The title may be a misnomer. It is not to imply that there
are some frauds that do not disrupt any work or any lives. All frauds create
damage. In that sense they are disruptive at least after they are discovered.
The title has reference to the phrase of ‘Disruptive Innovations’. This term is
used when the innovation radically changes lives or style of living.
Electricity is one such example where we were literally brought out of darkness.
Today, disruptive innovations may not be so dramatic but they have a
significant impact. Take the example of Agro Refrigeration by solar energy. The
bargaining power of the farmer increases as his stock does not deteriorate
during negotiation period. We are all aware of the condition of power supply in
India is not too dependable. This is therefore an invention epoch making
innovation.
Frauds are accepted to be application of intelligence in the
wrong direction. Their inspiration also comes from constructive approaches. One
such approach is ‘Disruptive’. The ‘Disruptive’ action may be cause or effect.
All frauds disrupt work or even lives of companies after discovery. Therefore,
there is not much insight gained in its discussion. ‘Disruptive Action’ as a cause
is the objective of this article.
Call Centre Logic
The perpetuators of the fraud base their schemes on the
‘Call Centre Logic’. All of us have experienced some call centers at some time
of our life. If you received a supportive response easily, your question was
one of the predicted ones. The operators may be trained to respond to ten or
even fifty questions from customers. The predicted answers will be ranked
according to frequency with the aim to reduce duration of each call. Every Call
center aims at low MPI (Minutes per incident). If you ask them any question
other than the commonly expected one, they are stumped. As human beings they will respond either by
escalating the issue to their superiors or assure you of a response by email
after study. But what if this was a computer?
Computers are not human. If you ask them to do anything they
are not programmed for, then they cannot respond like humans. Let us say a menu
has 8 options and you press 9. The programmer should have written a logic to
display ‘error’ on the screen and keep the application stuck at the menu level.
If this is not done then the application will just go down the menu and
activate the first lines it encounters. This is too basic today. Programmers do
not commit such errors today. But later sections of the applications too need
such care and this is where the fraudsters gain.
Let us see a few cases starkly exploiting the aspect of
disruption.
E-Wallet payment case
A recent news reported on fraud perpetuated by engineering
students. E-wallet payments were done but the Bank ended up paying instead of
the account holder. The newspaper did not report the detailed modus operandi
either by design or lack of understanding. I summarize it to fall under the
category of ‘disruptive fraud’. The perpetuators disrupted the transaction at
some point after the payment was done. The application was not robust enough to
ensure recall of who the paying person was. In such a case if half a payment transaction
is done, the Bank ended up paying.
Why did it appear only in this case and not when you are
paying via credit card or any other wallet application? The answer is
unfortunately simple. The Quality Control or QC did not do any tolerance
testing or view it strictly from the security angle. If there is disruption at
any point of time, the application needs to cancel the whole transaction and
not just a part of it.
These are intentional disruptions. The perpetuators locate
the points of disruption usually by accident. Network disruption, power outage
are some of the accidental disruptions. Sometimes the applications are timed
out if the transaction time crosses the threshold time. The timing out can also
cause a disruption sometime as I have experienced it. But those are
inconvenience and not frauds. ATM disruption fraud
All of us have used ATM by now. The operations are simple.
Insert card, remove card, enter PIN number, enter amount to be withdrawn, pick
up the cash. Just four steps. Where can the disruption take place? At any place
is the answer. But which point of disruption works, will be found only by trial
and error, assuming the programmers had forgotten to install the controls. In
one case the ATM user took time to pick up the cash. After the pre-determined
time the cash was forfeited by the machine and the account holder got his
automatic credit. He then wondered what would happen if he took part of the
money. Would he get part credit? He
tried but got full credit. So daily, he withdrew the maximum permitted, let remain
in ATM only one low denomination note and slowly pulled the rest. He got full
credit despite. He discovered the disruption point. Programmers assumed either
the cash it taken or not. No-one assumed part cash to be picked up. Now this
account holder was (to coin a new phrase) laughing his way from the Bank and
not to the Bank as the old phrase would be coined.
Prevention is only alternative
After detection, any moron can remedy the situation. The
challenge is to forecast and prevent it. When the disruption is to be responded
by a human being, there is some leeway. However, when a computer driven has to
do it, the programmer better have planned for it. There are 2 philosophical
steps to ensure this.
Step 1: Design for 120% of the situations without
restricting to the brief of the client.
Step 2: Assume some person will want to challenge the
application for its intelligence. Make sure the application does not jump to
any routine unless it goes through the proper checks.
Based on these philosophical steps of application design,
robustness of application is bound to increase minimizing disruptive frauds.
------/////-------
![BES’s Institute of Management Studies and Research [besimsr]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vwV0KRibXqy9cddeBkkqClWslltYLClMVegBsg22TQ7rWWQiPump-RVdWd5t-dQUFeN3Aeb4lGZNH0DE-auZq8NkM7949sOXwdXkXrIPC9RNQSgy_0yFn6yJFJ7x3fpaQ9qN7gIhDa0ewrF37R_WGd_amKuAGKyEs1MEIO9z12B22_0qog8kCfgPX9_sG3KH_0hel0z-ZQQWIG3i5cxQ=s0-d)
