Towards a unified fraud management and digital forensic framework for mobile applications

Bopape, Rudy Katlego

06 1900

Historically, progress in technology development has continually created new opportunities for criminal activities which, in turn, have triggered the need for the development of new security-sensitive systems. Organisations are now adopting mobile technologies for numerous applications to capitalise on the mobile revolution. They are now able to increase their operational efficiency as well as responsiveness and competitiveness and, most importantly, can now meet new, growing customers’ demands. However, although mobile technologies and applications present many new opportunities, they also present challenges. Threats to mobile phone applications are always on the rise and, therefore, compel organisations to invest money and time, among other technical controls, in an attempt to protect them from incurring losses. The computerisation of core activities (such as mobile banking in the banking industry, for example) has effectively exposed organisations to a host of complex fraud challenges that they have to deal with in addition to their core business of providing services to their end consumers. Fraudsters are able to use mobile devices to remotely access enterprise applications and subsequently perform fraudulent transactions. When this occurs, it is important to effectively investigate and manage the cause and findings, as well as to prevent any future similar attacks. Unfortunately, clients and consumers of these organisations are often ignorant of the risks to their assets and the consequences of the compromises that might occur. Organisations are therefore obliged, at least, to put in place measures that will not only minimise fraud but also be capable of detecting and preventing further similar incidents. The goal of this research was to develop a unified fraud management and digital forensic framework to improve the security of Information Technology (IT) processes and operations in organisations that make available mobile phone applications to their clients for business purposes. The research was motivated not only by the increasing reliance of organisations on mobile applications to service their customers but also by the fact that digital forensics and fraud management are often considered to be separate entities at an organisational level. This study proposes a unified approach to fraud management and digital forensic analysis to simultaneously manage and investigate fraud that occurs through the use of mobile phone applications. The unified Fraud Management and Digital Forensic (FMDF) framework is designed to (a) determine the suspicious degree of fraudulent transactions and (b) at the same time, to feed into a process that facilitates the investigation of incidents. A survey was conducted with subject matter experts in the banking environment. Data was generated through a participatory self-administered online questionnaire. Collected data was then presented, analysed and interpreted quantitatively and qualitatively. The study found that there was a general understanding of the common fraud management methodologies and approaches throughout the banking industry and the use thereof. However, while many of the respondents indicated that fraud detection was an integral part of their processes, they take a rather reactive approach when it comes to fraud management and digital forensics. Part of the reason for the reactive approach is that many investigations are conducted in silos, with no central knowledge repository where previous cases can be retrieved for comparative purposes. Therefore, confidentiality, integrity and availability of data are critical for continued business operations. To mitigate the pending risks, the study proposed a new way of thinking that combines both components of fraud management and digital forensics for an optimised approach to managing security in mobile applications. The research concluded that the unified FMDF approach was considered to be helpful and valuable to professionals who participated in the survey. Although the case study focused on the banking industry, the study appears to be instrumental in informing other types of organisations that make available the use of mobile applications for their clients in fraud risk awareness and risk management in general. / Computing / M. Sc. (Computing)

Fraud management

Digital forensics

Mobile applications

Mobile devices

Threats

Frameworks

Process models

Paradigms

005.35

Mobile apps

Mobile device forensics

Fraud -- Management

Cell phone systems -- Security measures

A mobile applications innovation ecosystem framework for Botswana

Nyamaka, Admore Tutsirayi

01 1900

Text in English / The role that locally relevant services and content can play in the development of societies cannot be underestimated. The proliferation of mobile phones in Africa’s developing countries is a significant enabler, which provides access to such locally relevant services and content. Mobile applications have the potential to support the development of the African continent through bolstering the main mechanisms of innovation, inclusion and efficiency. This has been demonstrated by instances of increased literacy, improved access to health care, banking, crowd sourcing and provision of farming and/or agricultural assistance. Successful cases of such mobile-based services include Kenya’s M-Pesa, which has allowed millions of rural people, who do not have access to traditional banking facilities, to send and receive money as well as pay utility bills and school fees. The development of similar innovative and locally relevant mobile-based solutions, which is currently considered to be in its infancy, is key to improving the lives of people in developing countries. This study identifies the essential components of an innovation ecosystem, for the development and presentation of a Mobile Applications Innovation Ecosystem Framework for Botswana. An innovation ecosystem enables effective interaction amongst entrepreneurs, companies, universities, research organisations, investors and government agencies towards maximising economic impact and potential. To gain a practical understanding of the context in which locally relevant mobile-based services can be developed, the study adopted a pragmatic research approach. Through combining the 4Cs Framework for ICT and the systems theory’s Triple Helix Model of Innovation, the study proceeded to develop the framework using a Design Science Research (DSR) methodology. DSR guided the identification of the components, which make up the mobile applications innovation ecosystem within government, industry and higher education sectors, as extracted from the literature review. This process facilitated initial framework designs, which were demonstrated to and evaluated by conveniently sampled stakeholders from relevant helices. Thereafter a synthesised framework was presented for evaluation by knowledgeable professionals from the mobile applications innovation ecosystem. The study contributes to the theoretical knowledgebase by presenting a theoretical framework for understanding ICT4D innovation frameworks and mobile applications / School of Computing / Ph. D. (Information Systems)

ICT4D Innovation

Ecosystem,

Mobile Applications for Development

Innovation Ecosystem Framework

Components

005.35

Mobile apps -- Botswana

Mobile Computing -- Social aspects

Technological innovations -- Botswana