Detect of better customer service and the

Detect Fraud in E-Commerce Applications by using e SCARF as Continuous AssuranceThe growth of electronic commerce (‘e-commerce’) in the world has been dramatic over the past few years, with forecasts suggesting that this explosive trend will continue (Pastore 2002). The birth of the dot-coms who have capitalised on the advantages e-commerce provides, such as lower barriers to market entry, as well as the extensive integration of e-commerce systems into incumbent organisations is testament to this. This growth has arisen as the benefits of e-commerce have been realised by businesses and consumers alike. In the ‘digital economy’, e-commerce has facilitated efficient information exchange, enabled cost reductions, provided new revenue opportunities and increased process efficiencies. Customers also reap these benefits through the reception of better customer service and the greater convenience of paperless online transactions (Turban 2000). E-commerce is ever more becoming intertwined with how organisations do business and are operated.  However, this tight integration with e-commerce has increased the exposure of businesses to a broader range of risks such as security, privacy and reliability concerns (Daigle and Lampe 2000). Actual and perceived security concerns, in particular, are large barriers preventing a more rapid uptake and growth of ecommerce (Elliot and Fowell 2000). Managing these risks becomes of great importance to companies partaking in any e-commerce operation – both in protecting company e-commerce revenue flows from security-related mishaps (such as fraud, theft and systems failure), and in assuring hesitant customers of the safety of engaging in e-commerce.  One of the chief security risks is fraud (Anandarajah and Lek 2000; Cerpa and Jamieson 2001). In any transaction, participants want to ensure proper receipt of payment in exchange for goods or services. Failure by one party to receive what they expect may indicate the occurrence of fraud. As a consequence of the advent of ecommerce, new methods of carrying out financial transactions mean that new methods by which fraud is perpetrated also arise (such as shill bidding in online auctions (Wang, Hidvégi and Whinston 2001b)). The presence of fraud, or even the threat of it is a deterrent to businesses and customers alike, who may choose to resort to more traditional means of performing transactions (Elliot and Fowell 2000). Currently, a variety of tools using a myriad of approaches to detect fraud do exist, but their use is limited, fragmented and their effectiveness is untested (section 3.2.4). The fraud detection solutions that do exist for businesses engaging in e-commerce tend to be proprietary in nature and how they work is unpublicised. The electronic environment therefore has need for effective controls, built around a generalised, tested framework, that will mitigate the risk of fraud that e-commerce poses. It is clear that businesses stand to benefit from the ability to reduce fraud, but the development of these controls is also important for auditors. An essential responsibility of auditors is to plan and conduct audits for irregularities induced by fraud, other illegal acts and errors, that impact upon the financial reports of an entity (AUS210 2002; Baer 2002; AICPA 2002). Therefore, enabling better detection of fraud would facilitate an auditor’s job.  Fraud prevention is difficult in the faceless world of the Internet, and any measure designed to respond to it must be able to do so in a timely manner. Continuous assurance (CICA) offers a timely method of assurance where, by monitoring transactions (flows of information, especially payment and order details) in real-time, irregularities that point to illicit behaviour may be promptly detected and dealt with. Continuous assurance systems capitalise on the infrastructure and real-time nature of e-commerce systems. In fact, continuous assurance systems rely on the system being assured to be a quick and reliable source of relevant data, because the assurance system must, in turn, provide its own service of delivering timely assurance and reporting information (Vasarhelyi, Kogan and Sudit 2000). Such a system will be able to detect fraudulent activity in an e-commerce system in an unobtrusive manner. There is a need to develop an assurance system that can be easily integrated into existing systems, be flexible to adapt to different organisations and organisational change, and provide control over the assurance process (Vasarhelyi, Kogan and Sudit 2000).  This thesis has a variety of aims, focusing primarily on improving our understanding of detecting and preventing fraud in e-commerce systems by the use of continuous assurance systems. A conceptual model relating the aspects and concepts associated with the real-time monitoring of e-commerce transactions for fraud will be developed. Explored along the way will be the various continuous assurance methods for ecommerce fraud detection, before we finally settle on using the SCARF (Systems Control Audit Review File) technique to implement an assurance system that will provide assurance for financial transactions for a business to consumer e-commerce store. This system, called eSCARF (electronic SCARF), will be adapted for the IBM WebSphere Commerce (interchangeably referred to as WebSphere) environment from a prototype eSCARF system developed by Ng and Wong (1999). Following the implementation of eSCARF, a user evaluation of the system will be acquired from professionals with experience in auditing. The evaluation will be obtained by performing an evaluation survey, assessing attributes of the system from an auditor’s perspective, looking at its design quality and perceived usefulness. This will aid the future and ongoing development of eSCARF by providing valuable user input, as well as shedding further insight into auditors’ requirements for continuous assurance systemsAbstract:This thesis is concerned with improving our understanding of detecting and preventing fraud in electronic commerce (e-commerce) transactions by using continuous assurance systems. It also seeks to evaluate the usefulness of eSCARF, a continuous assurance system for fraud detection, which is developed in this thesis. The area of electronic fraud was targeted as it is one of the major risks for businesses engaging in the rapidly growing practice of e-commerce today. The ability to mitigate this risk is valuable to businesses and auditors, and continuous assurance systems, which may provide assurance services in real-time, offer such an ability. A conceptual model was constructed to produce a generalised overview of the fraud auditing environment, and the objects and forces influencing the process. This allows us to better understand and visualise the relationships between all these issues.  The second part of this thesis developed a continuous assurance system that may be used to combat electronic fraud. This system is called eSCARF (electronic System Control Audit Review File), designed for the IBM WebSphere Commerce 5.4 ecommerce system. The development of eSCARF is documented and provides insight into the architecture of a continuous assurance system.  The third part of this thesis involves a user evaluation of eSCARF by 15 auditors via an evaluation survey. The evaluation survey assessed the quality and perceived usefulness of the system. The survey discovered that the participants regarded eSCARF as a highly usable system with clear indications of its usefulness in effectively detecting e-commerce fraud. Further input gathered from auditors provided ways eSCARF could be enhanced. With this information and the verification of eSCARF’s feasibility and applicability for fraud detection, future avenues for eSCARF’s continued development are mapped out.   Litrature reveiw:Electronic commerce relates to the usage of electronic communication networks to conduct business transactions (Turban 2000). The emergence of e-commerce in society has profoundly impacted upon how people manage and conduct business. It has changed how companies operate internally, whilst also giving them the opportunity to expand into new, previously untappable, markets. The ubiquitous nature of e-commerce has also accelerated globalisation as instantaneous information exchange is possible anywhere on the planet. The smallest of firms employing ecommerce potentially have access to a global market. The largest of firms have redefined or remodelled themselves in response to the advent of e-commerce. Indeed, e-commerce not only affects the way business is conducted, but its nascent influence reverberates through to changing the world economy (Nezu 2000).  Nonetheless, this new dimension of business has problems, barriers and disadvantages that inhibit its expansion. It is a phenomenon undergoing continual, rapid change and maturity. Increasing levels of integration of e-commerce systems into business has led to an increasing level of reliance on these systems. Interorganisational systems and globally distributed data means that ensuring the availability, integrity and confidentiality of the information these systems process is of paramount importance. Unfortunately, it is the pace of e-commerce system development that amplifies the huge challenge of ensuring those same systems are secure.  This thesis examines specifically the threat of fraud which is the largest security risk that has direct implications upon the revenue flows and costs of a business.  It is for this reason that e-commerce security should receive collaborative attention from research institutions and commercial organizations, such that security may be able to keep in step with the latest advancements in e-commerce (Anandarajah and Lek 2000). Current approaches tend to be fragmented in nature, due to the wide variety of systems in the marketplace, and the trend of interorganizational systems integration means that unless a more unified approach to surging up security is taken, the rise in number of points a large e-commerce system has that are exploitable will be increasingly detrimental. A system vulnerable to different types of fraud stands to be a large liability over more traditional means of business and undermines the attractiveness of e-commerce. Moreover, customers that perceive that their ecommerce transactions are susceptible to fraud are not encouraged to engage in such business (Elliot and Fowell 2000). Only when security systems are developed that can, with a reasonable degree of effectiveness, detect fraud, will this barrier to e-commerce uptake be assuaged.  3.1.1 The Impact of E-Commerce There can be no denial that e-commerce has made a definite and significant impact upon the global economy. Its integration into society has affected the ways people manage and conduct business. The spread of e-commerce will continue as organizations use it to increase productivity as well as another avenue for sales and service. In fact, Clarke (1993) predicts that business-to-business (B2B) and businessto-consumer (B2C) e-commerce will become so popular that most businesses will be forced to enter the digital economy in order to retain competitive advantage.  In a study encompassing the first half of 2000, the Internet Economy was, in the United States, found to support more than 3 million workers (CREC 2001). Online businesses numbered 550,000 by mid-2000 (Cerpa and Jamieson 2002), up 30 percent from the previous year. The United States Department of Commerce estimated that retail e-commerce sales for the fourth quarter of 2001 totaled $10 billion (Pastore 2002), up from $5.3 billion in the same period in 1999 (Armstrong 2000). In contrast, total retail sales were $821.2 billion and $860.8 billion in the fourth quarter of 1999 and 2001 respectively. Although e-commerce only accounts for a miniscule portion of all retail sales, e-commerce sales have doubled proportionate to total retail sales in the two year period, reflecting an increasing amount of e-commerce usage. That ecommerce sales only compose about one percent of total retail sales demonstrates there is plenty of room for e-commerce to continue expanding into.  From a worldwide perspective, IDC found that e-commerce spending grew 68 percent between 2000 and 2001 to reach $600 billion. IDC estimates that this will continue increasing to a massive $1 trillion in 2002 (Pastore 2002). The numbers above are primarily in reference to B2C transactions. It is postulated that B2B transactions outstrip B2C ones with the Gartner Group predicting 2004 worldwide B2B revenues at $7.3 trillion. It is this profit potential that has lured venture capitalists into investing into ‘dot com’ companies which are trying to ‘ride the wave’ and establish themselves as profitable businesses.  There are many other statistics that may be cited. However, one thing is clear – that ecommerce’s prominence in business is increasing. In the next few years, this growth is forecasted to continue unabated.  From an organizational and management perspective, the changes e-commerce has wrought have been just as dramatic. Most notably, the restructuring of the ‘Big Five’ multinational accounting firms to separate their e-commerce consulting arms from their auditing arms. The impetus for this is to ensure that their audit work is not compromised as a conflict of interest exists if a firm both consults and audits the same client (Kane 2002). Accenture’s separation from Andersen, as a result, also gave it independence such that when Andersen was shaken by the collapse of Enron and consequential legal proceedings, Accenture was relatively untouched. PricewaterhouseCoopers has spun off its consulting arm which was acquired by IBM, Deloitte Touche Tohmatsu spun off its consulting arm into Braxton, with KPMG likewise turning theirs into BearingPoint.  Apart from sales and marketing, e-commerce systems are also employed for operational and supply purposes, including finance, logistics and procurement. Incumbent firms especially have managed to take advantage of these types of systems, enabling cost reduction and greater process efficiencies (Turban 2000)References:       Kaiyoong Deng; Ruzhang; hong Guo; “Analysis of study on detection of credit fraud in E – Commerce” future computer sciences of application (ICFCSA), 2011 , P (12- 15)   Malanzato,R; Neubert M; Peleeira, A.M; dolago, A.P: “Feature Extraction for fraud detection in electronic marketplaces” web congress, 2009 pg (182 – 192) Chun – Hsiu Yeh; Tsui – ping chang; wesi – chang sher: “Developing the continuous Assurance Embedded continuous audit web services”, Asia – Pacific services computing conference, 2008, APSCC, 08 Pg (1049 – 1054)          Alles, M. G., Kogan, A. and Vasarhelyi, M. A. (2002), Feasibility and economics      .            of continuous assurance, Auditing: A Journal of Practice and Theory, vol. 21 (1), pg. 125-138    Addison-Wesley; Anandarajah, Benjamin and Lek, Monkol (2000), “Using Data                          .            Mining to Detect E-Commerce Fraud”, Report No. 37 1998-99.    Baker, C. R. (1999) An Analysis of fraud on the Internet, Internet Research-Electronic Networking Applications & Policy, 9(5), 348-359. Compton, P., Edwards, G., Kang, B., Malor, R., Menzies, T., and P. Preston (1991) Ripple down rules: possibilities and limitations, Proceedings of the 6th Knowledge Acquisiting for Knowledge Based Systems Workshop, Banff, pp 2-5. Elder IV, J. and D. Pregibon (1996) A Statistical Perspective on Knowledge Discovery in Databases, U.M. Fayyad, G. Piatetsky-Shapiro, P. Smyth, and R. Uthurusamy, eds., Advances in Knowledge Discovery and Data Mining, pp. 83-115, AAAI/MIT Press. Fayyad, U., Piatetsky-Shapiro, G., Smyth, P., and R. Uthurusamy (1996) Advances in Knowledge Discovery and Data Mining, AAAI/MIT Press, 1996. Groth, R. (2000) Data Mining- Building Competitive Advantage, Prentice Hall. Holsheimer, M., and A. P. J. M. Siebes (1994) Data Mining, the search for knowledge in databases, Report CS-R9406, CWI, Amsterdam, The Netherlands, pp. 8-19, 41-49. Lach, J. (1999) Data Mining Digs In, American Demographics, July, pp38-40, 42-45. Lunt, T. L. (1993) A Survey of Intrusion Detection Techniques, IPIP-TC11 Computers and Security, 12(4), pp 405-418. Mitchell, T. M. (1997) Machine Learning. Singapore: McGraw-Hill. Nath, R., Akmanligil, M., Hjelm, K., Sakaguchi, T., and M. Schultz (1998) Electronic Commerce and the Internet: Issues, Problems, and Perspectives, International Journal of Information Management, 18(2),  pp 91-101. Quinlan, J. R. (1993) C4.5: Programs for Machine Learning, Morgan Kaufmann. Smith, R. (1999) Fraud : What Response?, Australian CPA, November,  pp. 39. Sweeney, P. (1999) Cyber-Crime’s Looming Threat, Banking Strategies, July/August, pp 54-56,58-59. Thrun, S. B., Bala, J., Bloedorn, E., Bratko, I., Cestnik, B., Cheng, J., De Jong, K., Dzeroski, S., Fahlman, S. E., Fisher, D., Hamann, R., Kaufman, K., Keller, S., Konomenko, I., Kreuziger, J., Michalski, R. S., Mitchell, T., Pachowicz, P., Reich, Y., Vafaie, H., Van de Welde, W., Wenzel, W., Wnek, J., and J. Zhang (1991) The Monk’s problems: A performance comparison of different learning algorithms, Technical Report CMU-CS-19-197, Computer Science Department, Carnegie Mellon University, Pittsburgh, PA. Wong, K., Ng, B., Cerpa, N., and R. Jamieson (2000) An Online Audit Review System for Electronic Commerce, Proceedings of the Thirteen Bled Electronic Commerce Conference, Slovenia, pp 19-21