Abstract
Fraud and security continue to be problems for firms. Fraud information is typically incomplete and deliberately obfuscated. These qualities make fraud events harder to detect using conventional security controls. This study uses a knowledge management framework to explore how different types of controls are used to detect and investigate information fraud. The analysis is based on the customer fraud database of a large Asia-Pacific telecommunications provider. Semi-structured interviews were also conducted with the firm's fraud unit. The study finds that IS controls, with high task programmability and outcome measurement, are used to detect the majority of fraud cases. However, more complex fraud cases use clan controls for detection. The paper also provides insight into the way in which combinations of controls are used to investigate cases. The study raises implications for both theory and practice.
| Original language | English |
|---|---|
| Publication status | Published - 2011 |
| Event | 19th European Conference on Information Systems - ICT and Sustainable Service Development, ECIS 2011 - Helsinki, Finland Duration: 9 Jun 2011 → 11 Jun 2011 |
Conference
| Conference | 19th European Conference on Information Systems - ICT and Sustainable Service Development, ECIS 2011 |
|---|---|
| Country/Territory | Finland |
| City | Helsinki |
| Period | 9/06/11 → 11/06/11 |