Deck 17: Fraud in E-Commerce

A) Biometrics
B) Independent checks on performance
C) Adequate separation of duties
D) Physical control over assets and records

A) Integrity and ethical values
B) Board of directors and audit committee participation
C) Management's philosophy and operating style
D) All of the above

A) Control environment, risk assessment and monitoring
B) Risk assessment, control activities and information & communication.
C) Control environment, risk assessment and control activities
D) Control activities, information & communication and monitoring.

A) Passwords.
B) Digital Signatures.
C) Biometrics.
D) All of the above.

A) Control activities
B) Risk assessment
C) Control environment
D) Monitoring

A) Cash flow constraints instigated by tremendous growth causing a need for more borrowing or issuing of stocks
B) More precise and frequent expectations by Wall Street, creating pressure to cook the books
C) Anonymous transactions
D) Invisible businesses-You don't know the size, or the location
E) A and B

A) Customer transactions
B) Reducing opportunities through the implementation of appropriate internal controls
C) Designing new fraud-proof technologies
D) Apply Benford's law

A) Merger or acquisition activity, which creates pressures to "improve the reported financial results"
B) Unproven or flawed business models, with tremendous cash flow pressures.
C) Borrowing or issuing stock, which adds additional pressures to "cook the books"
D) All of the above

A) Biometrics
B) Spoofing
C) Biological Signatures
D) Physical science controls

A) The personnel
B) The board and audit committee participation
C) A controlled system
D) All of the above are equally important aspects of internal control

A) Digital Signatures
B) Passwords
C) Biometrics
D) Voice activation

A) Although the same types of control activities are used, they are not as effective in e-business.
B) Adequate separation of duties is not as important in e-commerce as it is in traditional brick-and-mortar businesses.
C) Proper authorization is a key control in e-business - passwords, firewalls, digital signatures and certificates, and biometrics are especially important and must be carefully monitored.
D) A and C only
E) All of the above

A) Falsified Identify
B) Spoofing
C) Sniffing
D) Hijacking

A) A signature sent over the internet
B) Using unique features of the human body to create secure access controls
C) A medical device that forces subjects to tell the truth during interviews
D) Complex information systems implementation

A) Encryption
B) Firewalls
C) Digital Signatures
D) Biometrics
E) All of the above

A) They know the control environment
B) They understand security mechanisms
C) They find ways to bypass security
D) All of the above

A) E-business is a different type of business than brick-and-mortar companies and must be understood prior to detecting fraud.
B) E-business doesn't have the same fraud risks of other companies
C) E-business fraud symptoms constantly change and cannot be narrowed down
D) E-business fraud detection works best when the queries are automated so that they examine every business transaction and business relationship.

A) Sniffing
B) Spoofing
C) Hijacking
D) Impersonation

A) CSS (Cascading Style Sheets)
B) EDI (Electronic Data Interchange)
C) WWW (World Wide Web)
D) SQL (Structured Query Language)

A) Falsified identity
B) Integrity and ethical values
C) Spoofing
D) Sniffing

A) Dramatic growth, which creates cash flow needs
B) Expensive marketing of new products
C) Unproven business models
D) All of the above

A) Sniffing
B) Spoofing
C) Hijacking
D) Customer impersonation

A) Digital signatures and certificates
B) Spoofing
C) Biometrics
D) Sniffing

A) Because defrauding people is easier when perpetrators can't see the consequences to the fraud victim.
B) Because security measures often lag process development.
C) Because information systems are often complex.
D) All of the above.

A) Identify the risk of doing business with e-business partners
B) Focus only on financial data
C) Be avoided at all cost
D) Cover only non-technological areas

A) Perceived pressures
B) Perceived opportunities
C) Rationalization
D) None of the above

A) Adequate separation of duties (useful for making sure that individuals who authorize transactions are different from those who execute them)
B) Adequate documents and records (documents and records are the physical objects by which transactions are entered and summarized and can be the audit trail by which auditors can investigate wrongdoings)
C) Proper authorization of transactions and activities (most common controls in e-business include passwords, firewalls, digital signatures, and biometrics)
D) Use of internal auditors

A) Data can easily be converted to cash
B) Data can be copied rather than removed
C) Data can easily be transferred to any location in the world
D) Many managers lack the technical expertise to prevent data theft
E) All of the above are useful attributes of data

A) Pressure
B) Opportunity
C) Rationalization
D) All of the above can easily be reduced in e-business

A) Separation of duties
B) Physical control over assets and records
C) Independent checks on performance
D) Passwords

A) Passwords involve a human element
B) Systems cannot handle complex passwords
C) Many systems allow multiple login attempts
D) Two of the above

A) True viruses
B) Internet worms
C) Trojan Horses
D) Spyware

A) Data Theft
B) Sniffing
C) Spoofing
D) Vendor impersonation
E) All of the above are risks associated with doing e-business

A) Reducing fraud opportunities
B) Buying and implementing virus software
C) Keeping software updated
D) Hiring security experts

A) Social engineering
B) Spoofing
C) Data theft
D) Customer impersonation

A) Easier than
B) Harder than
C) The same as

A) Sniffing
B) Unauthorized access to passwords
C) Spoofing
D) All of the above

A) Removal of personal contact between customer and company
B) Pressures to "cook the books" and meet analysts expectations
C) Lack of "brick-and-mortar" facilities
D) Inability to distinguish larger, well-established companies from smaller, faux companies

A) Understanding the business or operations of the organization
B) Use databases and system logs to automatically search for symptoms of frauds likely to occur in a particular company.
C) Physical examination of assets and records.
D) Independent audits and checks on controls.

A) Because the data captured in databases can be analyzed in numerous ways.
B) Because records kept in an e-commerce environment are more detailed than those kept in traditional environments.
C) Because fewer transactions take place in e-commerce than in traditional environments.
D) Because transactions have to be authorized in an e-commerce environment and not in a traditional environment.

A) A fraudster impersonating a customer and buying equipment on the customer's account.
B) A fraudster viewing design data of a special project that is being transferred over a network.
C) A fraudster using another employee's passwords to access sensitive information.
D) An internet site mimicking another site by using .com instead of .org.

A) Physical controls
B) Segregation of duties
C) Authorization controls
D) Checks on performance

A) Separation of Duties
B) Sniffing
C) Authorization of transactions and activities
D) Physical control over assets and records

A) Encryption
B) Spoofing
C) Passwords
D) Biometric Controls

A) Risk assessment
B) Monitoring
C) Control activities or procedures
D) None of the above

A) Monitoring
B) the control environment
C) risk assessment
D) control activities and procedures

A) Data theft, hijacking, and biometrics.
B) Sniffing, kickbacks, and spoofing.
C) Falsified identity, spoofing, and hijacking.
D) Unauthorized access to passwords, data theft, and viruses.

A) Pilferage
B) Theft of money
C) Data theft
D) Employee fraud

A) maturity
B) obscurity
C) purity
D) surety

A) Personal contact is limited so the personal hurt that is caused is not seen
B) Fraud can be committed electronically instead of by stealing physical assets
C) Fraud committed electronically is harder to detect than other types of fraud
D) E-commerce is new and few fraud detectors are familiar with electronic fraud schemes