explored.

Awareness seems to be an essential factor in preventing fraud in previous studies, as well as in this study. The question of how one should educate those not being reached by awareness measures already set in place remains an issue. Some studies have proposed solutions to this problem, though if these will translate to Norwegian online banking is unknown. In regards to technological prevention, it seems Norwegian banks make use of some supervised artificial

intelligence to monitor transaction and user behaviour, but there are no specifics around the type or algorithms.

A follow-up study could be conducted with a focus on including participants from smaller banks in order to be able to identify whether or not the financial institution's clients' bases are having an impact on the type of problems encountered. Another future study could extend the research into the Nordics by using questionnaires instead of interviews, including numerous Nordic Banks.

References

Abu-Shanab, E. and Matalqa, S. (2015). Security and Fraud Issues of E-banking. International Journal of Computer Networks and Application, [online] 2(4). Available at: https://www.academia.edu/15467821/Security_and_Fraud_Issues_of_E-banking [Accessed 25 Mar. 2020]. Pp. 179-198.

Amro, B. (2018). Phishing Techniques in Mobile Devices. Journal of Computer and Communications, 06(02), pp.27–35.

Aronsen, J. (1994). A Pragmatic View of Thematic Analysis. The qualitative report, [online] 2(1). Available at: https://nsuworks.nova.edu/cgi/viewcontent.cgi?article=2069&context=tqr [Accessed 10 Apr. 2020].

Bankid.no. (2020). Om Oss - Bankid. [online] Available at: https://www.bankid.no/privat/om- oss [Accessed 6 May 2020].

Barclaycard.co.uk. (n.d). Preventing Payment Fraud | Barclaycard Business. [online] Available at: https://www.barclaycard.co.uk/business/accepting-payments/learn-about-taking- payments/beginners-guide-preventing-fraud [Accessed 26 May 2020]

Braun, V. and Clarke, V. (2012). Thematic analysis. APA handbook of research methods in psychology, Vol 2: Research designs: Quantitative, qualitative, neuropsychological, and biological., pp.57–71.

Brink, H.I.L. (1993). Validity and reliability in qualitative research. Curationis, 16(2).

Butler, R. and Butler, M. (2018). Assessing the information quality of phishing-related content on financial institutions’ websites. Information and Computer Security, 26(5), pp.514–532.

Carminati, M., Caron, R., Maggi, F., Epifani, I. and Zanero, S.(2015). BankSealer: A decision support system for online banking fraud analysis and investigation. Computers & Security, 53, pp.175-186.

Chaudhry, J.A., Chaudhry, S.A. and Rittenhouse, R.G. (2016). Phishing Attacks and Defences. International Journal of Security and Its Applications, 10(1), pp.247–256

Creswell, J.W. and Creswell J.D. (2018). Research design : qualitative, quantitative & mixed methods approaches. Los Angeles: Sage.

Creswell, J.W. (2014). Research design: qualitative, quantitative, and mixed methods approaches. Los Angeles, Calif.: Sage.

Dagbladet.no. (2017). Flere Personer Har Mottatt Svindel-SMS. Nå Advarer Politiet: - Slett Meldingen. [online] Available at: https://www.dagbladet.no/nyheter/flere-personer-har- mottatt-svindel-sms-na-advarer-politiet---slett-meldingen/68916216 [Accessed 13 April 2020].

Dagbladet.no. (2017). Trodde Hun Hadde Funnet Kjærligheten – Ble Svindlet For Flere Hundre Tusen. [online] Available at: https://www.dagbladet.no/kultur/trodde-hun-hadde- funnet-kjaerligheten--ble-svindlet-for-flere-hundre-tusen/68892391 [Accessed 13 April 2020].

Dagbladet.no. (2018). Bitcoin-Svindlere Lurer Eldre For Store Summer. [online] Available at: https://www.dagbladet.no/kultur/bitcoin-svindlere-lurer-eldre-for-store-summer/69638823 [Accessed 13 April 2020].

Dagbladet.no. (2018). Nordmenn Rundlurt For Flere Millioner I Bitcoin-Svindel:- Pengene Er Nok Borte For Godt. [online] Available at: https://www.dagbladet.no/nyheter/nordmenn- rundlurt-for-flere-millioner-i-bitcoin-svindel--pengene-er-nok-borte-for-godt/69251557 [Accessed 13 April 2020].

Dagbladet.no. (2019). - Jeg Holdt På Å Bli Gal. [online] Available at: https://www.dagbladet.no/nyheter/jeg-holdt-pa-a-bli-gal/71446752 [Accessed 13 April 2020].

Dagbladet.no. (2019). ID-Ofre Frikjent For Falske Banklån. [online] Available at: https://www.dagbladet.no/nyheter/id-ofre-frikjent-for-falske-banklan/71373471 [Accessed 12 April 2020].

Dagbladet.no. (2019). Nyhetsstudio - Sparebank 1 Advarer Mot Svindel. [online] Available at: https://www.dagbladet.no/studio/nyhetsstudio/5?post=19845 [Accessed 12 April 2020].

Daliri, S., (2020). Using Harmony Search Algorithm in Neural Networks to Improve Fraud Detection in Banking System. Computational Intelligence and Neuroscience, 2020, pp.1-5.

Darwish, S., (2020). A bio-inspired credit card fraud detection model based on user behavior analysis suitable for business management in electronic banking. Journal of Ambient Intelligence and Humanized Computing, pp.1-15.

DinSide.no. (2017). Svindlerne Stakk Av Med 36.000 Kroner – Nesten Umulig Å Se At Nettsiden Var Falsk. [online] Available at: https://www.dinside.no/okonomi/nordmann- frastjalet-36000-kroner-etter-apple-phishing/69114879 [Accessed 13 April 2020].

DinSide.no. (2018). - ID-Tyven Er Oftere En Av Dem Som Står Offeret Nærmest. [online] Available at: https://www.dinside.no/okonomi/id-tyven-er-oftere-en-av-dem-som-star-offeret- naermest/70243420 [Accessed 13 April 2020].

DinSide.no. (2018). Ble Lurt Av Netflix-Svindel - Må Betale 12.000 Kroner Selv. [online] Available at: https://www.dinside.no/okonomi/ble-lurt-av-netflix-svindel---ma-betale-12000- kroner-selv/70282580 [Accessed 13 April 2020].

DinSide.no. (2018). Ikke Betal Disse Regningene. [online] Available at: https://www.dinside.no/okonomi/ikke-betal-disse-regningene/70311189 [Accessed 13 April 2020].

DinSide.no. (2018). Nå Svindles Kjærlighetssyke Nordmenn På Tinder Og Sosiale Medier. [online] Available at: https://www.dinside.no/okonomi/na-svindles-kjaerlighetssyke- nordmenn-pa-tinder-og-sosiale-medier/70461875 [Accessed 13 April 2020].

DinSide.no. (2018) . Svindleren Skulle «Hjelpe Med Tapte Investeringer». [online] Available at: https://www.dinside.no/okonomi/svindleren-skulle-hjelpe-med-tapte- investeringer/70329943 [Accessed 13 April 2020].

DinSide.no. (2018) . Svindlerne Lovet 15.000 Kroner – Stjal 17.000,-. [online] Available at: https://www.dinside.no/okonomi/svindlerne-lovet-15000-kroner--stjal-17000/70153934 [Accessed 13 April 2020].

DinSide.no. (2019). Disse Damene Er Ekstra Svindelutsatt. [online] Available at: https://www.dinside.no/okonomi/disse-damene-er-ekstra-svindelutsatt/71747598 [Accessed 12 April 2020].

DinSide.no. (2019). DNB Advarer: – Pass Opp For SMS-Svindel. [online] Available at: https://www.dinside.no/okonomi/dnb-advarer--pass-opp-for-sms-svindel/71365512 [Accessed 12 April 2020].

Dzomira, S. (2015). Cyber-banking fraud risk mitigation - Conceptual model. Banks and Bank Systems, [online] 10(2). Available at: https://www.researchgate.net/publication/282281102_Cyber-banking_fraud_risk_mitigation_- _Conceptual_model [Accessed 23 Mar. 2020].

Dzomira, S. (2017). Internet banking fraud alertness in the banking sector: South Africa. Banks and Bank Systems, 12(1), pp.143–151.

Dzomira, S. (2016). Financial consumer protection: internet banking fraud awareness by the banking sector. Banks and Bank Systems, 11(4), pp.127-134.

E24.no. (2013). Advarer Mot Å Gå På Kroken: Danske Bank-Kunder Utsatt For Svindelforsøk. [online] Available at: https://e24.no/privatoekonomi/i/RR4QE5/advarer-mot- aa-gaa-paa-kroken-danske-bank-kunder-utsatt-for- svindelforsoek&sa=U&ved=2ahUKEwj7hvyQ5- LoAhWSl4sKHa7_C_sQFjAGegQIABAC&usg=AOvVaw0NmZZnWu3sVqYFrWLvW7wl [Accessed 12 April 2020].

E24.no. (2015). Ser På Dette Som Svært Alvorlig. [online] Available at: https://e24.no/privatoekonomi/i/l1x7yy/ny-svindelmetode-oppdaget-det-er-foerste-gang-vi- har-sett-her-i- norge&sa=U&ved=2ahUKEwigjOGZguPoAhXpAhAIHS7QA3E4FBAWMAJ6BAgIEAI&u sg=AOvVaw3CYmcB_P-aNaWd_5WWQOuP [Accessed 12 April 2020].

E24.no. (2015). Ny Epostsvindel Rettet Mot Bankkunder. [online] Available at: https://e24.no/teknologi/i/e8G8jR/ny-epostsvindel-rettet-mot- bankkunder&sa=U&ved=2ahUKEwiNgPLHmePoAhXhmIsKHSS_A0Q4KBAWMAh6BAg CEAI&usg=AOvVaw1f3tYN0C05bOda_lRl_y2J [Accessed 12 April 2020].

E24.no. (2015). Sjekk Hvem Som Lures Trill Rundt Av E-Post-Svindlere. [online] Available at: https://e24.no/teknologi/i/b585x3/sjekk-hvem-som-lures-trill-rundt-av-e-post- svindlere&sa=U&ved=2ahUKEwjClcHWpePoAhVUrosKHfjYADo4MhAWMAl6BAgBEAI &usg=AOvVaw2j8Zi62Gsoa-i_uHae4Qlb [Accessed 12 April 2020].

E24.no. (2017). Bankkunder Lurt For Mange Hundre Tusen I Bitcoin-Svindel. [online] Available at: https://e24.no/naeringsliv/i/EoPda5/bankkunder-lurt-for-mange-hundre-tusen-i- bitcoin-svindel&sa=U&ved=2ahUKEwiE5_S8j- PoAhWFp4sKHQkpC6U4FBAWMAl6BAgEEAI&usg=AOvVaw0f_72A4EnnMqK47X3pD gmK [Accessed 12 April 2020].

E24.no. (2017). Rekordår For Kortsvindel I 2016: Over 17 Milliarder Tapt I Europa. [online] Available at: https://e24.no/naeringsliv/i/0E6ep0/rekordaar-for-kortsvindel-i-2016-over-17- milliarder-tapt-i-europa [Accessed 12 April 2020].

E24.no. (2019). Norske Nettbankkunder Svindlet For Millioner. [online] Available at: https://e24.no/teknologi/i/GG80mJ/norske-nettbankkunder-svindlet-for- millioner&sa=U&ved=2ahUKEwiljJrj4- LoAhWmpYsKHWNQC_AQFjACegQICBAC&usg=AOvVaw3C7cj3k06PVmsoD4ARLys A [Accessed 12 April 2020].

E24.no. (2019). Ny Robot-Tjeneste Skal Redusere Kortsvindel Med 40 Prosent. [online] Available at: https://e24.no/teknologi/i/QoKKjJ/ny-robot-tjeneste-skal-redusere-kortsvindel- med-40-prosent [Accessed 12 April 2020].

E24.no. (2020). «Helt Ny Form For Svindelforsøk» Rammet Jobbsøkere På Finn.No. [online] Available at: https://e24.no/teknologi/i/WbBJ7r/helt-ny-form-for-svindelforsoek-rammet- jobbsoekere-paa- finnno&sa=U&ved=2ahUKEwiTpMXK9OLoAhWhwMQBHeVWBJc4ChAWMAZ6BAgD EAI&usg=AOvVaw0VocvaG-4DCb6GCHuTH51C [Accessed 12 April 2020].

E24.no. (2020). Advarer Bankkunder Mot Svindelbølge. [online] Available at: https://e24.no/privatoekonomi/i/Wb27X2/advarer-bankkunder-mot-svindelboelge [Accessed 12 April 2020].

E24.no. (2020). Antall Svindelforsøk Mot Norske Bankkunder Doblet. [online] Available at: https://e24.no/privatoekonomi/i/Wb1XBK/antall-svindelforsoek-mot-norske-bankkunder- doblet&sa=U&ved=2ahUKEwi874W_6uLoAhV8AxAIHaLHCAUQFjAHegQIBRAC&usg= AOvVaw2hvSdpaIyAE54TDXRr9NRt [Accessed 12 April 2020].

E24.no. (2020). Bankid-Svindel Til Høyesterett. [online] Available at: https://e24.no/privatoekonomi/i/70wLrK/bankid-svindel-til- hoeyesterett&sa=U&ved=2ahUKEwjstIvv7eLoAhWFlIsKHeRjCVI4ChAWMAB6BAgBEAI &usg=AOvVaw0YPFnf57gAxyYO6cHdM6QY [Accessed 12 April 2020].

E24.no. (2020). ID-Svindel: Sikkerhetsekspert Kritiserer Bankene. [online] Available at: https://e24.no/privatoekonomi/i/awBPQA/id-svindel-sikkerhetsekspert-kritiserer-bankene [Accessed 1 April 2020].

E24.no.(2020). Kommentar: Bankene Gjør Mye For Å Forhindre Svindel. [online] Available at: https://e24.no/privatoekonomi/i/opzq6g/kommentar-bankene-gjoer-mye-for-aa-forhindre- svindel&sa=U&ved=2ahUKEwizsI3i-- LoAhUXHHcKHYGLAmw4ChAWMAh6BAgJEAI&usg=AOvVaw0vLXRL5JyRh7lJUd1m 2X3Q [Accessed 12 April 2020].

E24.no. (2020). Professor Mener ID-Svindel Kan Være Lønnsomt For Bankene. [online] Available at: https://e24.no/naeringsliv/i/LABV74/professor-mener-id-svindel-kan-vaere- loennsomt-for- bankene&sa=U&ved=2ahUKEwiTpMXK9OLoAhWhwMQBHeVWBJc4ChAWMAd6BAgE EAI&usg=AOvVaw2WBY9D9czBfZVA_AWHJQDT [Accessed 12 April 2020].

E24.no. (2020). Rundt 1.000 DNB-Kort Rammet Av Nye Svindelforsøk. [online] Available at: https://e24.no/privatoekonomi/i/dOBQ0J/rundt-1000-dnb-kort-rammet-av-nye- svindelforsoek&sa=U&ved=2ahUKEwj5j67Wl- PoAhWOw4sKHYYXAXg4KBAWMAV6BAgCEAI&usg=AOvVaw1EgrmDFZu5I9llQfpw VA3w [Accessed 20 May 2020].

E24.no. (2020). Shadi Ble Svindlet For Millionbeløp Og Saksøkt Av Bank Norwegian – Nå Er Hun Frikjent. [online] Available at: https://e24.no/privatoekonomi/i/WbBRGa/shadi-ble- svindlet-for-millionbeloep-og-saksoekt-av-bank-norwegian-naa-er-hun-frikjent [Accessed 11 April 2020].

Ebem, D.U., Onyeagba, J.C. and Ugwuonah, G.E. (2017). Internet Banking: Identity Theft and Solutions - The Nigerian Perspective. The Journal of Internet Banking and Commerce, [online] 22(2), pp.1–16. Available at: http://www.icommercecentral.com/open- access/internet-banking-identity-theft-and-solutions--the-nigerian-perspective.php?aid=86186 [Accessed 26 Mar. 2020].

Edwards, R. and Holland, J. (2013). What is Qualitative Interviewing? London Bloomsbury Publishing Plc Bloomsbury Academic.

Encyclopedia Britannica. (2020). Credit Card Fraud | Crime. [online] Available at: https://www.britannica.com/topic/credit-card-fraud [Accessed 11 May 2020].

Federal Bureau of Investigation. (n.d).Financial Institution/Mortgage Fraud | Federal Bureau Of Investigation. [online] Available at: https://www.fbi.gov/investigate/white-collar- crime/mortgage-fraud [Accessed 27 May 2020].

Harper, D. (2012). Qualitative research methods in mental health and psychotherapy: a guide for students and practitioners. Chichester: Wiley-Blackwell. Pp. 209- 221

Hoffmann, A.O.I. and Birnbrich, C. (2012). The impact of fraud prevention on bank-customer relationships. International Journal of Bank Marketing, 30(5), pp.390–407.

Iivari, J., Hirschheim, R. and Klein, H.K. (1998). A Paradigmatic Analysis Contrasting Information Systems Development Approaches and Methodologies. Information Systems Research, 9(2), pp.164–193.

Jansen, J. and Leukfeldt, R. (2016) . Phishing and Malware Attacks on Online Banking Customers in the Netherlands: A Qualitative Analysis of Factors Leading to Victimization. International Journal of Cyber Criminology, 10(1), pp.79-91.

Jansen, J. and van Schaik, P. (2018). Testing a model of precautionary online behaviour: The case of online banking. Computers in Human Behavior, 87, pp.371-383.

Kaplan, B. and Maxwell, J.A. (2005). Qualitative Research Methods for Evaluating Computer Information Systems. Health Informatics, [online] pp.30–55. Available at: https://link.springer.com/chapter/10.1007/0-387-30329-4_2 [Accessed 23 Dec. 2019].

KPMG (2019). Global Banking Fraud Survey - The multi-faceted threat of fraud: Are banks up to the challenge? [online] . Available at: https://assets.kpmg/content/dam/kpmg/xx/pdf/2019/05/global-banking-fraud-survey.pdf [Accessed 11 Mar. 2020].

Legal Information Institute, n.d. 18 U.S. Code § 1343 - Fraud By Wire, Radio, Or Television. [online] LII / Legal Information Institute. Available at: <https://www.law.cornell.edu/uscode/text/18/1343> [Accessed 9 May 2020].

Leung, L. (2015). Validity, reliability, and generalizability in qualitative research. Journal of Family Medicine and Primary Care, 4(3), p.324

Levi, M., Doig, A., Gundur, R., Wall, D. and Williams, M. (2016). Cyberfraud and the implications for effective risk-based responses: themes from UK research. Crime, Law and Social Change, 67(1), pp.77–96.

Levy, Y. and Ellis, T. J. (2006). A Systems Approach to Conduct an Effective Literature Review in Support of Information Systems Research. Informing Science: The International Journal of an Emerging Transdiscipline, 9, pp.181–212.

Lovdata.no. (2020) . Lov Om Straff (Straffeloven) - Kapittel 21. Vern Av Informasjon Og Informasjonsutveksling - Lovdata. [online] Available at: https://lovdata.no/dokument/NL/lov/2005-05-20-28/KAPITTEL_2-6#%C2%A7202 [Accessed 9 May 2020].

Maguire, M. and Delahunt, B. (2017). Doing a Thematic Analysis: A Practical, Step-by-Step Guide for Learning and Teaching Scholars. [online] (3), p.3351. Available at: https://pdfs.semanticscholar.org/3170/1b4100ebabae16deba055c28a6bad28e6467.pdf.

Maimbo, H. and Pervan, G. (2005) . Designing a Case Study Protocol for Application in IS Research. PACIS 2005 Proceedings, [online] pp.1281-1292. Available at: https://pdfs.semanticscholar.org/be4c/024af6137a33b4eb18766d6fd781732efc52.pdf [Accessed 9 April 2020].

Merton, R.K. and Storer, N. W. (1973). The sociology of science: theoretical and empirical investigations. Chicago: University of Chicago Press.

Milagros, C. (2016). Preparing for Interview Research: The Interview Protocol Refinement Framework. The Qualitative Report, [online] 21(5), pp.811-830. Available at: https://search.proquest.com/docview/1806967398?accountid=17260 [Accessed 8 April 2020].

Miles, M.B. and Huberman, A.M. (1994). Qualitative data analysis an expanded sourcebook. Thousand Oaks: Sage.

Modic, D. and Anderson, R. (2015). It’s All Over but the Crying: The Emotional and Financial Impact of Internet Fraud. IEEE Security & Privacy, [online] 13(5), pp.99–103. Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7310826 [Accessed 27 Jan. 2020].

Nettavisen.(2018). Kryptovaluta: Kristian (46) Ble Svindlet For 180.000 Kroner Like Før Bryllupet. [online] Available at: https://www.nettavisen.no/na24/kryptovaluta-kristian- %2846%29-ble-svindlet-for-180000-kroner-like-for-bryllupet/3423542101.html [Accessed 13 April 2020].

Nettavisen. (2018). Med Denne E-Posten Kan Bankkontoen Din Tømmes. [online] Available at: https://www.nettavisen.no/nyheter/med-denne-e-posten-kan-bankkontoen-din- tommes/3423415213.html [Accessed 13 April 2020].

Nettavisen. (2018). Tove Ble Lurt For 380.000 Kroner I Dating-Svindel. [online] Available at: https://www.nettavisen.no/nyheter/innenriks/tove-ble-lurt-for-380000-kroner-i-dating- svindel/3423485864.html [Accessed 13 April 2020].

Nettavisen. (2018) . Trond Raser Mot Banken Etter At Sønnens Samboer Tok Opp Lån Med Hans Bankid. [online] Available at: https://www.nettavisen.no/na24/trond-raser-mot-banken- etter-at-sonnens-samboer-tok-opp-lan-med-hans-bankid/3423561360.html [Accessed 13 April 2020].

Nettavisen. (2019) . Advarer Mot Ny Svindelmetode: Stjeler Bankid På Telefonen. [online] Available at: https://www.nettavisen.no/okonomi/advarer-mot-ny-svindelmetode-stjeler- bankid-pa-telefonen/3423858940.html [Accessed 13 April 2020].

Nettavisen. (2019) . Her Er Feilene Banken Overså: Lånte Hundretusener På Falsk Lønnsslipp. [online] Available at: http://nettavisen.no/okonomi/her-er-feilene-banken-oversa- lante-hundretusener-pa-falsk-lonnsslipp/3423638881.html [Accessed 13 April 2020].

Nettavisen. (2019) . Politiet: Dette Er De Vanligste Bankid-Svindlene. [online] Available at: https://www.nettavisen.no/okonomi/politiet-dette-er-de-vanligste-bankid- svindlene/3423676674.html [Accessed 13 April 2020].

Nettavisen. (2020) . Telenor Melder Om Rekordhøy Svindeltrafikk: - Vi Er Alle I En Sårbar Situasjon. [online] Available at: https://www.nettavisen.no/okonomi/telenor-melder-om- rekordhoy-svindeltrafikk---vi-er-alle-i-en-sarbar-situasjon/3423943908.html [Accessed 13 April 2020].

Oria. (2020). [online] Available at: https://bibsysalmaprimo.hosted.exlibrisgroup.com/primoexplore/dbsearch?vid=UBTO&lang= no_NO [Accessed 27 May. 2020].

Patel, Y., Ouazzane, K., Vassilev, V. and Li, J. (2019). Remote banking fraud detection framework using sequence learners. Journal of Internet Banking and Commerce, 24(1), pp.1-31.

Pimple, K.D. (2002). Six domains of research ethics. Science and Engineering Ethics, 8(2), pp.191–205.

Recker, J. (2013). Scientific research in information systems: a beginner’s guide. Heidelberg Berlin New York Dordrecht London Springer. Pp. 105

Rege, A. (2009). What’s Love Got to Do with It? Exploring Online Dating Scams and Identity Fraud. International Journal of Cyber Criminology, [online] 3(2). Available at: https://www.researchgate.net/profile/Aunshul_Rege/publication/228373590_What’s_Love_G ot_to_Do_with_It_Exploring_Online_Dating_Scams_and_Identity_Fraud/links/556758a408a efcb861d387ba/Whats-Love-Got-to-Do-with-It-Exploring-Online-Dating-Scams-and- Identity-Fraud.pdf [Accessed 28 Mar. 2020].

Ritzer, G. (2007). The Blackwell encyclopedia of sociology. Malden, Ma: Blackwell Pub. pp 2384

Shafi’i, M.a., Mubaraq, O.U. , Oluwaseun, A.O., Victor, N.A. And John K., A. (2018). A Soft computing approach to detect e-banking phishing Websites Using Artificial Neural Network. i-manager’s Journal on Computer Science, 6(3), pp. 7 - 15

Sikdar, P., Kumar, A. & Makkad, M. (2015), Online banking adoption: A factor validation and satisfaction causation study in the context of Indian banking customers. The International Journal of Bank Marketing, vol. 33, no. 6, pp. 760-785.

Singh, N.P. (2007). Online Frauds in Banks with Phishing. The Journal of Internet Banking and Commerce, [online] 12(2), pp.1–27. Available at: http://www.icommercecentral.com/open-access/online-frauds-in-banks-with- phishing.php?aid=38493 [Accessed 24 Mar. 2020].

Solli, M. (2020). Eksplosjon Av Ny Type Bedrageri: Kraftig Advarsel Fra Politiet Og DNB. [online] Nettavisen. Available at: https://www.nettavisen.no/okonomi/eksplosjon-av-ny-type- bedrageri-kraftig-advarsel-fra-politiet-og- dnb/3423945752.html?fbclid=IwAR2MssTXbsH4m8QyP0rvlSHypw_TZWeLWDITdzR1dT DoEY2Wi3lq6hA8sto [Accessed 1 April 2020].

Thyer, B. (2010). The Handbook of Social Work Research Methods. Thousand Oaks, Calif.: Sage Publications, Inc.

UK FINANCE. (2019). FRAUD THE FACTS 2019. [online] Available at: https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202019%20- %20FINAL%20ONLINE.pdf [Accessed 27 Jan. 2020].

University of Glasgow (2020). Ethical Issues in Interviews. [online] gla.ac.uk. Available at: https://www.gla.ac.uk/media/Media_237671_smxx.pdf [Accessed 5 Apr. 2020].

University of Michigan (2020). Interview Protocol - University of Michigan CSED. [online]. Available at: https://csed.engin.umich.edu/assets/InterviewProtocol-CoreContent-3.pdf [Accessed 21 May 2020].

Unit.no. (2020). Unit | Direktoratet for IKT og fellestjenester i høyere utdanning og forskning. [online] Available at: https://www.unit.no/ [Accessed 27 May. 2020].

Van der Blonk, H. (2003). Writing Case Studies in Information Systems Research. Journal of Information Technology, 18(1), pp.45-52.

Vg.no. (2015). Over 30 Eldre Ofre For Bedrageriliga: Bankkunder Svindlet Av Falsk Postmann. [online] Available at: https://www.vg.no/nyheter/innenriks/i/k7vBA/over-30- eldre-ofre-for-bedrageriliga-bankkunder-svindlet-av-falsk- postmann&sa=U&ved=2ahUKEwj5yt6Np- PoAhVlk4sKHWNlDgc4PBAWMAh6BAgAEAI&usg=AOvVaw2eECu573SpUD856W8n1e A3 [Accessed 12 April 2020].

Vg.no. (2018). Svindlet Banker For Over 30 Millioner På Ett År. [online] Available at: https://www.vg.no/nyheter/innenriks/i/4dgJGg/svindlet-banker-for-over-30-millioner-paa-ett aar&sa=U&ved=2ahUKEwjstIvv7eLoAhWFlIsKHeRjCVI4ChAWMAR6BAgAEAI&usg=A OvVaw3C-N3jXR-MF55D50Og_RKl [Accessed 12 April 2020].

Vg.no. (2018). To Siktet: Tok Opp Lån Og Kjøpte Bil I Runes Navn. [online] Available at: https://www.vg.no/nyheter/innenriks/i/P3JRRX/to-siktet-tok-opp-laan-og-kjoepte-bil-i-runes- navn&sa=U&ved=2ahUKEwi_0YGtlOPoAhXwAxAIHStaB0o4KBAWMAN6BAgGEAI&u sg=AOvVaw2nEclIfU-FqiwchMBRx-D5 [Accessed 12 April 2020].

Vg.no. (2019). Mathias (26) Ble Utsatt For ID-Tyveri: Tok Opp 1,2 Mill. I Forbrukslån På Én Uke. [online] Available at: https://www.vg.no/nyheter/innenriks/i/216Jba/mathias-26-ble- utsatt-for-id-tyveri-tok-opp-12-mill-i-forbrukslaan-paa-en- uke&sa=U&ved=2ahUKEwjvgoWWkePoAhVw-SoKHb8- CFk4KBAWMAF6BAgJEAI&usg=AOvVaw0HLEkpbk8PBEcPTJQznwm9 [Accessed 12 April 2020].

Vg.no. (2020). DNB: Slik Manipulerer Svindlerne Norske Ofre. [online] Available at: https://www.vg.no/nyheter/innenriks/i/xPE2E8/dnb-slik-manipulerer-svindlerne-norske-ofre [Accessed 1 April 2020].

Vg.no. (2020). Svindlet Av Simon Leviev – Saksøkt Av Fire Norske Banker. [online] Available at: https://www.vg.no/nyheter/innenriks/i/wPLoQ5/svindlet-av-simon-leviev-saksoekt-av- fire-norske-banker&sa=U&ved=2ahUKEwiw4MCmi- PoAhXXrIsKHdMNDYQ4FBAWMAN6BAgHEAI&usg=AOvVaw2KlaRkMk3MrxMwmV o0SeWg [Accessed 12 April 2020].

Yin, R., (2018). Case Study Research And Applications: Design And Methods. 6th ed. Los Angeles: Sage Publications, Inc.

Appendix

Appendix A: Suggested interview protocol/guide Based on the work of Creswell and Creswell (2018) and Milagros (2016)

General information

Interviewer(s): Interview participant(s): Financial institution: Location: Date Filename(s) of audio recording(s)

Introduction

Purpose Thank you for participating in this study. As mentioned at initial contact, this study aims to get an better understanding of what types of methods fraudsters use in relation to online banking fraud, as well as what preventative measures financial institutions uses to prevent these attacks. Looking to answer the following questions: “

1. How are bank customers attacked through the internet? 2. How are banks trying to prevent fraudulent attacks against their customers? “

Recording consent: During this interview all audio communications will be recorded via audio recording devices, as well as the use of audio recording software. Will this be of any concern to you? If yes: Thank you, please let me know if there is anything you don’t want to keep on record, or if at any point that you want to end the recording of audio. If no: Thank you for your information. This interview, will no proceed to be recorded using text editing software on a computer.

Anonymization: All the transcripts of the interviews in this study will be anonymized by default, if there are not any objections to this. Are you okay with this interview being anonymized? If yes: Thank you, let me know if you change your mind about any details, or if there are any details that could result in breach of confidentiality. If no: Thank you for your information. Please provide what information you would like to deanonymize: -Name -Your affiliated financial institution/Organization Consent: I give the consent for Preben Weenås Aspvik and Daniel Weenås Aspvik to use the data collected in this interview for their information systems master thesis .

Final questions about the study:

Before we proceed with the interview do you have any additional questions regarding this interview? If yes: Thank you, let me know if you there is anything during the interview that needs clarification or that requires a more detailed explanation. If no: Address the participant(s) question(s)

Opening questions In this study, this section aims to get knowledge about the interview participant(s) experience and role in relation to the topic of the study.

Please tell me a little bit about what is your connection to the topic of this study. Example: Is it an occupational or academic reason for your involvement in online banking fraud?

Suggested content questions Now we will proceed to the main questions related to the topic of online banking fraud in Norway.

1. What are the main techniques fraudsters make use of today in regard to online banking fraud? 2. During your work, have you recently seen any new trends or techniques regarding online banking fraud? 3. Are there any specific demographics (Age, Sex, etc.) that are exposed to these techniques? 4. Are there any measures that you specifically take against specific demographics? 5. How are you (or your organization) dealing with this issue. This could be techniques, research or etc... 6. During this study we have found literature suggesting that awareness could be an effective measure against online banking fraud. Do you or (your organization) today practice online banking fraud awareness, and if in this case how? 7. Do you think that there is anything unique in regards to online banking fraud in Norway? 8. Are there less traditional id-theft (Information gained from the illegal obtainment and use of private documents), and more of BankID related id-theft? 9. Has credit card theft been on reduction or rise over the last couple of years? 10. Are there any new platforms for phishing? 11. What is currently the main objective of phishing? Has it changed? 12. Is it the social or technological aspects of fraud the hardest to address? 13. Is it the social or technological aspects of fraud the purposeful, regarding limiting fraud?

Appendix B: Case study protocol Based on the work of Maimbo and Pervan (2005) and Yin (2018)

Table 2

Case study protocol Section A Content Overview/General information

The purpose of the study is to answer the following research questions

1. “How are bank customers attacked through the internet? 2. How are banks trying to prevent fraudulent attacks against their customers? “

The issue of online banking fraud in Norway was selected due to limited academic literature, despite the issue being prevalent.

This protocol will serve as a guide and guideline on how this study should unfold, and how data should be collected and analysed.

The intended audience for this case study are academicians wishing to further investigate the issue, banks, and organization dealing with economic crime.

Section B Requirement/Procedures Contact list:

During the study Dagbladet, Dinside, E24, Nettavisen, VG will be contacted to receive consent regarding use of their material.

Requirements:

To perform the data collection procedures described in the following study it is required to:

-Have a stable internet connection -A computer can handle the use of R-Studio with small datasets/databases and Google Chrome with the Weava Highlighter.

Document Collection/ Analysis: The document analysis makes use of internet newspaper articles to giving an introductory view into to the topic and serves as a guide to create the interview questions, as well as could be used to find organizations or people relevant to the interviews.

These articles will be:

-Found using the in built search engines of the online newspapers

-Coded using the Weava highlighter extension for chrome

-Categorically indexed in Excel by (Document ID, Newspaper, Title, Retrieval date, and In-text reference)

Interviews: During the interviews the use of experts in the field will be seeked out. An example of relevant interview participants is: Banks, law enforcement, academicians, and associations that tries to prevent or help with issues relevant to the study.

Interviews will be performed in a semi- structured manner, this due to it may allow for the participants for insights of previously not thought of aspects of the topic.

The interviews will be:

Recorded using: -Recording software “Stemmeopptaker” for Android.

-QuickTime for MacOSx

Transcribed with: -Microsoft Word

Coded by -Using the R-package RQDA (0.3-1).

Triangulation will be achieved by confirming the findings in the document analysis during the interviews. As well as ensuring a diverse portfolio of interview participants.

Data collection plan Permissions for the use of the documents

will be collected during the first half of April.

Documents will be coded and analysed during the second half of April.

Interviews will be conducted through the second half of April, coded and analysed late April.

Data Analysis Thematic

Appendix C: Initial themes - Documents

Table 3

Initial Themes

ID Newspaper Title Themes (Subtheme)

Retrieved Intext- reference

1 E24 Shadi ble svindlet for millionbeløp og saksøkt av Bank Norwegian – nå er hun frikjent

BankID (Loanfraud) 11.04.20 (E24: Shadi ble svindlet for millionbeløp og saksøkt av Bank Norwegian – nå er hun frikjent, 2020)

2 E24 Advarer bankkunder mot svindelbølge

BankID (Real-timePhishing) 12.04.20 (E24: Advarer bankkunder mot svindelbølge, 2020)

3 E24 Norske nettbankkunder svindlet for millioner

Phising (Real-timePhishing) 12.04.20 (E24: Norske nettbankkunder svindlet for millioner, 2019)

4 E24 Advarer mot å gå på kroken: Danske Bank-kunder utsatt for svindelforsøk

Phising(EmailPhising) 12.04.20 (E24: Advarer mot å gå på kroken: Danske Bank- kunder utsatt for svindelforsøk, 2013)

5 E24 Antall svindelforsøk mot norske bankkunder doblet

WireFraud(InvestmentFraud) 12.04.20 (E24: Antall svindelforsøk mot norske bankkunder doblet, 2020)

6 E24 BankID-svindel til Høyesterett

BankID (Loanfraud) 12.04.20 (E24: BankID- svindel til Høyesterett, 2020)

7 VG Svindlet banker for over 30 millioner på ett år

BankID (Loanfraud) 12.04.20 (VG: Svindlet banker for over 30 millioner på ett år, 2018)

8 E24 «Helt ny form for svindelforsøk» rammet jobbsøkere på Finn.no

BankID (Workfraud) 12.04.20 (E24: «Helt ny form for svindelforsøk» rammet jobbsøkere påFinn.no, 2020)

9 E24 Professor mener ID-svindel kan være lønnsomt for bankene

BankID 12.04.20 (E24: Professor mener ID- svindel kan være lønnsomt for bankene, 2020)

10 E24 Kommentar: Bankene gjør mye for å forhindre svindel

BankID 12.04.20 (E24: Kommentar Bankene gjør mye for å forhindre svindel, 2020)

11 E24 Rekordår for kortsvindel i 2016: Over 17 milliarder tapt i Europa

CardFraud(CardNotPresent) 12.04.20 (E24: Rekordår for kortsvindel i 2016: Over 17 milliarder tapt i Europa, 2017)

12 E24 Ny svindelmetode oppdaget: – Det er første gang vi har sett her i ...

Phising(SMSPhising) 12.04.20 (E24: Ser på dette som svært alvorlig, 2015)

13 VG Svindlet av Simon Leviev – saksøkt av fire norske banker

Wirefraud(LoveScam) 12.04.20 (VG: Svindlet av Simon Leviev – saksøkt av fire norske banker, 2020)

14 E24 Bankkunder lurt for mange hundre tusen i bitcoin- svindel – E24

InvestmentFraud 12.04.20 (E24: Bankkunder lurt for mange hundre tusen i bitcoin-svindel, 2017)

15 VG Mathias (26) ble utsatt for ID-tyveri: Tok opp 1,2 mill. i forbrukslån på ...

IdentityTheft(LoanFraud) 12.04.20 (VG: Mathias 26 ble utsatt for ID-tyveri: Tok opp 1,2 mill. i forbrukslån på én uke, 2019)

16 VG To siktet: Tok opp lån og kjøpte bil i Runes navn – VG

IdentityTheft(LoanFraud) 12.04.2020 (VG: To siktet Tok opp lån og kjøpte bil i Runes navn, 2018)

17 E24 Rundt 1.000 DNB- kort rammet av nye svindelforsøk – E24

CardFraud(Enumeration) 12.04.20 (E24: Rundt 1.000 DNB- kort rammet av nye svindelforsøk, 2020)

18 E24 Ny epostsvindel rettet mot bankkunder – E24

Phising(EmailPhising) 12.04.20 (E24: Ny epostsvindel rettet mot bankkunder, 2015)

19 E24 Ny robot-tjeneste skal redusere kortsvindel med 40 prosent – E24

CardFraud(CardNotPresent) 12.04.20 (E24: Ny robot-tjeneste skal redusere kortsvindel med 40 prosent, 2019)

20 E24 Sjekk hvem som lures trill rundt av e-post-svindlere

Phising 12.04.20 (E24: Sjekk hvem som lures trill rundt av e-post- svindlere, 2015)

21 VG Over 30 eldre ofre for bedrageriliga: Bankkunder svindlet av falsk ...

Wirefraud(BankID) 12.04.20 (VG: Over 30 eldre ofre for bedrageriliga Bankkunder svindlet av falsk postmann, 2015)

22 DinSide «Olga-svindel» Disse damene er ekstra svindelutsatt

Phising(Vishing) 12.04.20 (Dinside: Disse damene er ekstra

svindelutsatt, 2019)

23

Dagbladet

Nyhetsstudio - Sparebank 1 advarer mot svindel

Phising(EmailPhising)

12.04.20

(Dagbladet: Nyhetsstudio - Sparebank 1 advarer mot svindel, 2019)

24 Dagbladet ID-ofre frikjent for falske banklån - Dagbladet

BankID (Loanfraud) 12.04.20 (Dagbladet: ID-ofre frikjent for falske banklån, 2019)

25 Dinside DNB advarer: – Pass opp for SMS- svindel

Phising(SmsPhising) 12.04.20 (Dinside: DNB advarer – Pass opp for SMS- svindel, 2019)

26 Dagbladet Bitcoin-svindel herjer på Facebook: - Jeg holdt på å bli gal

InvestmentFraud 13.04.20 (Dagbladet: Jeg holdt på å bli gal, 2019)

27 Dinside Nå svindles kjærlighetssyke nordmenn på Tinder og sosiale medier

LoveScam 13.04.20 (Dinside: Nå svindles kjærlighetssyke nordmenn på Tinder og sosiale medier, 2018)

28 Dinside Svindleren skulle «hjelpe med tapte investeringer»

Phising(Vishing) 13.04.20 (Dinside: Svindleren skulle «hjelpe med tapte investeringer», 2018)

29 Dinside Lurt av falsk Netflix-e-post Ble lurt av Netflix- svindel - må betale 12.000 kroner selv

Phising(EmailPhising) 13.04.20 (Dinside: Ble lurt av Netflix- svindel - må betale 12.000 kroner selv, 2018)

30 Dinside Regninger og fakturaer fra svindlere Ikke

WireFraud 13.04.20 (Dinside: Ikke betal disse regningene, 2018)

betal disse regningene

31

Dinside

Svindel på Facebook med falsk konkurranse Svindlerne lovet 15.000 kroner – stjal 17.000,-

BankID

13.04.20

(Dinside: Svindlerne lovet 15.000 kroner – stjal 17.000,-, 2018)

32 Dinside ID-tyveri: - ID- tyven er oftere en av dem som står offeret nærmest

BankID 13.04.20 (Dinside: ID- tyven er oftere en av dem som står offeret nærmest, 2018)

33 Dagbladet Bitcoin-svindlere lurer eldre for store summer Slik skor svindlere seg på krypto-hypen.

InvestmentFraud 13.04.20 (Dagbladet: Bitcoin- svindlere lurer eldre for store summer, 2018)

34 Dagbladet Bitcoin: Nordmenn rundlurt for flere millioner i bitcoin- svindel: - Pengene er nok borte for godt

InvestmentFraud 13.04.2020 (Dagbladet: Nordmenn rundlurt for flere millioner i bitcoin- svindel:- Pengene er nok borte for godt, 2018)

35 Dinside Falsk e-post fra Apple svindlet nordmann Nordmann frastjålet 36.000 kroner etter Apple- phishing

Phising(EmailPhising) 13.04.20 (Dinside: Svindlerne stakk av med 36.000 kroner – nesten umulig å se at nettsiden var falsk, 2017)

36 Dagbladet Flere personer har mottatt svindel- SMS. Nå advarer politiet: - Slett meldingen

Phising(SMSPhising) 13.04.20 (Dagbladet: Flere personer har mottatt svindel-SMS. Nå advarer politiet: - Slett

meldingen, 2017)

37

Dagbladet

Kjærlighetssvindel: Trodde hun hadde funnet kjærligheten – ble svindlet for flere hundre tusen

Wirefraud(LoveScam)

13.04.20

(Dagbladet: Trodde hun hadde funnet kjærligheten – ble svindlet for flere hundre tusen, 2017)

38 Nettavisen Her er feilene banken overså: Lånte hundretusener på falsk lønnsslipp

BankID (Loanfraud) 13.04.20 (Nettavisen: Her er feilene banken overså: Lånte hundretusener på falsk lønnsslipp, 2019)

39 Nettavisen Trond raser mot banken etter at sønnens samboer tok opp lån med hans BankID

BankID (Loanfraud) 13.04.20 (Nettavisen: Trond raser mot banken etter at sønnens samboer tok opp lån med hans BankID, 2018)

40 Nettavisen Advarer mot ny svindelmetode: Stjeler BankID på telefonen

Phising(Real-timePhishing) 13.04.20 (Nettavisen: Advarer mot ny svindelmetode: Stjeler BankID på telefonen, 2019)

41 Nettavisen Med denne e- posten kan bankkontoen din tømmes

BankID(Real-timePhishing) 13.04.20 (Nettavisen: Med denne e- posten kan bankkontoen din tømmes, 2018)

42 Nettavisen Politiet: Dette er de vanligste BankID- svindlene

BankID 13.04.20 (Nettavisen: Politiet Dette er de vanligste BankID-

svindlene, 2019)

43

Nettavisen

Telenor melder om rekordhøy svindeltrafikk: - Vi er alle i en sårbar situasjon

Phising

13.04.20

(Nettavisen: Telenor melder om rekordhøy svindeltrafikk: - Vi er alle i en sårbar situasjon, 2020)

44 Nettavisen Kryptovaluta: Kristian (46) ble svindlet for 180.000 kroner like før bryllupet

InvestmentFraud 13.04.20 (Nettavisen: Kryptovaluta Kristian (46) ble svindlet for 180.000 kroner like før bryllupet, 2018)

45 Nettavisen Tove ble lurt for 380.000 kroner i dating-svindel

Wirefraud(LoveScam) 13.04.20 (Nettavisen: Tove ble lurt for 380.000 kroner i dating- svindel, 2018)

Faculty of Technology SE-391 82 Kalmar | SE-351 95 Växjö Phone +46 (0)772-28 80 00 teknik@lnu.se Lnu.se/fakulteten-for-teknik