Whom Do You Trust? Doing Business and Deterring Fraud in a Global e-Marketplace

"Eye-to-eye" business deals quickly are being replaced by "I-to-I" electronic transactions. Speed and efficiency are displacing trust and verification. 

Trust is an enigma. It's a difficult social concept to understand, and yet it's one of the most significant in forging business relationships. When one segment of a partnership violates trust, the system breaks down. Trust exists in degrees and its meaning may change with context. Trust is cognitive in that each individual chooses whom to trust and under what circumstances. Throughout history, fraudsters have relied upon garnering the trust of others to execute their crimes.

In the old economy, before the emergence of online business and the electronic marketplace, one could look a prospective client in the eye - check for the blink or listen for the quiver in the voice - to determine whether or not to proceed with a deal. Sometimes, such instinctual hunches provided the needed "green light." Yet, the new online economy has - to a degree - obstructed one's ability to decipher whether or not something is trustworthy. "Eye-to-eye" business deals quickly are being replaced by "I-to-I" transactions as the Internet enables instant communication among businesses across the world. Speed and efficiency are displacing trust and verification.

More than 250 countries have joined the e-marketplace.1 With supervisory roles disengaging from traditional person-to-person interactions, management actions have become compounded by ambiguity. This trade-off of personal relationships for virtual relationships has increased the potential for fraud.2

According to the Nevada State Attorney General, the cost of cybercrime to private businesses is staggering. Consider that the average bank robber nets $2,500 per job; the average bank fraud clears $25,000; and the average computer crime reaps about $500,000. Moreover, the average loss associated with computer-related fraud is $1.9 million, and that cost continues to increase every year. Only 1 percent of computer crimes is detected and only 7 percent of the detected crimes is reported to law enforcement. Of the cases that are detected and prosecuted, only 3 percent results in jail sentences.3 It seems an understatement that committing fraud has become easier and more lucrative in the e-marketplace.

A Global Problem
Yet, the anonymity of the Internet isn't the only reason that the e-marketplace has opened new doors for fraudsters. E-commerce has broken down the traditional boundaries of nations and states, and few cross-cultural uniform rules yet exist in this new online frontier. Businessmen and women are guided by the rules of their respective companies and cultures, and those rules don't necessarily always mesh with the other international parties involved. There is a concern in the international business community that managers don't handle cross-cultural ethical crises well, particularly when it comes to fraud.4

The Organization for Economic Cooperation and Development (OECD), in its effort to deter international corruption, discovered that what constitutes a corrupt act in one culture may be considered a legitimate, or at least a quasi-legitimate, business or social practice in another.5

Transparency International (TI), a coalition created to identify and publicize fraud and corruption, sponsored research that tends to support the idea that fraud is perceived by the global population with a distinct lack of commonality.6 This suggests that when assessing fraud - particularly in a multicultural setting - one person's fraudster is another's enterprising entrepreneur.

A recent major study examined the cross-cultural attitudes toward fraud of professional businesspeople working in the Middle East. The participants claimed cultural roots from nine world cultures: Africa, Australia/New Zealand, Asia, Caribbean/South America, Europe, Mediterranean, Middle East, North America and Pacific Islands.7 In this research, participants were asked to evaluate their attitudes toward fraud against a seven-point scale, with a score of one indicating the greatest level of approval. Discrete statistical analysis revealed four cultural spheres of influence: North Americans' and Caribbean/South Americans' attitudes toward fraud were similar. Africans and Middle Easterners shared common attitudes. Europeans, Mediterraneans, Australians/New Zealanders and Asians also revealed similar attitudes. However, Pacific Islanders' attitudes toward fraud were isolated from the rest. Each circle in Figure 1 encloses the relevant cultures that, statistically, held similar attitudes toward fraud.8 [Figure 1 is no longer available. — Ed.]

In the e-marketplace, sellers and buyers in international deals unwittingly may not hold the same sense of what is acceptable within the business arena. Moreover, nefarious businesspeople can hide their differences behind the "dot.com" and change electronic identities with relative ease. Prudent companies must know with whom they are doing business, and they must verify that generally accepted business practices are being followed by all parties involved. The maxim, "Trust, but verify," becomes imperative.

Consider the situation in which a company needed $5 million worth of high-tech materials to fulfill the terms of a lucrative contract. The company located a supplier using e-business contacts. A purchase agreement was signed and the materials were delivered. However, when the materials were used in the manufacturing process, it consistently failed inspection. An inquiry revealed that the supplier had provided false material certification and misrepresented its quality control. Consequently, the company lost its lucrative contract. The supplier turned out to be a storefront operation for a subsidiary foreign manufacturer. The company had trusted the supplier's e-marketing, but it failed to verify real-world quality.

People want to be able to interpret whom they can trust, but when their trust is betrayed, their prior beliefs and attitudes toward the "trust breaker" often mediates tolerance for infractions.9 This is one trait a fraudster cultivates to commit fraud.10

The case of Timothy Allen Lloyd, a disgruntled computer network program designer, underscores this threat.11 When Lloyd learned he was to be fired, he wrote six lines of programming code that deleted all design, production and manufacturing programs for the high-tech manufacturer. Lloyd then programmed and installed a computer logic bomb, set to detonate two weeks after his dismissal. According to the corporation, Lloyd's motive was revenge.

Lloyd's history with the corporation was tenuous; he already had been demoted once before being identified for dismissal. Mistakenly, the employer continued to "trust" Lloyd by not restricting his computer access, even after demoting him. The FBI aptly points out that the insider may pose the greatest cybercrime threat.12 This is because the insider's knowledge of the company's systems and operations helps the perpetrator to identify vulnerable targets. Lloyd's act was enormously effective and ultimately cost the corporation more than $10 million in financial losses. Lloyd is facing five years in federal prison and a $250,000 fine.

The Cyber Criminal Mind
According to the FBI, hundreds of computer system threats, such as viruses, Trojan horses and logic bombs, are discovered every day.13 Some are innocent and some are malicious. Donn B. Parker, a renowned information security and computer crime research expert, observed that, "Cyber criminals often distinguish between the unacceptable practice of doing harm to people and the impersonal acts of doing harm to, or through, computers."14 Most of us recall the irritation - and the disruption - caused last year by the "Love Bug" virus, which infected e-mail systems. The Filipino man who programmed that simple electronic worm had no idea that it would cause more than $10 billion in damage. Conversely, Vladimir L. Levin knew exactly what he was doing when he created a malicious program to hack into Citibank's cash management system and transfer more than $10 million to bank accounts in six different countries.

By not attaching personal harm to their acts, most cyber criminals are able to rationalize and justify destructive and fraudulent acts. The concern here is that the e-marketplace's anonymity enables potential cyber criminals to ignore their human tendencies toward what is right and good.15

Combating Cyber Crime with Effective Corporate Cultures
While some studies suggest that an individual's ethical choices are dictated partly by his/her cultural heritage, an employee's ethical decision-making can be influenced through a strong corporate culture.16 A corporate culture consists of shared assumptions, beliefs and values that nurture and encourage employees' emotional attachments, commitments and feelings for the company, so that when they are confronted with business decisions, they take the company's goals and objectives into account first. A corporate culture assists employees in making sense of their actions by providing justification for their behavior.17 Corporate cultures can guide employees to right behavior, just as they can condone wrong behavior.

When a company decides to enter the e-marketplace, implementing risk management initiatives into the corporate culture should be high priority. Businessmen and women must exercise due diligence to make informed business decisions regarding new customers, accounts receivable, business partners, business ventures and business environments - particularly when those decisions involve the ubiquitous Internet. Exercising the following techniques can avert e-business fraud.

• Know what constitutes proprietary, sensitive and confidential information and protect it accordingly. It's a mistake to attempt to protect everything, because it dilutes the importance of data that is truly sensitive.
• Trust technology, but bolster it through personal relationships - know with whom you are dealing. Trust, but verify.
• Supplement technology with traditional business due diligence. Learn as much about your e-vendors, e-suppliers, e-marketers, etc., as you would about a traditional business operation.
• Use firewall technology to protect networks against viruses, hackers and other malicious acts.
• Protect desktop and laptop computers against intrusion and data destruction by using secure passwords, antivirus software, and encryption on sensitive data or documents.
• Use "directory services" software packages to identify those who have authorized access to systems and keep out those who don't. Directories often can be integrated with other software programs.

Fraud examiners should encourage their clients to establish, emphasize and maintain a well-formulated awareness program designed to enlighten employees about ethical dilemmas. Even in the smallest companies, awareness will increase an employee's understanding of ethics, fraud and trust verification. This should result in greater recognition of deviant conduct, thereby decreasing the potential for fraud.

It's a good first step when all the employees of a company understand their company's perspective. The next step is to understand that others in a global marketplace may have different perspectives.

Douglas M. Watson, Ph.D., CFE, is a corporate security and fraud investigations consultant with Saudi Arabian Oil Company (Saudi Aramco) in Dhahran, Saudi Arabia. He is the chairman of the International Fraud Committee of the Association.

Endnotes
[Some links may no longer be available. —Ed.]

1 ISO 3166 Two-Letter Country Code, Global Domain Name Guide, Network Laboratory. Retrieved July 31, 2000, from www.seua.am/netinfo/otherinfo/index.html.

2 Stephenson, P. (1999). Investigating Computer-related Crime. Washington, D.C. CRC Press.

3 Del Papa, F. S. (Aug. 4, 1997). Statewide High Technology Crime Task Force. Office of the Nevada Attorney General. Retrieved Nov. 29, 2000, from www.state.nv.us/ag/agpress/1997/97-84.htm.

4 Bhide, A. and Stevenson, H. H. (1990). Why Be Honest if Honesty Doesn't Pay? Harvard Business Review, 68(5), pp. 128-129.

5 Yannaca-Small, C. (1995). "Battling International Bribery," OECD Observer, 192, pp. 16-17.

6 Transparency International. (1996). Transparency International Source Book: Part A, Analytical Framework, and Part B, Applying the Framework. National Integrity Systems. Retrieved May 3, 1997, from www.transparency.de/book/Part_A_B/index.html?fraud#first_hit).

7 Watson, D.M. (2000). Cross-Cultural Interpretations of Fraud: An Attitudinal Study in a Middle Eastern Multinational Corporation. Dissertation submitted in partial fulfillment of degree of Doctor of Philosophy, Walden University, Minneapolis, Minn.

8 Watson, op. cit. Research examined a statistical sample of 19,011 business professionals employed by a major corporation located in the Middle East. The purpose for the research was to determine if cultural heritage affected attitude formation toward fraud definitions. The results of the survey indicated that although all the cultures recorded varying attitudes toward fraud to some extent, four cultures - Mediterraneans, Australian/New Zealanders, Asians, and Pacific Islanders - significantly differed in their degrees of approval from the others. However, by using subset comparison analysis of the data, in this instance, four separate subsets of equivalency emerged: (a) North Americans and Caribbean/South Americans; (b) Africans and Middle Easterners; (c) Asians, Australians/New Zealanders and Europeans; and (d) Pacific Islanders. This shows that even though there is differentiation among certain cultures, the difference may not necessarily amount to an isolation of each culture from the other. Instead, what appeared was a tendency of some cultures to cluster together and interpret fraud similarly.

9 Barnes, L.B. (1981). "Managing the Paradox of Organizational Trust." Harvard Business Review, 59(2), p. 127; and Bhide & Stevenson, op. cit., p. 128.

10 Wells, J. T., Bell, C. J., Geis, G., Kramer, W. M., Ratley, J. D., and Robertson, J. (1996). Fraud Examiner's Manual, Second Edition. Folio-bound views, computer-based Version 3.1. Association of Certified Fraud Examiners, Austin, Texas.

11 "Former Chief Computer Network Program Designer Arraigned for Alleged $10 Million Computer 'Bomb'," news release of the Computer Crime and Intellectual Property Section of the Criminal Division of the Department of Justice. Retrieved Dec. 1, 2000, from www. cybercrime.gov/njtime.htm.

12Freeh, L. J. (March 28, 2000). Statement for the Record of Louis J. Freeh, Director Federal Bureau of Investigation on Cybercrime before the Senate Committee on Judiciary, Subcommittee for the Technology, Terrorism, and Government Information, Congress of the United States, Washington, D.C. Retrieved December 2, 2000 from www.fbi.gov/pressrm/congress/congress00/ cyber032800.htm.

13 Freeh, L. J. (Jan. 28, 1998). Statement for the Record of Louis J. Freeh, Director Federal Bureau of Investigation on Threats to U. S. National Security Before the Senate Select Committee on Intelligence, Congress of the United States, Washington, D.C. Retrieved Dec. 2, 2000, from www.fbi.gov/pressrm/congress/congress98/threats.
htm.

14 Parker, D. B. (1998). Fighting Computer Crime: A New Framework for Protecting Information, New York: John Wiley & Sons, p. 143.

15 Barnes, op. cit., pp. 111-112.

16 Almhelm, E. A. (Dec. 16, 1992). A Study in Organizational Culture: The Case of SAMAREC. Unpublished doctoral dissertation, Auburn University, Auburn, Ala., p. 54.

17 Ibid, p. 55.