Role of IT in Fraud Detection

PRESENTED AT
CA STUDENTS SUB-REGIONAL CONFERENCE
JALGAON
Held on 17
th
& 18
th
July 2010

Paper Presented By: - Mr. Yogesh Ishwarchandra Satpute.
(ICAI Students Reg No: WRO - 0261928 CA FINAL Appeared.)

Email: - Satpute@icai.org
1 [ 3 D J H


Executive Summary:-

9 ntroduction.
9 Areas of Frauds.
9 Role of nformation Technology.
9 Prime importance to System Audit techniques.
9 Various Software Packages & Advanced Technologies.
9 Various Agencies nvolved.
9 For your Think-tank.
9 Conclusion.

A) INTRODUCTION:-
History of Fraud Examination: - Worldwide we consider Sherlock Holmes to be the
first Forensic accountant; however the contribution of some of the historic characters
in ndia cannot be ignored. n ndia Kautilya was the first person to mention the
famous forty ways of embezzlement in his famous Kautilya Arthashastra during the
ancient Mauryan Times.
As the complexity of business environment is increasing and as the distance
between the ownership and the management is growing, more and more frauds are
happening and are also being reported in the public. My view is that the fraud is a
universal problem.
The information technology is a double edge sword, which can be used for
constructive as well as destructive work. Thus, the fate of many ventures depends
upon the benign or vice intentions, as the case may be, of the person dealing with and
using the technology.
The problems relating to frauds are further complicated due to absence of a
uniform law solving the "jurisdictional problem". The nternet recognizes no
boundaries; hence the attacker or offender may belong to any part of the world, where
the law of the offended country may not be effective. This has strengthened the need
for a "techno-legal' solution in the present electronic era, rather than a pure legal
recourse.
The increasing deployment of T solutions to manage core business functionality
and provision of online services by enterprises and e-governance projects by
governments, while enhancing the efficiency and effectiveness of operations and
providing value added services has also opened a Pandora's Box of security lapses/
concerns. The incidence of cyber fraud and crime are on rise in geometric progression
leading to the specialized accounting discipline of Forensic Accounting and Fraud
Detection. Chartered Accountants, as the traditional business assurance providers are
best suited to offer these services considering their strong business acumen,
unparallel knowledge of business laws/requirements and strong audit skills to ensure
that necessary checks and balances are in place and detect fraud/ mistakes.
2 [ 3 D J H

Every fraud involves the perpetrator, motive, & Victim:-
The Perpetrator: - nternal/External to organization. (e.g. Disgruntled Employee,
Business rival etc.)
Motive: - Financial or Non financial motives. (e.g. getting income, taking revenge
etc.)
Victims: - Gullible, Desperados and greedy people, unskilled & inexperienced,
and mostly unlucky people.

B) FRAUD OCCURS IN THE FOLLOWING AREAS:-
1) Credit Card Fraud; using credit card skimmer to copy & writer to make card.
2) nternet Transaction Fraud / E-Cash fraud.
3) nsurance Fraud and Health Care Fraud.
4) Money Laundering.
5) e-bay website scam.(selling stolen goods by using sites)
6) Phishing Cases (widely reported case of the e-mail scam involving CC Bank)
7) ntrusion into computers or computer networks.
8) Telecommunications Fraud, Voice Over P (VOP) Fraud & caller D spoofing.
9) Subscription Fraud / dentity Theft.
10) Cybersquatting Registering a domain name of interest to someone else,
(e.g. a business of that name) in the hope of selling it for a profit.
11) Consumer Frauds.
12) P Spoofing, DNS Poisoning, etc.
nstead of discussing of these frauds we have to emphasize on next section i.e.
Role of T.

C) ROLE OF INFORMATION TECHNOLOGY IN FRAUD DETECTION CAN BE
DESCRIBED IN TWO MAJOR WAYS:-
1) Detection of frauds committed with help of nformation Technology. (e.g. cyber
frauds, and other networking threats.)
2) Detection of frauds/other criminal or civil offences committed without any
involvement of .T. but to be detected with the help of State of The Art
Technology. (e.g. processing of evidences/fingerprints by computers,
technologies that are combination of forensic science and computers.)

Some practicaI case studies and detection methodoIogies:-
1) Tax refund scam (ndian case): 3 -T men held TNN, Feb 22, 2010, Police arrested
three income tax (-T) officials and two of their accomplices in connection with a
Rs 3-crore fraudulent tax refund scam. CB joint director Rishi Raj Singh said
there is a lacuna in the -T computer system. "The -T officials enter the system
with the help of a security token. The password changes automatically in a
specified time but the machine remain valid for four hours for processing even
after logging out," he said. The software is not capable of making online
3 [ 3 D J H

checking of TDS payments with the master data stored with National Securities
Depository Limited. Timely detection has prevented Rs 6 crore from being
withdrawn from the system, CB said.
2) Cellular cloning fraud (United States case):-cellular fraud cost the telecommunications
industry hundreds of millions of dollars per year. Spreading fast in major cities
throughout the United States. Cloning occurs when a customer's Mobile
dentification Number (MN) and Electronic Serial Number (ESN) are
programmed into a cellular telephone not belonging to the customer. With the
stolen MN and ESN, a cloned phone user (which we call a bandit) can make
virtually unlimited calls free of charge.

D) PRIME IMPORTANCE TO REGULAR FINANCIAL AUDITS AT FREQUENT
INTERVALS & SYSTEM AUDITS:-
Various Softwares available for fraud Detection during the course of Financial
Audit as well as system audit. Auditors focus their concern on the control aspect.
Though not solely aimed still many times it results in detection of fraud. Various
concurrent audit techniques are available to auditors e.g. TF, SCRAF, Snapshot
technique, Audit Hooks, Continuous & ntermittent Simulation etc.

CAAT AND CAATT
Computer Assisted Audit Techniques or Computer Aided Audit Tools (CAATS),
also known as Computer Assisted Audit Tools and Techniques (CAATTs), is a
growing field within the financial audit profession.
n the most general terms, CAAT can refer to any computer program utilized to
improve the audit process. Generally, however, it is used to refer to any data
extraction and analysis software. This would include programs such as SAS, Excel,
Access, Crystal Reports, Business Objects, word processors, etc. There are however
companies that have developed specialized data analysis software specifically for
auditors.
Product Name / Brand Company

Audit Command Language (ACL) ACL Services Ltd.
nteractive Data Extraction and Analysis (DEA) CaseWare nternational
ESKORT Computer Audit (SESAM) ntracom T Services Denmark A/S
ActiveData For Excel nformationActive nc
CorpSystem ActiveData CCH / Wolters Kluwer
Monarch Datawatch Corporation
TopCAATs for Excel Reinvent Data Ltd
Picalo Partly Open Source
4 [ 3 D J H


Audit specialized software can easily perform the following functions:-
Data queries, Data stratification, Sample extractions, Missing sequence
identification, Statistical analysis(SAS), Calculations, Duplicate inquires, Pivot tables,
Cross tabulation, Creation of Electronic Working Papers, Fraud Detection, etc.
CAAT provides auditors with tools that can identify unexpected or unexplained
patterns in data that may indicate fraud. Whether the CAATS is simple or complex,
data analysis provides many benefits in the prevention and detection of fraud.
CAATs can assist the auditor in detecting fraud by performing and creating the
Analytical Tests, Data Analysis Reports, Reports produced using specific audit
commands such as filtering records and joining data files, Continuous Monitoring
Ongoing process for acquiring, analyzing, and reporting on business data to identify
and respond to operational business risks. CA's Guidance note on CAAT can be
referred.

E) VARIOUS SOFTWARE PACKAGES & ADVANCED TECHNOLOGIES:-

a) Disk imaging and anaIysis technique: - n this technique the exact copy of
computer hard disk is taken keeping original intact, this is to be done without
fraudster being alerted. n the next stage the image is processed and areas of
storage are recovered. n the final stage the processed image is analyzed to
search various phrases, numbers, words, etc. this can be done by specialized
search softwares. Files can be recovered from Free space, Lost chains, Slack
space, Deleted files, Widows SWAP files, Temporary internet files, etc.
b) Recovering the deIeted fiIes/Format Recovery:-
Under normal circumstance when a file is deleted from within the operating
system in which it was created,
the actual bytes that contain the
file information are not
physically removed from the
hard disk. All that happens is
the reference to the file in the
file allocation table is removed.
This means that the space
occupied by the file is made
available to be overwritten by
other data. However, at the time
the image is taken it is probable
that there will be a number of
deleted files or file fragments
that have not been overwritten
and are therefore available to the investigator. The processing software can
recover them. n the same way data on completely formatted disk can also be
5 [ 3 D J H

recovered. For better understanding Screen shot of data recovery software is
given above.

c) Network Interception Detection & Network monitoring :-
WRESHARK is a free and open-source packet analyzer. t is used for network
troubleshooting, analysis, software and communications protocol development, and
education. t can be also used to monitor Wi-Fi connection i.e. WEP, WPA, WLAN,
etc. wireless networks. Originally named Ethereal, in May 2006 the project was
renamed Wireshark due to trademark issues.Wireshark is cross-platform, using the
GTK+ widget toolkit to
implement its user
interface, and using
pcap to capture
packets; it runs on
various Unix-like
operating systems
including Linux, Mac
OS X, BSD, and
Solaris, and on
Microsoft Windows.
There is also a
terminal-based (non-
GU) version for Linux
called TShark.
Wireshark, and the
other programs
distributed with it such
as TShark, are free
software, released under the terms of the GNU General Public License.

d) Investigation of incidents:-
x ENCASE is used to investigate
thoroughly any incident across the
network. t can be used to investigate
allegations of fraud, investigate HR
matters, Suspicious network
activities and more featured with a
forensically sound solution
operatedfrom a central location of
business. t doesn't disrupts ongoing
business activities. Provides a
platform for the automation of e-
Discovery and network audits.
6 [ 3 D J H

nvestigate multiple machines simultaneously at the disk and memory level over the
network Acquire data in a forensically sound manner, using software that has an
unparalleled record in courts worldwide nvestigate and analyze data from a wide
variety of operating systems and email servers. Most widely used tool for Digital
Investigation.
e) Advanced FirewaII TechnoIogies to detect Intrusion:-
ZONE ALARM by
Check point is a
software Firewall which
protect servers from
spywares, Hackers,
Viruses, and
unauthorized access.
As far as Role in
detection is concerned it
can be explored to
reveal logs maintained
by it. Automated logs
(Alert Logs & Log
viewer panel) generated
& saved by this application can used to understand the exact situation
prevailing before any security related event.

f) Techniques with Advanced capabiIities of Forensic Sciences:-


















7 [ 3 D J H


WINHEX & X-Ways Forensics-
This is the most powerful software used for forensic investigation of Hard
Disc, removable storage media, memory stick, etc. This software is embedded
with Advanced Forensic Features like Case Management, Evidence Objects,
Case Log, Case Report, nternal Viewer, Registry Report, Volume Snapshots,
Mode Buttons (Disk, File, Preview, Details, Gallery, Calendar,), Simultaneous
Search, Search Hit Lists, ndexing, ndex Search, Hash Database, Time Zone
Concept, Evidence File Containers, Directory Browser, Report Tables etc.

g) E-maiI tracking softwares:-

e-mails can be traced using Full Headers Without the Full
Headers, it's impossible to report Spam or Scam email since the
Brief Headers (just the From, To, Date, and Subject) don't provide
any information that can be used to find out where the malicious
email is coming from.The best example is that of
eMaiITrackerPro. For practical experience request readers to When the email
comes up you will notice a 'Display Full Header' link to the right hand side of the
screen as shown in figure. Open eMailTrackerPro if it is not already open and click
inside the dialog box where the headers are to be pasted. The headers should be
automatically pasted into the dialog box, if this is not the case then hold down the 'Ctrl'
key again and press the 'V' key to paste the headers into eMailTrackerPro. Once the
headers have been pasted click the 'Trace' button to initiate the trace.

h) Detection of fraud using Internet ProtocoI Scanning Softwares:-

Angry P Scanner is the better
example of nternet Protocol
Scanning softwares. These can be
used by technically sound person to
detect frauds involving nternet
Protocols. t is online fraud detection
solution based around the
combination of P reputation
analysis and a mutual collaboration
network. P reputation takes
geolocation and proxy detection to
the next level by providing relevant
information about the P's historic behavior, legitimate and suspicious.


8 [ 3 D J H

i) Use QuickBooks to Detect Fraud: -
QuickBooks is the most popular accounting software package for small-
business owners, (Don't visualize/Compare with Tally etc.) and there are
safeguards built into the software to aid in the detection of fraud. Make sure your
version of QuickBooks is current2009 or later. n 2009, QuickBooks made a
much misunderstood part of the software easier to use: the Audit Trail. Every
entry in QuickBooks is recorded indelibly onto this trail. f an invoice is changed,
deleted or altered in any way, the Audit Trail captures the identity of the user
who changed it, the time and day the change occurred, and what was changed
to generate the Audit Trail report.
j) Data Mining & AnaIyticaI techniques:-
Matching Data: Use the VLOOKUP() function in Excel or Join Databases
feature in DEA to match data from different sources Such data must have a
common field, usually called as 'Key field' on which the data is joined.
Case studies:
Match the payroll data with the card swipe data / server log on data on the
employee D to detect ghost employees
Match the transaction file received from the stock exchange with the
transaction data from the broker's application on client D to detect possible
money laundering.
k) Phishing detection:-
Phishing involves fraudulently acquiring sensitive information (e.g.
passwords, credit card details etc) by masquerading as a trusted entity. The
spoofed mail received requesting for username & password of bank account or
asking for credit card details. This mail also contains request to click given link
for direct access to account and that's the point of difference. The fake site is
exactly same as the original site is.
n this case, the user was enticed with a misleading URL. Such urls can be
created easily using simple html code such as:
<a href=http://www.nood1ebank.com>
http://www.noodlebank.com</a>
This link displays the correct url but on clicking takes the user to the spoofed url.
http://www.NOODLEBANK.com%00@%36%
37%2e%31%39%2e%32%31%37%2e%35%
33
This url does not lead to
noodlebank.com, it leads to the website
on the P address 67.19.217.53 that's
the fake site.
(Visit: - http://www.antiphishing.org )
(Visit: -http://www.dolcevie.com/js/converter.html)
(Visit: - http://spamavert.com )

9 [ 3 D J H



F) REPORTING OF FRAUD CASES & VARIOUS AGENCIES INVOLVED :-
As we have seen various techniques and actual softwares used for fraud
detection, still basic fact is that these softwares are not commonly used, but
used by some prime agencies of particular country, may be government or
private agency.
Practical examples.
Here is practical example of Cyber Crime nvestigation Cell (ndian Agency) &
United Secret Service (Agency Of United States) for nvestigation of frauds and
other Offences.



The National Fraud Authority (NFA) is the government agency co-coordinating
the counter-fraud response in the UK.
Are you scammed recently by a Nigerian email scammer, or blackmailed or
have come through any online fraud recently? ts time to report to the ndian Cyber
Crime department via their newly launched toll-free number and get the accused
punished for their wrong acts.
ndian Cyber Crime Phone Number: 1800 209 6789 (source: cybercrime investigation cell website)
Cyber cell Mumbai: 22630829, 22612090 (DCP-prevent), 22620111(ACP-cyber).
You can report with the Cyber Crime department if you have a case which is
related to Cyber stalking, cyber harassment, Online harassment, unsolicited calls,
pornographic MMS, online fraud, phishing, or even threat mails. You can also get
professional assistance regarding any of the above crimes for free at the above
mentioned toll free number in order to help online internet users.
(Visit: - http://www.bustathief.com)



10 [ 3 D J H




G) FOR YOUR THINK-TANK:-

Section 65 B of Indian Evidence Act relates to the admissibility of
electronic records as evidence in ndian Courts. The computer holding the
original evidence need not be produced in court. A printout or a copy on CD
ROM, HD, and Floppy etc. can be produced in courts.
Private defense in Cyberspace: - The problems associated with the use
of malware are not peculiar to any particular country as the menace is global in
nature. The traditional concept of private defense is available under the
provisions of Indian Penal Code (PC). The same is equally applicable to the
Information Technology Act, (TA) as well, though with its peculiar modifications.
Data mining tools can help promote a company's business intelligence
function by using data to create key patterns that help management operate and
change the business, if necessary. This business intelligence tool is divided into
four key processes: classification, clustering, regression and association rule
learning.
Measure your organization's fraud control management system, and
identify opportunities for improvement. n this course, Certified Fraud Control
Manager (certifiedinfosec.com) and Certified Fraud Examiners (CFEisaca.org) will lead
you through two professionally narrated fraud risk assessments:
1. Assessment #1: Assess your organization's Fraud Control Management System
2. Assessment #2: Assess your organization's fraud control practices and
procedures.
ICAI is offering 200 hours Certificate Course on Forensic Accounting &
Fraud Detection using IT & CAATs (FAFD). (Visit: - http://isa.icai.org)

H) CONCLUSION:-
Detection of Frauds is Art as well as Science. There is much art and science
still being developed surrounding various aspects of fraud detection. This write-up
has provided summary of State of The Art technology. Prevention and detection is
a part of the work, but the key is evidence collection. For this, it is important to
analyze the financial data, identify all possible classifications, understanding the
methodology of the fraud, assess the damage and finally submit the report.
Technology has come to the rescue and that integrated surveillance system has
actually helped in curbing down the cases of frauds. But a high level of alertness
can go a long way in further curbing down these fraudulent practices. sincerely
hope that the best is yet to come. Forthcoming years will be still more productive,
innovative & providing effective techno-legal solutions in the service of our Great
Nation.