M.S. in Economic Crime Management Dissertations
In an effort to promulgate Utica College’s graduate students’ capstone projects in the M.S. degree in Economic crime Management, the Economic Crime Institute publishes dissertations chosen by faculty. The objective is to provide resources to individuals seeking information on topics such as economic crime investigations, data breaches, money laundering, identity theft, digital investigations, risk management, cybercrime trends, digital investigations, and other topics.
Credit Card Fraud and Social Engineering
By Glenn A. Hall
Credit card fraud is a billion dollar a year industry (Nilson, 2011). Financial institutions invest heavily in detection and prevention technology in an effort to mitigate their losses due to fraud. Bank technology spending is estimated to grow approximately 30 percent to $7.2 billion by 2015 in anti-fraud technology for mobile banking alone (Computerworld, 2012). According to the Federal Trade Commission, the total number of complaints submitted to the Consumer Sentinel database in 2005 totaled 686,683, an increase of 21 percent from 2003 (Identity Theft Data, 2005). Identity theft complaints represented 255,565, or 37 percent of the total complaints, and the most common type of identity theft was credit card fraud. In an effort to stem the tide of identity theft related fraud losses, the credit card industry have traditionally taken the approach of investing more money and resources into enhancing their authentication technology. However, technology alone has not, and will not, effectively address the problem. The millions of dollars and thousands of man-hours invested in the development of new authentication technology is undermined by the financial institutions’ front-line employees and the credit card banking customers themselves due to the cunning and, often times impressive, social engineering and technical subterfuge tactics perpetrated by the fraudsters.
Analysis Of Fraud Per petrated Through ATM
By Lisa Frikker-Gruss
The global payments industry is currently undergoing a technological shift in security protection. Unfortunately, the United States of America has been lagging behind the rest of the world in implementing standards to enhance protection, such as Chip and PIN authentication in payment cards and biometric validation systems at payment terminals. Payments industry leaders have forced a 2016 deadline for equipment operators to upgrade the technology to either comply with Chip and PIN capabilities or endure increased liability. This initiative is not without warrant, as organized criminal gangs from around the world have moved their operations into the United States. The older technology is thus making this country an easier and more susceptible target.
This project focuses specifically on skimming fraud perpetrated at automated teller machines. The Chip and PIN technology used in countries abroad has enhanced user authentication, however, it too has deficiencies and limitations. The vulnerabilities of the random number generator that were identified through a study completed out of the University of Cambridge are reviewed. Additionally, the benefits of using biometrics are highlighted as an authentication tool to implement even after Chip and PIN technology is introduced in the United States.
This project demonstrates the strengths of predictive analysis as a detection tool by measuring a customer’s demographic and behavioral metrics and discovering the commonalities that exist within legitimate and fraudulent transactions. The goal is to offer strategic solutions for financial institutions to customize into their organization. To achieve effective operational risk management, multiple layers of user authentication and transaction verification should be analyzed and implemented.
The Current State Of Critical Infrastructure Protection
By Jessica Katz
The electric grid is one of eighteen critical infrastructures in the United States that is at risk from cyber attacks. As critical infrastructures become more reliant on networked systems, it is likely that the threat of cyber attacks will increase. These types of attacks are easily executed, inexpensive, and may be performed from anywhere in the world, making it an all too popular tool among hackers and terrorists.
Cyber attacks launched against the electric grid have serious economic impact. The banking and financial sectors rely heavily on electricity to facilitate transactions via computer networks. Due to increased reliance on electricity, it is important that both physical security and cyber security of the electric grid is improved.
The United States and Australia have established and implemented critical infrastructure protection strategies to protect against cyber based threats. This research established that there is a need for the public and private sectors to partner in regard to critical infrastructure cyber security, specifically the electrical grid. The ability of a nation to adequately defend against cyber attacks is highly dependent upon information sharing between private industry and government.
Research concluded that the United States information protection regulations are stronger than Australia’s. The Australian government has a laissez faire approach to information protection as opposed to a highly enforced compliancy standard, as implemented in the United States. Further research into how other countries are regulating cyber security is required to provide insight into an effective information protection strategy for the future of critical infrastructures.
Into The Breach: Lessons Learned From Data Breach Research
By Christine Arevalo
Organizations are exposing personal information at an alarming rate, with a probable correlation to an increase in identity theft victims. Data breaches are a growing threat to commerce, concern for policymakers, and businesses; as well as a hotly debated topic among legislators and academics.
This project offers a unique perspective on this topic since the researcher has visibility into dozens of organizations and hundreds of data breach events. This two part research project will clarify important points, and expose fundamental research gaps that exist today.
Key results suggest that the phenomenon known as “over-notification” does not truly exist, that individuals are not overly anxious upon receipt of notification letters, and that additional research is needed in a few key areas regarding the content of notification letters.
Improving the Performance of an Economic Crime Investigative Unit: Resource Allocation at the Florida Office of Financial Regulation, Bureau of Financial Investigations
by Christopher E. Hancock
The Florida Office of Financial Regulation [OFR] licenses, regulates and conducts compliance examinations of financial services companies including mortgage brokers and lenders, money service businesses, consumer finance companies, securities broker-dealers, and state chartered financial institutions. Within the OFR, the Bureau of Financial Investigations [BFI] is the criminal justice agency responsible for conducting economic crime investigations into allegations of fraudulent and unlicensed activity.
The BFI currently lacks clear objective criteria for prioritizing the use of limited investigative resources. At a time of state budget cuts, the BFI needs to analyze its workload and enhance its ability to focus resources on those cases where the potential financial harm to Florida’s citizens is greatest. This research involved quantitative analysis of case management data collected on investigations completed by the BFI over a six-year period. Various data mining methodologies were examined and neural network technologies applied in an attempt to provide a more rational and objective basis for decision making.
The research findings suggest that conventional OFR wisdom concerning resource allocation is not be supported by the evidence. The application of neural networks to BFI case prioritization was found to hold promise, but further research will be needed to produce a reliable, robust model.
Identity Theft Investigation Training For Law Enforcement First Responders In NYS
By Vernon McCandlish
Identity theft continues to be a growing problem in the United States. According to the Federal Trade Commission, identity theft is the leading reported consumer complaint. Studies have revealed that the law enforcement first responder is ill-trained in handling these cases, and this has resulted in victim dissatisfaction with the police investigative process. While these studies have recognized this as a weakness in the government’s response to identity theft, none of these studies identified what investigative steps are the most effective, what training is necessary to bolster the quality of the first responder’s initial investigative actions, and what if any additional concerns the victim has regarding the investigation and reporting process.
The purpose of this study was to identify the best practices for law enforcement first responders to engage in, when assigned to investigate instances of identity theft. The police agencies selected for these structured interviews were large state police agencies in states with significant identity theft activity and large city police agencies in New York State. The goal of this project was to enumerate their existing investigative techniques, training programs, and response policies with regard to instances of victim reported identity theft. Structured interviews with police agency planners responsible for planning response protocols, and instructors, responsible for training revealed a set of best practices for identity theft investigations. The derived best practices became the basis for a training program that focuses on procedures and skills the law enforcement first responder needs so they can provide quality service to the victims of identity theft.