Fighting fraud

Preface xixAcknowledgments xxiiiSECTION I: AN INTRODUCTION TO THE WONDERFUL The High-Technology Factor 9 High-Technology Related Frauds and Other Crimes 14Advent of the Superhighways 14T

Information Systems Security Offi cer’s Guide: Establishing and Managing

an Information Protection Program: May 1998, ISBN 0-7506-9896-9; by Dr

Gerald L Kovacich; First Edition and July 2003, ISBN 0-7506-7656-6, Second Edition; published by Butterworth-Heinemann (Czech translation of First Edition also available).

I-Way Robbery: Crime on the Internet: May 1999, ISBN 0-7506-7029-0;

co-authored by Dr Gerald L Kovacich and William C Boni; published by

Butterworth-Heinemann; Japanese translated version published by T Aoyagi Offi ce Ltd, Japan:

Netspionage: The Global Threat to Information: September 2000,

ISBN 0-7506-7257-9; co-authored by Dr Gerald L Kovacich and William C Boni; published by Butterworth-Heinemann.

Information Assurance: Surviving in the Information Environment: First Edition,

September 2001, ISBN 1-85233-326-X; co-authored by Dr Gerald L Kovacich and

Dr Andrew J C Blyth; published by Springer-Verlag Ltd (London); Second Edition, ISBN 1-84628-266-7, published in March 2006.

Global Information Warfare: How Businesses, Governments, and Others Achieve Global Objectives and Attain Competitive Advantages: June 2002,

ISBN 0-84931-114-4; co-authored by Dr Andy Jones, Dr Gerald L Kovacich and Perry Luzwick; published by Auerbach Publishers/CRC Press.

The Manager’s Handbook for Corporate Security: Establishing and Managing

a Successful Assets Protection Program: April 2003, ISBN 0-7506-7487-3;

co-authored by Dr Gerald L Kovacich and Edward P Halibozek; published by Butterworth-Heinemann.

Mergers & Acquisitions Security: Corporate Restructuring and Security agement: April 2005, ISBN 0-7506-7805-4; co-authored by Dr Gerald L Kovacich

Man-and Edward P Halibozek; published by Butterworth-Heinemann.

Security Metrics Management: How to Manage the Costs of an Assets Protection Program: December 2005, ISBN 0-7506-7899-2; co-authored by Dr Gerald

L Kovacich and Edward P Halibozek; published by Butterworth-Heinemann.

The Security Professional’s Handbook on Terrorism: Establishing and ing a Corporate Anti-Terrorism Program: To be released in September 2007, ISBN

Manag-0-7506-8257-4; co-authored with Edward P Halibozek and Dr Andy Jones; lished by Butterworth Heinemann.

pub-How to Establish and Manage an

Anti-Fraud Program

Dr Gerald L Kovacich

AMSTERDAM • BOSTON • HEIDELBERG • LONDON

NEW YORK • OXFORD • PARIS • SAN DIEGO

SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO

525 B Street, Suite 1900, San Diego, California 92101-4495, USA

84 Theobald’s Road, London WC1X 8RR, UK

This book is printed on acid-free paper

Copyright © 2008, Elsevier Inc All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher.

Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: ( + 44) 1865 843830, fax: ( + 44) 1865 853333, E-mail: permissions@elsevier.co.uk You may also complete your request on-line via the Elsevier homepage (http://elsevier.com), by selecting “Customer Support” and then “Obtaining Permissions.”

Library of Congress Cataloging-in-Publication Data

ISBN 978-0-12-370868-7 (alk paper)

1 Commercial crimes 2 Commercial crimes — Investigation 3 Fraud — Prevention 4 Fraud investigation I Title.

HV6769.K68 2008

658.4 ′ 73 — dc22

2007013397

British Library Cataloguing in Publication Data

A catalogue record for this book is available from the British Library

ISBN 13: 978-0-12-370868-7

ISBN 10: 0-12-370868-0

For all information on all Elsevier Academic Press publications

visit our Web site at www.books.elsevier.com

Printed in the United States of America

08 09 10 11 12 13 10 9 8 7 6 5 4 3 2 1

Working together to grow

libraries in developing countries

www.elsevier.com | www.bookaid.org | www.sabre.org

permission and without providing the owners with just compensation This book is especially dedicated to those whistleblowers who have the guts to

stand up when a wrong has been committed!

[T]he modern economic world centers on the controlling corporate organization Executives of Enron, WorldCom, Tyco and others became the focus of widely publicized criticism, even outrage Joining the language came the reference to corporate scandals Avoided only was mention of the compelling opportunity for enrichment that had been accorded the managers of the modern corporate enterprise, and this in a world that approves of self-enrichment as the basic reward for economic merit

Great fi rms, particularly in energy and mass communications but not so confi ned, came to dominate the news In all cases, the situation was the same, as was the result Management was in full control Own- ership was irrelevant, some auditors were compliant Stock options added participant wealth and slightly concealed take .

The least expected contribution to the adverse and even criminal ity was the corrupt accounting This provided cover for the devious actions that extended to outright theft Individuals had long regarded accounting as both competent and honest .

activ-The corporate scandals and especially the associated publicity have led

to discussion or appropriate regulation and some action — to positive steps to insure accounting honesty and some proposed remedies, as required, to counter management and lesser corporate fraud

Managers, not the owners of capital, are the effective power in the modern enterprise .

So, as a very practical matter, power passed to the mentally

quali-fi ed, actively participating management, and it did so irrevocably The belief that ownership has a fi nal authority persisted, as it still does

The basic fact of the twenty-fi rst century — a corporate system based

on the unrestrained power of self-enrichment.

* From John K Galbraith’s book, The Economics of Innocent Fraud: Truth for Our Time Houghton Miffl in, Boston 2004.

vii

Preface xixAcknowledgments xxiii

SECTION I: AN INTRODUCTION TO THE WONDERFUL

The High-Technology Factor 9

High-Technology Related Frauds and Other Crimes 14Advent of the Superhighways 14The Impact of Superhighways on Frauds and Other Crimes 15

A Short History of Crimes and Other Frauds Via the I-Way 17Superhighway Frauds and Other Crimes to I-Way Robberies 18I-Way Robbery — Its Prevalence 20There Is No I-Way Patrol to Stop I-Way Robbers 21 Global Connectivity Via the I-Way = Global Exposure to

Attacks by Fraud-Threat Agents and Other Miscreants 21Capabilities and Limitations of Law Enforcement 22Challenges to Security Professionals and Others 23

ix

Case Study 2 25

Defi nition of General Fraud 28 Specifi c Fraud Defi nitions 31 Corporate Assets 32

Other Terms and Defi nitions 33

A Few Examples of U.S Federal Enforcement of

Fraud-Related Laws, Approach and Actions 40Mail Fraud Statutes (condensed and paraphrased) 41 Money Laundering 43

Financial Institution Fraud (Bank Fraud) 43 Civil Litigation 43

U.S Treasury Collection 44 Securities Violations 44

Role of Phone Companies 44European Fraud-Related Laws 45

EU Fight Against Frauds 45ASIA and Fighting Fraud 47

Human Errors — Accidents 56Man-Made or Malicious Fraud Threats 57Potential Fraud-Threat Agents 57

Identity Theft Scams 108 “Nigerian Scam” 109

Accounting Fraud Schemes 111Bribery and Corruption 116 Confl icts of Interest 116

Purchasing — Four Basic Categories 116

Investments and Fixed Assets 118Payroll and Personal Expenses 119 Procurement/Contracts 120 Telemarketing Fraud 120

Advance Fee Scheme 121Common Health Insurance Frauds 121Letter of Credit Fraud 122Prime Bank Notes 122The Ponzi Scheme 123

Government Contracting Fraud 135Fraud-Threat Agents Can Be Anyone in Any Position 136U.S Securities and Exchange Commission (SEC) Fighting

Fraud in School Systems 138Dead Soldiers and E-Mail Scams 139Another Example of Insider Fraud 139Executive Management and Accounting Fraud 140Merchandise Receipt and Exchange Fraud 141

Click Frauds 142

Government Contractors and Fraud 143Frauds and Microsoft Software 144 Y2K-Related Fraud 144

Data Storage Conducive to Fraud-Threat Agents 145Another Example of Click Fraud 146Pyramid Schemes Move on to the Internet 146Prepaid Cellular Phone Fraud 147Identifying International Corruption 148Credit Card Information Theft and Frauds 149Hackers, Crackers, Phishers, Oh My! 150Urban Legends and Frauds 151Medical Research Frauds 151Corruption and the War in Iraq 152Comments on Identity Thefts as a Vehicle to Fraud 153Lobbyists and Corruption 153Internet Scams are International 154Faking a Medical Condition 154Internet Fraud Sweep 155

Strategic Business Plan 170Tactical Business Plan 171IWC’s Annual Business Plan 173IWC and the History of Its CSO 173Key Elements of IWC’s Annual Business Plan 176Anti-Fraud Program Planning 176IWC’s Departments of Primary Importance to the CSO 176IWC Vision, Mission, and Quality Statements 178

Program Development 195IWC Anti-Fraud Program Requirements — Policies 196 Risk Assessment — The Second Major Task in Developing

an Anti-Fraud Program 196Basics of IWC’s Risk Assessment Process 197

Natural Threats 200 Man-Made Threats 200

Assets Protection Risk Assessments 202Assets Protection Risk Analyses 204Developing Anti-Fraud Defenses 204Three Key Ingredients in an Anti-Fraud Program’s Defenses 205IWC’s Anti-Fraud Policies 206Anti-Fraud Requirements and Policy Directive 209 Anti-Fraud Procedures 210

The CSO and Security Department’s Anti-Fraud

Accountabilities 212

Off-Site Corporate Facilities 212Recruiting Anti-Fraud Professionals 212

Using Technology to Deliver Anti-Fraud Program Support

Executive Management as Team Members 246 Teaming with IWC Executive Management Through a

Business Approach 247Teaming with Corporate Peers 248Teaming and Dealing with Offi ce Politics 250Teaming with Your Security Managers 252Teaming with Your Security Staff 253 Teaming and Dealing with Satellite Offi ces in IWC

Headquarters in the United States 257 Teaming and Dealing with Satellite Offi ces in

Measuring an Anti-Fraud Program’s Costs, Benefi ts,

Successes, and Failures 268Common LOE Measurement Techniques for Each Function 269Examples of Metrics by Function 270Investigations and NCIS Metric Chares 271Examples of Anti-Fraud Investigations Metrics 272 Process Measurements 277

Corporations? 285

Globalization of Business to Continue 288Employees of the Future 288The Future Global Corporation 289Future of Fraud Attacks on Corporations 291Future Anti-Fraud Protection Needs of Corporations 292

Professionals Must Do Now to Personally Prepare

Gaining Anti-Fraud Experience 305

To Conduct or not to Conduct Fraud Lectures and Write

Executive Offi ce, Association of Certifi ed Fraud Examiners World Headquarters 314

In Conclusion-My Thoughts 315

Some References 317

Index 321

I must tell you up front that the focus of this book is NOT on investigating frauds, corporations that are responsible in some form for perpetrating frauds, and the like, although some information in that regard is provided.

The emphasis in this book is on Establishing and Managing an

Anti-Fraud Program for a corporation from an anti-fraud management and

lead-ership viewpoint, with the emphasis on management and leadlead-ership.Although I use the word “corporation” throughout, it also applies to government agencies, nonprofi t groups, associations, privately held com-panies, and any entity that is concerned with the loss of its assets by fraudulent means

Over the years, many books have been written about fraud in general and also about specifi c types of frauds There have also been books written about specifi c fraud cases dealing with specifi c corporate frauds

All of these books, however, for the most part seem to miss one basic fact: namely, the perpetration of a corporate fraud relates to attacking and stealing corporate assets of various kinds Furthermore, the leadership role

of protecting corporate assets has for decades fallen on the shoulders of the corporation’s chief security offi cer (CSO), and it still does today.That role will be discussed in more detail in the chapters of this book, but suffi ce it to say here that the corporate CSO has seemed to have abdi-cated that responsibility — leaving the protection of corporate assets from fraudulent attacks to others both inside and outside the corporation — to auditors and accountants

This book was written in part to try to change that attitude and to provide justifi cation to begin wresting that leadership responsibility from others and help make a case for justifying why fi ghting corporate fraud should be one of the primary duties and responsibilities of the CSO, who

is indeed the leader for protecting all corporate assets

This book also seeks to:

xix

• Provide security professionals and others responsible for the tion of corporate assets (e.g., executive management) a roadmap for developing their own anti-fraud program.

protec-• Help them to tailor the program to their own corporate environment

• Help those who are interested in preventing fraud within their corporations by providing them with an awareness and a better under-standing of the threats to corporations by these miscreants

• Explain how the frauds are costing these corporations a competitive edge in the global marketplace

• Provide guidance on how to:

• Establish and manage a corporate anti-fraud program that is both

proactive and defensive in nature

• Use an aggressive anti-fraud strategic approach under the

leader-ship of the CSO

This book will also be useful for those accountants, investigators, and tors, as well as others who work for corporations in the areas of fi nance, contracts, supply, and the like, and who are interested in indicators of frauds and anti-fraud programs and in viewing the matter from other than

audi-an accountaudi-ant’s, investigator’s, or auditor’s point of view

Hopefully, they will see that fi ghting corporate fraud is indeed the leadership responsibility of the CSO and push, pull, and otherwise support the CSO who wants to take on that leadership role

I want to repeat that this book emphasizes establishing and managing

an anti-fraud program and how to set up such a program for a corporation

As noted earlier, it is not about investigating incidents of fraud, describing fraud examination functions or incidents of fraud, and the like, except as they relate to the primary objective of establishing and managing an anti-fraud program

The text consists of three sections and 17 chapters that will provide the reader with a practitioner’s guide (a “how-to” book), augmented by some background information to put it all in perspective The approach used should:

• Enable the reader to understand this global, fraud-threatening environment

• Immediately put in place a useful anti-fraud program baseline under the leadership of the corporation’s CSO

The format used for this book follows the one I have used in several of my other successful books, primarily because according to many of my readers this format and approach provides basic information in an easy-to-read manner

Because of similarities between protecting corporate assets from fraud and protecting corporate assets from various other threats agents, I have borrowed the format and some related information from some of my previ-ous books published by Elsevier’s Butterworth-Heinemann Publishers This provides the reader the required information in one book instead of

having to read through other books for the information, for example, The

Manager’s Handbook for Corporate Security.

The information provided in this book is the product of decades of experience in fi ghting fraud-threat agents and of information collected from multiple sources, private, public, governmental, and corporate This infor-mation has been passed on through my professional colleagues as well as through the training and awareness courses offered by various U.S federal government agencies and the courses and conferences provided by anti-fraud and security-related associations If I failed to provide specifi c rec-ognition within the heart of this book for the information they have provided over the years, I apologize in advance for this unintended oversight After decades in this fi eld, the sources and personal experiences tend to merge and blur

I hope this book provides you with a basic foundation that will help you build an anti-fraud program and a total assets protection program I would be very interested in hearing from you concerning your successes and failures in that regard Also, I welcome all constructive criticism and suggestions on additional topics that you think should be addressed in any further editions of this book Please send your questions and comments to

me through my publisher: Elsevier’s Butterworth-Heinemann

Dr Gerald L Kovacich Whidbey Island, Washington

U.S.A.

In taking on any book writing project, success will elude any writer who thinks he or she knows it all Therefore, it was vitally important for me to

be able to call on old friends and professionals to help me meet my specifi c objectives:

• To provide a book of useful information to help the security sionals and others who are involved in anti-fraud activities to gain information that can be quickly put to use

profes-• To assist in the protection of corporate assets from the global ers of today and tomorrow

defraud-In that context, the following deserve special thanks:

• Motomu Akashi, mentor, great friend, and one of the best corporate

security professionals ever to have protected a corporate asset, cially in the “Black World”!

espe-• William C Boni, Corporate Vice President and CISO, Motorola

Corporation, one of our leading twenty-fi rst-century security professionals

• Jerry Ervin, good friend, former professional crime fi ghter,

informa-tion systems security specialist, investigator, special agent, and rity guru

secu-• Don Evans, InfoSec Manager, United Space Alliance, who is always

there to lend a hand, provide advice to the security “rookies,” and support a security conference anywhere, anytime

• Edward P Halibozek, Vice President of Security, Northrop Grumman

Corporation, for his friendship, professional security advice, and his great work as a co-author

• Roscoe Hinton, a very old friend and fellow fraud fi ghter, Special

Agent (recently retired), who was my partner in fi ghting defrauders who targeted the U.S government, especially in our investigations

xxiii

and operations against the defrauders and other miscreants who tried

to defraud the Department of Defense and the U.S Air Force I hope that we won more than we lost over the years! Thanks Roscoe for the advice and counsel

• Dr Andy Jones, Head of Security Technology Research, at the Security Research Centre for British Telecom, United Kingdom; distinguished professor, lecturer, consultant; co-author, good friend, and one of the best of what Britain has to offer to combat high-technology crimes and information systems assets protection

• Jerry Swick, former senior telecommunications crime investigator, and retired Los Angeles Police Department Lieutenant and co-founder

of their computer crime unit A true crime fi ghting professional and

a good friend

• All those who work for the Association of Certifi ed Fraud Examiners

(ACFE) who daily lead the way in supporting the anti-fraud sionals, whether they be auditors, accountants, fi nancial specialists, fraud examiners, security personnel, law enforcement personnel, investigators, corporate or government management — in fact, anyone who is interested in fi ghting fraud Thanks especially for your many years of supporting my activities

profes-• The American Society for Industrial Security (ASIS), a security

pro-fessional organization which has led the way in supporting security professionals Thanks to them for their continued leadership and support in all they do

• The United States Air Force Offi ce of Special Investigations (AFOSI)

for their years of leading the way in the DoD and the federal ment in fi ghting fraud, supporting and providing some of the best anti-fraud training one can ever receive; as well as for being a great place to work as a special agent and fraud investigator

govern-• The High Technology Crime Investigation Association (HTCIA), which

has become one of the primary leaders in investigating high- technology crimes, including telecommunications fraud, computer fraud, and various other forms of high technology-related frauds Thanks to them, law enforcement and security professionals have been working closer together to fi ght high-technology crimes, including high- technology-related frauds

Of course, thanks to my better half for over 30 years, Hsiao-yun Kovacich

I must always thank her for many years of support and giving me the

“space” I need to research and write Thanks also for her many hours of researching topics for my writings and for explaining the “thinking Asian mind”!

To the staff and project team of Butterworth-Heinemann — Mark Listewnik, Chris Nolin, Jennifer Rhuda Soucy, Pam Chester, and Kelly Weaver, the very best of professionals! Thanks again for providing great

support for another one of my book projects and for having the confi dence

in me to once again sign me to a book contract!

To those other professionals in the book publishing world of Elsevier’s Butterworth-Heinemann, who helped make this book into a successful and professional product Thanks for your help and professionalism: Melinda Ritchie, Marissa Hederson, and Alisa Andreola

I also thank you, the readers, who have supported me over the years

by attending my lectures and purchasing my books I hope that my lectures and books have added to your body of knowledge and have helped you to

be successful in leading the assets protection efforts of your company or government agency

This book is an introductory book on the general topic of fraud, with

emphasis on fi ghting fraud through the establishment and management of

a formal anti-fraud program.

The premise of this book, with which some may agree in whole, in part, or not at all, is based on the idea that today’s approach to fi ghting fraud is not working and that a formal and aggressive anti-fraud program should be in place in all businesses and government agencies

The leadership role of such a program falls under the duties and responsibilities of the chief security offi cer (CSO) of the corporation* That person, or the person by another name, has leadership responsibility for protecting corporate assets from all threat agents whether they are thieves, defrauders, terrorists, or some other sort of miscreant

It is logical, therefore, that the CSO lead the corporation’s anti-fraud program efforts as a standalone program or probably best as an integral part and subset of an overall corporate assets protection program

There are those who will disagree with this premise That will be discussed in the last chapter of this book As you read through this book, please form your own conclusions

* As a reminder (this will be made more than once in this book): the word poration” is the catch-all term used in the book to describe any business whether

“cor-it is a partnership, a corporation, char“cor-ity, government agency, or the like However, the anti-fraud program that is to be discussed and used as an example revolves around a corporation.

xxvii

AN INTRODUCTION TO THE WONDERFUL WORLD OF FRAUD

Prior to discussing how to establish and manage a corporate anti-fraud program, it is important to set the stage for that discussion by looking at the environment where today’s corporations — businesses — market and sell their products and buy their supplies

This is important because as we go charging into the twenty-fi rst century, we see that the business environment of the old twentieth century

is yes, still there, kind of, sort of, but also rapidly changing in many ways These changes make it almost impossible to conduct some types of corpo-rate frauds and opens up new possibilities for perpetrating other types of frauds Furthermore, in many ways, the defrauders of today have taken on

a global profi le and are no longer relegated to some local area in some small part of the world

So, in Section I, we set the stage and hopefully provide some logic to help you understand why the corporate anti-fraud program discussed in Section II should be considered and structured (baselined) as proposed This section is broken down into the following seven chapters:

Chapter 1 The New-Old Global Business Environment

Chapter 2 Corporate Assets, Frauds, and Other Terms — What Are

They?

Chapter 3 Fraud-Related Laws

Chapter 4 Corporations Don’t Commit Frauds, People Do

Chapter 5 Fighting Fraud — Whose Job Is It Anyway?

Chapter 6 Where There Is a Will There Is a Way — Fraud SchemesChapter 7 Fraud Cases and Commentary — Learning by ExampleThe logic of Section I is that you should fi rst understand the global busi-ness environment After all, that is where you, the leader or team member

1

of the corporate anti-fraud program, must work Once the basic global ness environment is understood, we move on to defi ning assets and frauds and their related laws If you don’t know what is meant by assets, what frauds are and their associated laws, you will have a diffi cult time defend-ing corporate assets against attacks from fraud-threat agents This basic understanding will also help you defi ne a cost-effective process to establish and manage a successful anti-fraud program.

busi-Once we get past the environment, laws, and defi nitions, it is tant to discuss who commits fraud and who should lead the anti-fraud efforts for a business As you will see, there are different opinions as to who should lead these efforts — there are “rice bowls” at stake anytime one tries to take duties and responsibilities along with their related budget away from another group It is usually all about bureaucracy and power and not what is best for the corporation

impor-We will conclude Section I with an introduction to some basic fraud schemes and actual fraud cases that adversely impact corporations and, therefore, the profi ts and ability to successfully compete in the global mar-ketplace It is important to understand these threats to corporate assets and some of their modus operandi (MOs) because your anti-fraud program must

be able to defend the assets against the fraud miscreants and their attacks

Once you understand today’s corporate and global fraud ment — your working environment — you will be in a better position to design, develop, implement, and manage your own anti-fraud program based not only on the global marketplace and high-technology environ-ment, but also on the fraud-threat agents, their MOs, the specifi c culture and philosophy of your corporation, and its worldwide facilities

In order to protect corporate assets from fraud, it is vitally important that the security professional and those in business management under-stand the global business environment in which the corporation will do business; they must also know where the corporate assets are located and how vulnerable they are to attacks by fraud-threat agents.

Some may argue that globalization is another word for ization, whereas others may contend that they are different For our pur-poses, we will use the meaning stated below It is best to leave matters relating to such defi nitions to academicians, whose world is the theoretical world more than the real world — at least the real world of global trade and international frauds

international-Globalization is the term used to describe the changes in societies and the world economy that result from dramatically increased international trade and cultural exchange It describes the increase of trade and investing due

to the falling of barriers and the interdependence of countries In specifi cally economic contexts, the term refers almost exclusively to the effects of trade, particularly trade liberalization or “free trade” More broadly, the term refers to the overall integration, and resulting increase in interdepen- dence, among global actors (be they political, economic, or otherwise) 1

-3

1 http://en.wikipedia.org/wiki/Globalization.

The “globalization” of business has been progressing for centuries Ever since the fi rst European explorers sought out new worlds, their purpose was to “Christianize the heathens” and trade with or steal from them On the other side of the globe, Chinese and others were also explor-ing parts of the world and expanding their trading partners to those in the Middle East and Southeast Asia.

Economic globalization, the business of world trade and the “global marketplace,” requires, and always has required, a mostly stable environ-ment Although in times of crisis and confl ict, arms trading does indeed increase, that type of trade is very limited compared to other forms of trading — for example, those goods sought by the general consumers and other businesses Trade on a global scale has been increasing for centuries, and it is expected to continue to increase, in some areas expanding expo-nentially and more rapidly than in the past

As already suggested, in order for trade to fl ourish, businesses need

a relatively stable environment; therefore, when wars break out in a region,

as happened so often during the twentieth century, businesses (except for manufacturing and arms trading, of course) suffer The recent global ter-rorist trends have adversely affected businesses, including tourism, in areas where the terrorists are the strongest, such as in the Middle East, followed predominantly by other Muslim nation-states or countries with major populations of Muslims, notably, Indonesia, the Philippines, and Malaysia

You will fi nd that no matter what threat you are protecting the porate assets from, many of the same safeguards apply For example, ter-rorists are currently being fi nancially squeezed as the United States and other nations identify and stop the fl ow of funds to terrorists This has led some terrorists to search for other sources of funding, including identity theft, credit card fraud, and other fraud-related schemes So, it is not an exaggeration to say that your anti-fraud program may not only be protecting corporate assets but also fi ghting international terrorism

cor-Fraud-threat agents have in general much less effect on global trade and the marketplace than do terrorists However, it has had a fi nancial impact on affected corporations through, for example, pirated DVDs Even the counterfeiting of goods has not slowed down trade with those nation-states such as China where it is prevalent One fi nds that as nation-states improve the lives of their citizens and their economies, there is less need for counterfeiting (e.g., books, CDs, DVDs), and it tends to decline over time

as in Taiwan

Fraud-threat agents are those man-made threats that include people, their schemes, modus operandi, technology supported tools, and the like.

After World War II, trade resumed, increasing around the world, especially trade between the nation-states of Europe and the United States

as a result of the Marshall Plan, which the United States implemented to help war-torn Europe rebuild This rebuilding did not occur in China time because the communists seized control of China in 1949, and of course communism was diametrically opposed to democracy and to private own-ership of businesses of the Western world At the same time, noncommu-nist nation-states in the Far East, including Japan, South Korea, Thailand, and Taiwan, being capitalist-oriented regimes, began to become successful global trading partners with nation-states around the world During that process, they regularly violated international agreements, in particular committing copyright violations, product dumping, and the like

In the twenty-fi rst century, we are witnessing improvements in nation-state relationships — Russia and China have normalized relation-ships with the United States and Europe, free trade zones have been formed, the European Union has been founded and is fl ourishing, and Eastern Europe has been liberated from communism, with the result that capitalism has been established in those nations

In addition, vast and ongoing improvements in communications and

in transportation (the ability to ship goods both more effi ciently and more rapidly around the world) have led to increased and massive trade and with it dependencies on that global trade These trade improvements have been brought about in part by ever-increasing improvements in technology, especially high technology driven by the microprocessor

Current trends also show that an increasing number of nation-states are becoming democratic; the movement toward capitalism is accelerating, and global capitalism is expected to continue growing for the foreseeable future This trend will drive more global trade, which terrorists do not want

to occur, but fraud miscreants love it, for as nations modernize and open

up their borders, it provides more opportunities for perpetrating fraud schemes

Even China has loosened its hold on its people and businesses in recent years and is effectively competing as a global economic power China is expected to successfully compete in the quest for dominance in the global marketplace in the years to come unless some drastic changes occur in the global trading environment, such as war between Taiwan and China that might include the United States

GLOBALIZATION OF BUSINESS — BENEFITS TO NATION-STATES

Corporations continue to expand their markets, facilities, and areas of operation around the world, many of which are supported by the nation-states, which benefi t from such trades in the following ways:

• Increased employment

• Rise in standard of living

• More tax money to the nation-states

• Ability of citizens to purchase cheaper goods

• Increased trade leverage in the global marketplace

• More global power through economic power

Opponents of globalization maintain that it contributes to the “exploitation

of the poor.” Others counter that globalization increases business ment and expansion, providing employment for those who previously had little hope of fi nding jobs Such arguments can be made on both sides of this issue, but one thing is almost certain: globalization will not stop

develop-EXPANSION OF THE GLOBAL MARKETPLACE AND THEIR AREAS

OF OPERATIONS

The global marketplace has expanded over the years from Europe to the Americas and now to Asia It is expected that future expansions must consider Africa Although many of Africa’s nation-states are presently rather unstable, with the help of more modern nation-states and their global corporations, their situation will eventually change After all, busi-nesses go around the world to fi nd the cheapest resources, and as Asia becomes more and more modern with ever higher standards of living, Africa may offer the next cheap source of business resources, especially labor The continent certainly offers some opportunities to become a center for some fraud attacks One example that comes to mind is Nigeria, but to

be fair, it appears to be trying to limit global fraud schemes

If you look at the some of the attacks perpetrated by fraud-threat agents in Africa, you can see that the threats are already there and ready

to wreak havoc on the corporations of the world that dare enter their

“domain” and try to be successful Africa may provide an “excellent test environment” where one can study

• The clash between democratic-minded people

• Corrupt dictators challenged by capitalism and democracy

• Increased adoption of high-technology devices

• Civil wars among the African states and the role fraud-threat agents play in those wars

• The impact of modern nation-states as they support their countries’ businesses in the African nation-states

• The actions of miscreants to stop modernization except that which is under their control or to gain from it

In 1999, Uganda became the fi rst African nation to have more mobile than traditional phones 30 other African nations followed by 2002 the megacity of Lagos, Nigeria, cell phones were one of the three largest indus- tries there, neck and neck with religion and nutritional supplements 2

Africa is a continent worth studying to get some idea of not only what future corporate business will contend with vis-à-vis fraud-threat agents and corrupt governments but also the techniques they may use there and spread to other continents, and vice versa

Along with that expansion, the increased risks of today’s fraud-related miscreants and their attack methodologies and schemes may be frequently encountered for the foreseeable future, and are even likely to increase over time

What those risks are and how a security professional leading an fraud program for a corporation should deal with them will vary and may depend on such things as

anti-• Types of corporation

• Their locations worldwide

• Their ownership

• Products they produce and market

• Threats to those assets

• Vulnerabilities of the assets protection defenses

• Types of anti-fraud and asset protection controls in place

TYPES OF CORPORATIONS

The types of corporations do not appear to be primary factors when global miscreants use fraud schemes to attack a corporation’s assets In the future this may change, but for now at least the current trend will continue

CORPORATE OWNERS AND LOCATIONS

The corporate owners are generally the stockholders who may live in various locations in the world However, their ownership is generally

2 From Radical Evolution: The Promise and Peril of Enhancing our Minds, Our Bodies — and What it Means to Be Human, by Joel Garreau, pg 170 Doubleday

and Company, NY 2005.

believed to be equated to the nation-states where they have their corporate headquarters and other facilities, and not the location of the stockholders Corporate ownership is so diverse that targeting a corporation owing to its ownership does not seem to be a plausible reason for fraud attacks against them.

Attacks against businesses may be based on their physical tions — local organized crime, local terrorists’ cells needing funding, and other local fraud-threat agents Some nation-states where their businesses are located may have weak laws, a dictatorial or possibly corrupt govern-ment, weak criminal justices systems, and so on These all tend to provide

loca-a sloca-afer environment for globloca-al miscreloca-ants, which of course include globloca-al

or local fraud-threat agents

With today’s high-technology dependencies and vulnerabilities along with our convenient and fast mobility of travel, all types of miscreants can easily move about the world plying their trade Therefore, a corporation’s location may play a role in most non–high-technology, non–Internet-related frauds

CORPORATE PRODUCTS

The corporations’ products may also be a factor in determining whether

or not they will continue as targets of fraud-threat agents and other assorted miscreants in the future Furthermore, it is important to remember that these miscreants may be domestic rather than international threat agents

As we mentioned earlier, businesses — and global businesses maybe more so — require a stable environment in which to operate The more chaos, the more diffi cult it is to successfully do business However, as businesses expand around the world, many will take more risks and begin operating in foreign nation-states that may not have a stable government and indeed may be the home of one or more groups of miscreants A prime example is Nigeria and its “have I got a deal for you money schemes.” Chaotic internal conditions are ripe for exploitation by fraud-threat agents

Businesses will take more risks as the global marketplace competition continues to heat up and as they continue to look for cheaper labor, less costly raw materials, and favorable operating conditions, most notably a low tax base They need these advantages in order to compete and to offer products at lower prices based on lower operating costs These favorable operating conditions may also be where the criminal justice system is the weakest and, therefore, ripe for exploitation by miscreants of all types, including fraud-threat agents

It is useful to distinguish economic, political, and cultural aspects of ization, although all three aspects are closely intertwined The other key aspect of globalization is changes in technology, particularly in transport and communications, which it is claimed are creating a global village 3

global-As an anti-fraud professional responsible for the protection of rate assets, you will continue to fi nd this type of environment for the fore-seeable future How you will deal with those asset protection needs, defending them against fraud-threat agents’ attacks, will offer you some of your greatest challenges

corpo-THE HIGH-TECHNOLOGY FACTOR

The globalization of business is being supported and even driven by the continuing advancements in high technology (that technology based on the microprocessor) Thus, rapid and ever-expanding communications has also advanced the ability of fraud-threat agents to attack those they consider vulnerable to fraudulent schemes Fraud-threat agents have been using the Internet, e-mails, cellular telephones, and the like to communicate with each other as well as to support their fraud schemes to attack their vic-tims — their corporate targets They have become quite sophisticated in their use of these high-technology devices and also to take advantage of their vulnerabilities

As high technology becomes smaller, more powerful, and cheaper, fraud threat-agents will continue to take advantage of the current and future improvements in these devices.

As technology improved, transportation systems such as the sailing ships and ground transportation systems improved For example, steam engines gave way to diesel and gasoline engines, which has had a positive impact on trade because such improvements increased their speed and size, thus allowing them to transport more products to market faster and more effi ciently

3 Ibid.

The industrialization of nation-states led to expanded and increased trade throughout the world The advent of modern transportation sup-ported by high technology has allowed today’s miscreants to operate far beyond their home territories Today they operate around the world, and

as transportation and communications improve, these fraud-threat agents will acquire additional speed and sophistication in their modus operandi and, therefore, increased ability to not only attack their targets but to do

so more effectively, effi ciently, and successfully

A laptop in every pot: A New York Times article is provoking an online

debate over whether cell phones or laptops are truly the best way to bring the Internet to the world’s poor In-house Microsoft (Research) blogger Robert Scoble agrees with his boss Bill Gates that cell phones are the best way to make Internet access universal: When he travels overseas, he sees everyone reading their phones, not using laptops David Rothman says he hopes that MIT’s cheap-laptop experiment wins out, because it’s easier to read on larger screens 4

Because corporations depend on high technology, the most advanced high-technology nation-states have become more vulnerable to attacks, and successful attacks at that, than the Third World nation-states, which have little in the way of high-technology infrastructure and therefore, less reli-ance on it This state of affairs is expected to continue into the foreseeable future

At the same time, some previously unaffected nation-states — those not vulnerable to high-technology or other forms of attacks as they do not have that high technology-based infrastructure in place — are becoming more vulnerable to attacks of all sorts, including fraud-related attacks For example, some nation-states have bypassed the installation of a telecom-munications infrastructure based on the telephone landlines and have gone directly to cellular technology for their internal communications needs Cellular phones are of course more vulnerable to fraud-threat agent attacks than landline telephones Therefore, this dependency will cause fraud miscreants of the future to increasingly target the corporations and employ-ees who make this infrastructure possible, as well as use that technology

in those nation-states

4 http://money.cnn.com/2006/01/30/technology/browser0130/index.htm?cnn=yes.

Intel: One billion transistors on tiny new chip: Company says it’s on track to make fi ngernail-sized chips by the second half of 2007 it had made the world’s fi rst microchip using tiny new manufacturing methods that promise

to let the world’s top chipmaker make more powerful, effi cient processors The fi ngernail-sized memory chip is etched with 1 billion transistors that are only 45 nanometers wide — about 1,000 times smaller than a red blood cell, said Mark Bohr, a leading Intel engineer “It will pack about two times

as many transistors per unit area and use less power It will help future products and platforms deliver improved performance.” 5

NANOTECHNOLOGY

When thinking of protecting corporate assets from fraud-threat agents and their use of high-technology devices as their tools, a security professional must look into the future and see what other vulnerabilities to successful fraud attacks will emerge due to the changes in high technology In addi-tion, the security professional must also look to these future high technolo-gies for tools to help them defend the corporate assets against fraud-threat agents, and protect them from other threat agents as well

Some of the most intriguing new high technologies of the future will

be based on nanotechnology According to many government and private scientists, engineers, and business leaders, nanotechnology is the future, and in that future humans will be able to do wondrous things What is nanotechnology?

Nanotechnology is the understanding and control of matter at sions of roughly 1 to 100 nanometers, where unique phenomena enable novel applications Encompassing nanoscale science, engineering, and technology, nanotechnology involves imaging, measuring, modeling, and manipulating matter at this length scale A nanometer is one- billionth of a meter; a sheet of paper is about 100,000 nanometers thick 6

dimen-According to the United States government7:

The transition of nanotechnology research into manufactured products

is limited today, but some products moved relatively quickly to the

5 http://money.cnn.com/2006/01/25/technology/intel_chip.reut/index.htm.

6 http://www.nano.gov/html/facts/whatIsNano.html.

7 http://www.nano.gov/html/facts/home_facts.html.