A similar issue occurs in a civilian context, sometimes with fake
employees, other times with fake bills.  Often, these get found
because they rely on the person committing the fraud being there
every time a check arrives:  It's the check sitting around with no
one speaking for it that raises the alarm.  The long-standing
policy has been to *require* people in a position to handle those
checks to take their vacation.  (Of course, with direct deposit
of salaries, the form of the fraud, and what one needs to do to
detect it, have changed in detail - but probably not by much.)

multi-party operations were supposedly countermeasure to single person
insider threads. the fraud response was collusion. so by at least the early 80s you started seeing work on collusion countermeasures. 25 years later, things have regressed to a pre-occupation with intrusion threats and intrusion countermeasures; even tho insiders have continued to be the major source of fraud through the whole period. insiders may even leverage the pre-occupation with intrusion to obfuscate the source of the exploit.

somewhat related issue with regard to sarbanes-oxley and auditing assumptions about independent information sources looking for inconsistencies.
http://www.garlic.com/~lynn/2006h.html#58 Sarbanes-Oxley
http://www.garlic.com/~lynn/2006i.html#1 Sarbanes-Oxley

and a couple recent articles about current fraud pre-occupation
SSL Trojans: The next Great Bank Heist
Ripped Off: Identity Theft - A View from the Financial Services

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to