Millions going missing in SA
R5.5m was stolen from the education department in Mpumalanga via password and sign-on fraud in August and September last year. Bank details of genuine beneficiaries were changed on the department's Basic Accounting System and several payments of between R864 000 and R989 000 were channelled to seven other accounts
In March this year, it was reported that stolen passwords were used to divert funds from the Social Security Agency into personal accounts and three people were arrested for fraud in Esikhawini, KwaZulu-Natal.
In the same month, three officials in the marine and coastal management branch of the department of environmental affairs were suspended for allegedly diverting donor funds into a private account
Passwords: the root of all evil?
Controlling system access and managing passwords is a big headache for IT departments. It is frustrating, time-consuming and costly. Aside from the persistent admin problems and costs of passwords, we write them down, put them on sticky-notes, share them, pop them into our phones and even keep them on spreadsheets. Driven by the need for speed and convenience, this happens every day in offices all over the country.
But passwords also leave the door wide open for insider crime and the increasing damage it is causing.
Just how damaging can insiders be?
IT-based insider crime is all bad for the bottom line. Insiders modify data to enrich themselves, their families and friends. They steal data and sell it to others. They're often bribed by outsiders to alter data and frequently they vandalise or 'publish' sensitive data because of a grudge against the organisation.
Some of the common dangers are as follows:
One South African organisation taking the issue seriously is the Department of Agriculture, Forestry and Fisheries which implemented a password replacement solution in 2009.
Within the Department, the Budgets & Reporting Directorate manages financial control systems. This includes controlling sign-on to PCs and secure applications used by finance, HR and supply chain management.
For years, passwords had created problems for users and system controllers. With sign-on credentials for the Government's transversal systems, including BAS, Persal and LOGIS, changing every 15 to 30 days, there was a high incidence of forgotten passwords, resulting in lockouts and wasteful downtime. Resetting passwords also placed an unnecessary burden on help desks, diverting the technical support team from more productive tasks.
An audit of password procedures and risk revealed that staff were writing down their passwords and the proximity of workstations meant users could see each other's passwords when they were being entered. By installing a product called SuperSign with Sagem desktop fingerprint readers, all passwords - from initial PC sign-ons to credentials for accessing each application - were replaced with fingerprint sign-on.
As well as enhancing security, there are no more lockouts stemming from confusion over which password goes with which application and SuperSign has eliminated password queries for all biometric-protected applications.
Fingerprints control IT sign-on at the Department of Home Affairs
To end IT-based fraud around ID documents, Home Affairs is introducing this sort of biometric-based security. In April this year, the department said that it was tackling internal corruption and that biometric sign-on is being implemented.
Minister Nkosazana Dlamini-Zuma said that, "We want to identify who was involved at every step of the process - a definite paper trail, so if there is an allegation of corruption, then we can deal with it." The minister said that 3 833 employees within Home Affairs have been enrolled onto this biometric system so far.
The perception of detection: the biggest deterrent to insider fraud
In June this year, the US Association of Certified Fraud Examiners (ACFE) released its 2010 Report to the Nations on Occupational Fraud and Abuse. The report is based on a study of 1,843 cases of insider fraud from 106 countries between Jan 2008 and Dec 2009.
The researchers reckon that the typical organisation loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this translates to a potential global fraud loss of more than $2.9 trillion.
According to ACFE founder, Dr Joseph T. Wells, "In most organizations the accounting department is the place where controls are most strongly enforced, and yet we're still seeing more fraud there than anywhere else. This shows that traditional controls alone are insufficient to keep occupational fraud from occurring. A large part of the reason is that accounting department employees are more likely than just about anyone in the company to be familiar with the controls and how to develop methods to circumvent them."
"Saying that there is deficient internal control when fraud occurs is much like saying that when there is a fire, heat is present: it doesn't tell us much that we don't know. While controls are necessary, that isn't what really deters fraud; it's the perception of detection. Succinctly stated, those who perceive that they will be caught committing fraud are less likely to commit it."
Insider fraud: a solution at your fingertips
According to the ACFE study, insider crime remains impervious to traditional controls - most fraud is still only detected by accident or tip-offs. Scarcely more than 1% of the insider fraud was detected by IT controls. However, in 20% of the cases, internal controls were overridden by the fraudsters.
Biometric sign-on offers a compelling solution by linking IT users to their transactions, creating a definitive audit trail of who did what, where and when.
R5.5m was stolen from the education department in Mpumalanga via password and sign-on fraud in August and September last year. Bank details of genuine beneficiaries were changed on the department's Basic Accounting System and several payments of between R864 000 and R989 000 were channelled to seven other accounts
In March this year, it was reported that stolen passwords were used to divert funds from the Social Security Agency into personal accounts and three people were arrested for fraud in Esikhawini, KwaZulu-Natal.
In the same month, three officials in the marine and coastal management branch of the department of environmental affairs were suspended for allegedly diverting donor funds into a private account
Passwords: the root of all evil?
Controlling system access and managing passwords is a big headache for IT departments. It is frustrating, time-consuming and costly. Aside from the persistent admin problems and costs of passwords, we write them down, put them on sticky-notes, share them, pop them into our phones and even keep them on spreadsheets. Driven by the need for speed and convenience, this happens every day in offices all over the country.
But passwords also leave the door wide open for insider crime and the increasing damage it is causing.
Just how damaging can insiders be?
IT-based insider crime is all bad for the bottom line. Insiders modify data to enrich themselves, their families and friends. They steal data and sell it to others. They're often bribed by outsiders to alter data and frequently they vandalise or 'publish' sensitive data because of a grudge against the organisation.
Some of the common dangers are as follows:
- Fraudulent payments
- Modifying data such as credit records, licences, identity docs
- Property theft via fraudulent invoices, delivery notes / addresses
- Sabotage: data vandalism and the ensuing costs of IT downtime, recovery and restoration
One South African organisation taking the issue seriously is the Department of Agriculture, Forestry and Fisheries which implemented a password replacement solution in 2009.
Within the Department, the Budgets & Reporting Directorate manages financial control systems. This includes controlling sign-on to PCs and secure applications used by finance, HR and supply chain management.
For years, passwords had created problems for users and system controllers. With sign-on credentials for the Government's transversal systems, including BAS, Persal and LOGIS, changing every 15 to 30 days, there was a high incidence of forgotten passwords, resulting in lockouts and wasteful downtime. Resetting passwords also placed an unnecessary burden on help desks, diverting the technical support team from more productive tasks.
An audit of password procedures and risk revealed that staff were writing down their passwords and the proximity of workstations meant users could see each other's passwords when they were being entered. By installing a product called SuperSign with Sagem desktop fingerprint readers, all passwords - from initial PC sign-ons to credentials for accessing each application - were replaced with fingerprint sign-on.
As well as enhancing security, there are no more lockouts stemming from confusion over which password goes with which application and SuperSign has eliminated password queries for all biometric-protected applications.
Fingerprints control IT sign-on at the Department of Home Affairs
To end IT-based fraud around ID documents, Home Affairs is introducing this sort of biometric-based security. In April this year, the department said that it was tackling internal corruption and that biometric sign-on is being implemented.
Minister Nkosazana Dlamini-Zuma said that, "We want to identify who was involved at every step of the process - a definite paper trail, so if there is an allegation of corruption, then we can deal with it." The minister said that 3 833 employees within Home Affairs have been enrolled onto this biometric system so far.
The perception of detection: the biggest deterrent to insider fraud
In June this year, the US Association of Certified Fraud Examiners (ACFE) released its 2010 Report to the Nations on Occupational Fraud and Abuse. The report is based on a study of 1,843 cases of insider fraud from 106 countries between Jan 2008 and Dec 2009.
The researchers reckon that the typical organisation loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this translates to a potential global fraud loss of more than $2.9 trillion.
According to ACFE founder, Dr Joseph T. Wells, "In most organizations the accounting department is the place where controls are most strongly enforced, and yet we're still seeing more fraud there than anywhere else. This shows that traditional controls alone are insufficient to keep occupational fraud from occurring. A large part of the reason is that accounting department employees are more likely than just about anyone in the company to be familiar with the controls and how to develop methods to circumvent them."
"Saying that there is deficient internal control when fraud occurs is much like saying that when there is a fire, heat is present: it doesn't tell us much that we don't know. While controls are necessary, that isn't what really deters fraud; it's the perception of detection. Succinctly stated, those who perceive that they will be caught committing fraud are less likely to commit it."
Insider fraud: a solution at your fingertips
According to the ACFE study, insider crime remains impervious to traditional controls - most fraud is still only detected by accident or tip-offs. Scarcely more than 1% of the insider fraud was detected by IT controls. However, in 20% of the cases, internal controls were overridden by the fraudsters.
Biometric sign-on offers a compelling solution by linking IT users to their transactions, creating a definitive audit trail of who did what, where and when.
This article was provided by Charlie Stewart of Cape Town SEO company 2Stroke on behalf of biometric solutions company transmetriX.
0 comments:
Post a Comment