Upload File

evidence in fraud cases complexity and...

  • Home
  • Documents
  • Evidence in Fraud Cases Complexity and Accesssec.cs.ucl.ac.uk/users/smurdoch/talks/econcrime09evidence.pdf · Evidence in fraud cases is increasingly complex and voluminous Modern
Download Evidence in Fraud Cases Complexity and Accesssec.cs.ucl.ac.uk/users/smurdoch/talks/econcrime09evidence.pdf · Evidence in fraud cases is increasingly complex and voluminous Modern

If you can't read please download the document

Upload: haque

Post on 08-Feb-2018

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Evidence in Fraud CasesComplexity and Access

    Steven J. Murdoch

    http://www.cl.cam.ac.uk/users/sjm217/

    Computer Laboratory www.torproject.org

    Cambridge International Symposium on Economic Crime, 3 September 2009, Cambridge, UK

    http://www.cl.cam.ac.uk/users/sjm217/https://www.torproject.org/

  • Evidence in fraud cases is increasinglycomplex and voluminous

    Modern technology increases both thecomplexity and quantity of evidence in fraudcases

    This offers both challenges and opportunities toinvestigators

    Criminals may also exploit this complexity inorder to frustrate investigation

    In this talk I will discuss two particular examples Cloud computing Chip & PIN

    The general principles will also be applicable toother areas

  • Cloud computing is not new

    In the early days of computers, people rented computer time onmainframes because computers were too expensive to buy

  • Cloud computing is not new

    Now people rent time on computers because computers are socheap it is not worth maintaining them

  • Cloud computing does change things

    Data is stored in computers ownedby people other than the suspect

    These computers may be in differentcountries

    They probably need a password toaccess them

    It may not be as easy to performsearches

    Even finding out which ones exist isdifficult

    Establishing a chain of custody canbe difficult

  • Imagine you are an investigator

    You seize computers belonging to a suspect You find no documents, but Google Docs in the history Suppose you have the password; can you log into Googles

    US-based servers to read the documents? Suppose you dont have the password; can you demand the

    suspect hand it over? Suppose you dont find the password; could you hack into the

    Google server to read these documents?

    Where does Mutual Legal Assistance need to come in?

    When would you like it to?

  • Chip & PIN is now being deployedworldwide

    Chip & PIN, based on the EMV (EuroPay,Mastercard, Visa) standard, is deployedthroughout most of Europe

    The UK was an early adopter (started 2003,complete by 2006)

    Deployment has started in Canada and Mexico Transactions (point-of-sale and ATM) are

    authorized using a smart card and PIN Fraud levels dipped in 20052006, but criminals

    adapted (610m in 2008)

  • Chip & PIN changed fraud

    Criminals shifted to other areas (notablycard-not-present)

    Vulnerabilities in the Chip & PIN system itselfwere also exploited

    Could be used for third-party fraud, and alsoindirectly for first-party fraud

    Establishing what has happened depends onthe evidence, and there is a lot more with Chip &PIN (and it is more complex)

    Most relevant evidence is now held by the bank,as is the necessary information to interpret it

    Causes a problem if the bank isnt interested inco-operating

  • Not all bad news either

    Chip & PIN transactions create a cryptographicaudit trail which can be verified by a third party:Good for investigating alleged insider fraud

    Cards maintain a log of the number oftransactions they have completed, and oftenother information too: Good for investigatingalleged first-party fraud

    While various types of fraud can happen, oftenthere is forensic evidence in log files, e.g

    By tampering with the communication betweenthe card and terminal, a criminal can use a cardwithout knowing the correct PIN

    However comparing the cards transactionsummary to the receipts and merchant log willshow what has happened

  • Still, it is hard to investigate

    Ive worked in the investigation of several Chip &PIN fraud cases, as a formal expert witness orjust assisting the police or customer

    There is often a long time between fraud beingreported and investigated

    In the intervening time, banks may delete theevidence, even for transactions under dispute

    Banks are reluctant to disclose how theirsystems work, or what evidence means

    Standard procedure is that once a card issuspected to have been used in fraud, it shouldbe destroyed

    I have only succeeded collecting evidence inone out of five cases, and that was because thecustomer refused to follow bank instructions

  • Conclusions Evidence will continue to grow in terms of complexity and volume Procedures in fraud investigation will need to change to adapt Cloud computing brings challenges, most notably the

    cross-border nature Chip & PIN offers new evidence, but obtaining and interpreting

    this is difficult I have an article explaining Chip & PIN security, evidence, and

    forensics in the upcoming Digital Evidence and ElectronicSignature Law Review


Ownership structure, corporate governance, and fraud ... structure, corporate governance, and fraud: Evidence from China ... enforcement actions in cases where fraud and malpractices

Cases of Interest for Fraud Practitioners

CHAPTER 2 Section One – Course introduction FRAUD ... · use these fraud cases as valuable sources of information and lessons that can promote fraud prevention and detection through

Inflation Methodologies in Securities Fraud Cases: Theory

An Analysis of Fraud- Causes Prevention and Notable Cases

SECURITIES FRAUD LITIGATION AGAINST CHINA .../media/files/publications/2013/...Securities Act of 1933.4 As with other cases involving claims of securities fraud, cases against China-based

Proving Damages in Fraud Cases - Fraud · PDF fileProving Damages Suffered in a Fraud Case Ralph Q. Summerford, CPA, ABV, CFE, CFF, CIRA ... Proving Damages in Fraud Cases Author:

The difference between lemon law and auto dealer fraud cases copy

2019 CIU Report to the Legislature · CIU Detectives protect consumers from fraud by investigating insurance fraud cases across Washington state with the highest volume of cases opened

MEDICAL DEVICE ISSUES IN HEALTH CARE FRAUD CASES

Judicial Fraud - 40 Cases Later

BUSINESS AND ACCOUNTING FRAUD - ISCA · both the Enron and WorldCom fraud cases, and is currently engaged on several major cases, including the Parmalat matter, ... BUSINESS AND ACCOUNTING

Financial Statement Fraud: Motives, Methods, Cases and Detection

Fraud Prevention, Detection and Red Flags · Fraud Prevention, Detection and Red Flags Budget, Accounting and Reporting Council May 3, 2018 ... Fraud history Year Cases Amounts 2004

2017 Global Fraud Loss Survey - ITWeb...2017 Survey On average, fraud departments reported 10% fewer cases per month since 2015. The majority of cases are reported by North American

NCAA Academic Fraud Cases and Historical Consistency: A

Antitrust fraud in highway construction: Converting Statistics into Cases

Cases - Bark & Co Solicitors - Specialist Fraud Firm

1. OVERVIEW 2 Preventing Violations Combating Fraud, Waste, and Abuse Fraud Cases

IN FRAUD CASES THE ROLE OF FORENSIC ACCOUNTING

Government Employee Fraud: A Model Reporting Framework and ... · the status of its state employee fraud investigations. ... the prosecution of fraud cases and more diligent in the

Cases – Bark & Co Solicitors – Specialist Fraud Firm | jakefury

Invoice fraud - cfa.nhs.uk Invoice fraud... · OFFICIAL OFFICIAL 7 2. Insider fraud 2.1 Insider invoice fraud refers to cases of fraud in which an insider’s access to the NHS organisation’s

Banking Security: Attacks and Defences - UCLsec.cs.ucl.ac.uk/users/smurdoch/talks/owasp13bankingsecurity.pdf · Banking Security: Attacks and Defences ... Online banking Cheque fraud

Sentencing in fraud cases - Judicial Commission of New ... · Sentencing in fraud cases 3 2.1.1 Necessity for discrete forgery and identity offences Forgery as a specific type of

Tracing and Recovering Proceeds of Crime in Fraud Cases: A

GGD-86-142FS Defense Procurement Fraud: Cases …investigating and prosecuting defense procurement fraud. Your office asked that we provide the number of cases, types of fraud involved,

Defence fraud cases

HANDLING CRIMINAL HEALTHCARE FRAUD CASES · HANDLING CRIMINAL HEALTHCARE FRAUD CASES ANNUAL COMPLIANCE INSTITUTE APRIL 20, 2016 ─ 10:00 TO 11:45 A.M. LAS VEGAS, NEVADA Kirk Ogrosky

TSYS Fraud Management Solutions cases, requiring no ... TSYS Fraud Management Solutions ... chargeback and complete fraud operations and management providing support for

CISummit 2013: Busting Fraud Rings - The Cases of Healthcare & Financial Services

Case Studies in Financial Statement · PDF fileFinancial Statement Fraud Historically represents a small percentage of fraud cases 7.6% of cases in the 2012 ACFE Report to the Nations

GGD-86-142FS Defense Procurement Fraud: Cases Sent to the

How the IRS Reconstructs Income In Tax Fraud Cases

An Examination of Actual Fraud Cases With a Focus on the