7/25/2019 Case Internet Fraud

1/5

Introduction

The bank as a financial service provider has multiple customer touch points to support its

activities. Customer touch points is formed as a connection between bank customers to the bank

itself. Beside service office and ATM, nowadays banks should have customer touch point thatcan be accessed 24 hours with no limitation of time and place means that wherever and whenever

the customers need, they can access the services provided by banks.

nternet bankin! is able to provide the above capabilities, of course, in addition to "M"

bankin!. Thin!s that are re#uired of course a set of advanced technolo!ical tools and knowled!e

of the customer itself. $ithout these two thin!s, the internet bankin! service may not be runnin!.

Technolo!y support from the bank must be fre#uently up!raded to avoid a variety of threats

which are !rowin! increasin!ly hi!h, both in #uantity and sinister technolo!y used.

Case

The crime in bankin! sector is hi!hly increasin!. The directorate of %ead#uarters for

special economic crimes have uncovered embe&&lement of Bank CMB 'ia!a conducted by two

T employees with a loss of 22 billion rupiah. Both employees of Bank CMB 'ia!a with initials

"B and "T are in collaboration with outsiders to break into the banks from Malaysia. Bri!adier

(amil )a&ak said the suspects of these crimes properly desi!nin! and utili&in! their e*pertise

durin! this time. They divert the money in the central bank account to its e*istin! branch in

+an!kal +inan!. Accordin! to (amil, "' has a role to transfer banks funds where he work in

with the help of "T. They a!reed to do a system crack to the bank-s application server M"AC

of CMB 'ia!a. "' earned money with the amount of /" 0 211,111 while the "T !ets 0

11,111. n addition to the two suspects, the police mana!ed to arrest two other suspects who

have a role as a reservoir of money that has been transferred by "'. Both of them received the

result of crime with the amount of /" 0 11,111. +olice sei&ed a total of /" 0 35.211 and 11

million rupiah, but the other /" 0 3,111 is failed to be saved because it has been used for avacation in Malaysia.

Another case is the embe&&lement of +T Bank +ermata account belon! to T6ho $inarto

which is the priority customers of the Bank. $inarto suffers loss from the embe&&lement in the

amount of /"0 243 million. %is account is bur!lari&ed when he was travellin! to "oron! Au!ust

7/25/2019 Case Internet Fraud

2/5

27, 214. At that time, his internet bankin! account is cracked by a breaker to reset the password

of nternet bankin!. %e received a report from Telkomsel, someone asks for makin! the "M

card of his mobile phone number in 8rapari Telkomsel 8ambir, Central 9akarta Au!ust 27. The

man handed over a fake power of attorney and the photocopy of identity card of $inarto. After

"M Card is completed, a process of transfer of money from $inarto-s account to the three bank

accounts which are :anamon Bank, BT', and Bank )akyat ndonesia ;B)< occured. $inarto

said that the current City +olice have arrested four perpetrators who are drainin! money in his

account. The perpetrators have been arrested from the receiver of fake power of attorney which

mana!e the process of the sim card until the people who break +ermata Bank system. Accordin!

to $inarto, the breaker of his account is in collaboration with the data providers. "o the breaker

is cooperatin! and sharin! the profit with the data providers.

Analysis

There are many kinds of crime in payment system that may occur, those are skimmin!,

phishin! and malware. "kimmin! is the act of stealin! customer data, by installin! a data

recordin! device, !enerally performed at =:C and ATM machines. +hishin! is the ille!al act to

obtain sensitive information such as user :s and passwords, credit card details, and others.

$hile malware is a software or code created by someone with malicious purposes. The two cases

above can be included in both phishin! and skimmin!.

>rom both of cases above, we can analy&e that every fraud may not be tri!!ered only by

e*ternal parties, but the internal parties may also take an important role to help settin! up the

crime. Based on trian!le fraud, this fraud may occur because of the e*istence of opportunity,

pressure, and rationali&ation.

+ressure is a motivation of someone to commit fraud. This pressure may be in the form of

financial such as debt and non?financial such as life style. >rom the perspective of internal

parties, pressure may be driven by the work stress, the pressure from top mana!ement, poorfinancial, or life style. The last two thin!s are included into pressure from the perspective of

e*ternal parties. An autocratic mana!ement will lead to work stress and deep pressure toward

internal parties ;employees< which will lead to the passiveness of employees. @ife style is also

influencin! people to commit fraud because a hi!h life style will encoura!e people to keep tryin!

7/25/2019 Case Internet Fraud

3/5

somehow to meet their life style. Another kind of pressure is a poor financial or a debt which will

encoura!e people to stru!!le no matter how the way is in order to pay their debt.

pportunity is a chance that allows fraud occurred. >or internal parties, the opportunity is

usually driven by weak mana!ement, lack of supervision and control, or the abuse of authority.As for the first case, they use their authority and ability as T employee and in the second case

they use their authority as Telkomsel data server to commit fraud. >urthermore, the lack of

supervision and control also the weak mana!ement in an or!ani&ation will create an opportunity

for employees to cheat. Meanwhile from the perspective of e*ternal parties, they may count their

connection in a certain or!ani&ation as an opportunity to cheat for the sake of their personal

interest.

=very fraudster has a rationali&ation to 6ustify what they have done. The fraudster maythink that a little fraud will not chan!e anythin!. >urthermore, if there are previous fraudsters

which remain unknown and do not !et any punishment for the fraud that has been committed, it

will be the best reason to commit fraud. +eople may think that as lon! as their fraud remains

unknown, it does not matter. f the fraudsters are internal parties, the improper amount of salaries

they !ot will be the rationali&ation of fraud they committed because they will think that they

deserve more than what they !ot.

>rom the analysis of trian!le fraud, there are several factors or weaknesses that maycause the fraud

? $eak internal control the lack of internal control such as procedures, se!re!ation of

duties, and any formal communication will !ive an opportunity for someone to

commit fraud because it leads to the lack of supervision and monitorin! thus, it will

make the staffs feel like nobody is actually monitorin! them.? Autocratic and non?trustin! mana!ement attitude the autocratic company will make

its employee work under pressure and stress. The company does not concern about its

employee and its re!ulation is rather infle*ible. t will make their employee loss his

or her loyalty toward company and will result in committin! crime.? +oor or!ani&ational loyalty, morale, and work motivation The environment in a

company also has an important role to influence its employees behavior. f the

company does not motivate its employee, all staffs work at company have a bad

7/25/2019 Case Internet Fraud

4/5

morale and poor loyalty, it will influence the new employees to have such behavior

and finally will lead to fraud risk. Because the internal of company does not care

about companys interest anymore.? A !ap in bankin! system and network for customers t is like when the customers lo!

in to their account, suspicious link appears or the customers !et a fake email which is

said from the bank but it is not, for those who do not understand that it is a malware,

they will click on that link and finally the computer is infected and the personal data

will be cracked.

Recommendation

? mplement !ood internal control if internal control of company is effective, that will

reduce the opportunity of fraud. Basically, if a company has an effective internal control,

there will be an ade#uate se!re!ation of duties amon! those who perform accountin!

procedures or control activities and those who handle assets. The division of

responsibilities should be desi!ned so that the work of one individual is either

independent of, or serves to check on, the work of another. Thus, it will minimi&e the

fraud risk.

? 8ood Corporate 8overnance 8ood corporate !overnance is a !overnance system to

mana!e, or!ani&e, and supervise the business of company. A company should implement

the !ood corporate !overnance to enhance the supervision of several tasks and

procedures. The e*istence of !ood corporate !overnance will reduce the risk to act on

personal interest. t also helps company to monitor the employee.

? Careful recruitment of staff A Bank should be careful when it comes to the staff

recruitment. The staff recruited not only based on his ability, intelli!ence, and credibility,

but also from his personality. The %uman )esource :evelopment staff should consist of

e*perts to know and comprehend the personality of every candidate of staff. t is really

important because every company has a !oal to enhance its performance and this !oal

will not be achieved unless they are successful in recruitin! staff.

? )aise the alertness from both internal and e*ternal parties All parties should be aware

of the possible fraud committed, not only for internal parties but also the e*ternal

parties. Customers who use the service of e?bankin! or internet bankin! should chan!e

7/25/2019 Case Internet Fraud

5/5

their password re!ularly especially when they are lo! in in their account to avoid the

misuse of their password. >urthermore, the bank is responsible to remind the customers

about how to secure their e?bankin! account.

Customers also need to pay attention to an incomin! email, if there is an incomin!email and ask to reset the password, it-s !ood to check the address of the sender first, if it

is not derived from the domain of the bank concerned then it is better to i!nore, because

usually banks will never ask customers to chan!e the password via email

? "tren!thenin! the internet bankin! system t could be done with the use of tokens

and a captcha or code in the form of numbers and letters for financial transactions

such as Bank Mandiri. Captcha code is a code that cannot be read by machine.

Another way to reduce the fraud can be done by usin! time?out system. >or ane*ample banks have a re!ulation to set up the system to lo! out automatically every

1 minutes if there is no access from the customers to avoid the access from

unauthori&ed party.