Money laundering and financial crimes in Dubai : a critical study of strategies and future direction of control

Belaisha, Belaisha Bin

January 2015

Preventing money laundering is a major international problem. Several attempts, from the national to the international level, have been made to address and prevent money laundering. These are often frustrated by the dynamic nature of the crime itself. However, regardless of its reach and dynamism in illegal or legal transactions, which are often intertwined, individual nations need to address the issue of money laundering to signify to an international audience and legitimate commercial interests their intent to tackle money laundering and thus illustrate that public and private state run organisations in the financial and law enforcement sectors are honest and professional, and that their country is a ‘place to do business’. This thesis, therefore, presents an evaluation of the strategies and future directions of money laundering in Dubai, as it is a ‘new’, dynamic place in which to conduct business and the financial centre of the Middle East. It examines the various ways in which legislation and law enforcement in Dubai are struggling with and tackling the issues and problems of money laundering in the face of organised crime and terrorism. In this thesis, the concepts of money laundering and financial crimes in Dubai, with a special focus on strategies as well as future direction of control, are explored in some depth. This work has established that Dubai has a substantial anti-money laundering framework; however, it suffers from some weaknesses. These weaknesses are caused by the poor relationship between anti-money laundering units, the Anti-Organised Crime Department of the Dubai police, the financial sector and the Central Bank of Dubai. This situation is particularly evident when it comes to sharing information on those suspected of money laundering in Dubai. The ‘lack of a relationship’ is illustrated by primary research, as is the fact that other nations have (i.e. the UK) developed a more intelligence-led approach and partnerships in their quest to prevent money laundering where possible in their jurisdiction. This thesis highlights the progress that is needed in Dubai and the UAE to prevent money laundering, and as such is an original contribution to knowledge in an under-researched field in the Middle East.

364.16

Criminology and Policing

Profiling white-collar criminals : what is white-collar crime, who perpetrates it and why?

Bethune, Richard Alan

January 2015

Following a period of resurgence in academic interest in the subject over the last 30-40 years, white-collar crime has found greater prominence within criminology. Efforts over this period have however failed to produce a single satisfactory and agreed-upon definition, a consistent and coherent body of research, and a single theory which can account for all forms of white-collar crime. This thesis aims to address certain shortcomings in the current state of white-collar crime theory and understanding. Part 1) addresses the issues of both conceptual definition of white-collar crime and specific behaviours as proscribed within the Legislation. Part 2) examines current criminological theory and research on individual differences (arguably the biggest gap in current knowledge in the area of white-collar crime); it examines the origins and current state of offender profiling in crime prevention, before Part 3) presents original research on establishing offence-specific white-collar criminal profiles based on demographic, sociological, psychological, organisational and motivational factors. Part 4) examines why certain individuals may perpetrate certain crimes in certain situations, beginning with a review of those few white-collar crime specific theories that do exist, before reviewing traditional sociological theories and attempting to apply them to white-collar crime; finally in Part 5) a new conceptual framework for white-collar crime is presented, which is referred to as the theory of ‘Differential Assimilation’. I bring together each of these chapters and situate the thesis within current research and literature, summarising how it engages and contributes to the field of white-collar crime. I include suggestions for the practical application of certain white-collar crime prevention techniques within organisations.

364.16

white-collar crime ; profiling

Usability engineering for code-based multi-factor authentication

Roy, Graeme Stuart

January 2013

The increase in the use of online banking and other alternative banking channels has led to improved flexibility for customers but also an increase in the amount of fraud across these channels. The industry recommendation for banks and other financial institutions is to use multi-factor customer authentication to reduce the risk of identity theft and fraud for those choosing to use such banking channels. There are few multi-factor authentication solutions available for banks to use that offer a convenient security procedure across all banking channels. The CodeSure card presented in this research is such a device offering a convenient, multi-channel, two-factor code-based security solution based on the ubiquitous Chip-and-PIN bank card. In order for the CodeSure card to find acceptance as a usable security solution, it must be shown to be easy to use and it must also be easy for customers to understand what they are being asked to do, and how they can achieve it. This need for a usability study forms the basis of the research reported here. The CodeSure card is also shown to play a role in combating identity theft. With the growing popularity of online channels, this research also looks at the threat of phishing and malware, and awareness of users about these threats. Many banks have ceased the use of email as a means to communicate with their customers as a result of the phishing threat, and an investigation into using the CodeSure card's reverse (sender) authentication mode is explored as a potential solution in regaining trust in the email channel and reintroducing it as a means for the bank to communicate with its customers. In the 8 experiments presented in this study the CodeSure card was rated acceptably high in terms of mean usability. Overall, the research reported here is offered in support of the thesis that a usable security solution predicated on code-based multi-factor authentication will result in tangible improvements to actual security levels in banking and eCommerce services, and that the CodeSure card as described here can form the basis of such a usable security solution.

364.16

IS security networks in credit card fraud prevention

Dahabiyeh, Laila Ali

January 2017

In our increasingly connected world, maintaining the security of information systems is challenging. Today’s interconnected business environment calls for a change in how IS security is achieved to include thinking about the entire networks of relationships involved in preventing threats rather than just focusing on individual organizational security processes. Despite acknowledging the role of distributed and heterogeneous actors in achieving a secure environment, there is a lack of knowledge of how these actors actually prevent security threats. Moreover, the heterogeneity of actors involved gives rise to the issue of incentives needed to align their interests to ensure successful collective security efforts. This PhD thesis addresses these issues by zooming in on security networks, defined as collective efforts pursued by distributed actors to develop and adopt prevention measures to achieve security, to explain how these networks prevent security threats and identify the incentive mechanisms for converging the network’s heterogeneous actors. I challenge equilibrium and linearity assumptions identified in the current literature and argue for the need to adopt different theoretical and methodological approaches to uncover the dynamics in these networks. Through a historical case study of credit card fraud and how its prevention measures evolved over the last 55 years, I develop a process model of prevention encounters in security networks. The model depicts the dynamic and interactive nature of the prevention process and shows how the three proposed prevention mechanisms, namely, proposing solutions, resolving dissonance, and paving the way, interact to achieve prevention. The thesis further proposes three new forms of incentive mechanisms (transformative, preparatory, and captive) that are crucial for the survival of collective security efforts and show how they interact with the three prevention mechanisms. By this, this research complements the current security networks literature by offering a process model that explains how security networks achieve prevention. In addition, the interplay between the three incentive mechanisms reveals that incentives are not only ready-made structures or one-time event as depicted in the current literature but that they should also be seen as a socially dynamic process.

364.16

Maritime piracy : an auto-limitation approach

Bhangal, Avinder

January 2016

This study examines the problems we face in making a coherent theoretical link between the international law of piracy and the law of the sea in the context of the rise in maritime piracy in Africa over the past three decades. It focuses on four nations affected by piracy in the Gulf of Guinea and Horn of Africa. Furthermore, the international law of piracy is concerned with two types of jurisdiction: prescriptive jurisdiction and enforcement jurisdiction. However, the law of the sea (UN Law of the Sea Convention) defines five types of jurisdiction: territorial seas, exclusive economic zone (EEZ), the continental shelf, high seas, and seabed or seafloor outside the area of claims of territorial seas under the EEZ. The above implies that where a State that has enforcement jurisdiction is unable or unwilling to enforce prescribed international laws against piracy, recourse ought to be had to a State with jurisdiction under the law of the sea. The current thesis seeks to demonstrate that maritime piracy has substantially increased in north-eastern and western parts of Africa because, albeit the development of the law of the sea has transposed towards acknowledging the rights (and obligations) of coastal States in order to defend their territorial seas with reference to the piratical incursions, not enough attention has been given to the consequences flowing from the fact that the coastal states in question do not possess the requisite resources and systems to enforce international law and/ or prosecute pirates. It is submitted here that piracy in its modern form in the Gulf of Aden and Gulf of Guinea is a transnational crime that may best be contained through a regional legal infrastructure. It is also argued that the multilateral approach of linking enforcement jurisdiction to Universal Jurisdiction is problematic since it translates into ‘relational statism’ that is, where States habitually pursue only their self-interests. As such, consistency and clarity in the international legal situation may best be achieved by recourse to a traditional ‘auto-limitation’ approach whereby jurisdiction is essentially territorial and can only be exercised by a State outside its territory where it obtains the consent of the territorial State (perhaps through Convention or Treaty) or in accordance with a permissive rule derived from international custom. Therefore the thesis of this study suggests the need for legal reform. Chapter 1 provides the background to the study as well as the framework for the research. The main research aims, objectives and research questions are addressed in Chapters 2, 3, 4, 5 and 6. Chapter 7 concludes the research by presenting the findings and recommendations together with an outline of the research contribution.

364.16

JX International law ; K Law (General)

Shoplifting in eighteenth-century England

Tickell, Shelley Gail

January 2015

Shoplifting proliferated in eighteenth-century England with retail expansion, acquiring a new prominence as it was made a capital crime. This study comprehensively examines this phenomenon, seating it within the historiographies of crime, marketing and consumption. The majority of offenders were occasional thieves, drawn from some of the most economically vulnerable sectors of plebeian communities, their profile confirming the significance of age and gender. While specialist shops were shoplifters' primary target, particularly those selling textiles and clothing, a spatial analysis suggests that thieves preferred smaller, local shops to their more prestigious counterparts. Shoplifters matched their tactics to the size and status of shop, using performance as a tool to achieve their ends. Yet the study questions assumptions around the influence of fashion and consumer desire on shop theft, discussing how the type and quantity of goods stolen points to more complex economic motives, both financial and social. The potential impact of the crime on women's role as shopkeepers and the tendency to sexualise female offenders are also scrutinised. While retailers were initially instrumental in driving legislative change and worked constructively with magistrates to control the crime's incidence, their constant reluctance to prosecute conveys a false impression of the crime's true extent. The study calculates prevalence, and projects the financial impact of shoplifting on its victims at a time of highly competitive retailing. 'Risk-based' in their thinking, retailers developed practical means of protecting their stores, while new marketing techniques proved variously a boon and handicap. Yet shopkeepers' reactions were not uniform, some apparently preferring such situational prevention, while others turned more readily to the law. This ambivalence was also exhibited in their engagement with the capital law reform that ultimately saw the repeal of the Shoplifting Act. Employing a variety of sources from court transcripts to literature, the study finally explores how changing social perspectives on crime during the period coloured public attitudes to shoplifting, foreshadowing reconfigured nineteenth-century perceptions of the crime.

364.16

A self-healing framework to combat cyber attacks : analysis and development of a self-healing mitigation framework against controlled malware attacks for enterprise networks

Alhomoud, Adeeb M.

January 2014

Cybercrime costs a total loss of about $338 billion annually which makes it one of the most profitable criminal activities in the world. Controlled malware (Botnet) is one of the most prominent tools used by cybercriminals to infect, compromise computer networks and steal important information. Infecting a computer is relatively easy nowadays with malware that propagates through social networking in addition to the traditional methods like SPAM messages and email attachments. In fact, more than 1/4 of all computers in the world are infected by malware which makes them viable for botnet use. This thesis proposes, implements and presents the Self-healing framework that takes inspiration from the human immune system. The designed self-healing framework utilises the key characteristics and attributes of the nature’s immune system to reverse botnet infections. It employs its main components to heal the infected nodes. If the healing process was not successful for any reason, it immediately removes the infected node from the Enterprise’s network to a quarantined network to avoid any further botnet propagation and alert the Administrators for human intervention. The designed self-healing framework was tested and validated using different experiments and the results show that it efficiently heals the infected workstations in an Enterprise network.

364.16

Perceptions of online fraud and the impact on the countermeasures for the control of online fraud in Saudi Arabian financial institutions

Alanezi, Faisal

January 2016

This study addresses the impact of countermeasures in the control and prevention of online fraud in Saudi Arabia and the influence of the environmental context. Combatting online fraud is facilitated when the public is fully educated and is aware of its types and of the prevention methods available. People are reliant on the Internet; the possibility of being breached by hackers and fraudsters is growing, especially as socialising, online shopping and banking are carried out through personal computers or mobile devices. Online fraud has been described as an epidemic that has spread to most online activities. Its prevalence has been noted to be in regions where there is high adoption of e-commerce, and, along with it, large online financial transactions. The argument is therefore the measures taken are either are inadequate or have failed to effectively address all the issues because of the organisational and environmental context of the country. This research aims to examine online fraud perceptions and the countermeasures designed and used by financial institutions in Saudi Arabia to control and prevent online fraud in its environmental context, to examine the effectiveness/impact of the countermeasures and to examine the factors that may affect/influence the impact of the countermeasures. The qualitative method approach was chosen to ensure balanced coverage of the subject matter. The nature of the research requires a broader, in-depth, examination of the experiences of the participants from their own perspective. Meanwhile levels of awareness are low, because of lack of knowledge and training, a lack of government sensitisation and the religious inclinations of the population. The findings also confirm the efforts of organisations to put in place countermeasures using various technological means, coupled with procedural controls and checks. The measures create obstacles to most customers, who find it cumbersome to engage in online activities because of those procedures and checks. The findings also show two types of regulations: government and organisational rules, with different foci and purposes, which are mostly centred on the monitoring of Internet operations and operational guidelines. The enforcement of rules in the light of prosecuting offenders has also been minimal and passive. The countermeasures of most banks/organisations mostly focus on prevention and detection. However, the findings suggest that the activities in each component and their interrelationships have a collective impact on combatting online fraud. The success of any effort or approach to combat fraudulent activities therefore depends on the activities of the four countermeasure components.

364.16

Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework

Al-Hamar, Mariam Khalid

January 2010

In recent years, cyber crime has focused intensely on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attack. This research highlights the problem of e-mail phishing. A lot of previous research demonstrated the danger of phishing and its considerable consequences. Since users behaviour is unpredictable, there is no reliable technological protective solution (e.g. spam filters, anti-viruses) to diminish the risk arising from inappropriate user decisions. Therefore, this research attempts to reduce the risk of e-mail phishing through awareness and education. It underlines the problem of e-mail phishing in the State of Qatar, one of world s fastest developing countries and seeks to provide a solution to enhance people s awareness of e-mail phishing by developing an effective awareness and educational framework. The framework consists of valuable recommendations for the Qatar government, citizens and organisations responsible for ensuring information security along with an educational agenda to train them how to identify and avoid phishing attempts. The educational agenda supports users in making better trust decisions to avoid phishing that could complement any technical solutions. It comprises a collection of training methods: conceptual, embedded, e-learning and learning programmes which include a television show and a learning session with a variety of teaching components such as a game, quizzes, posters, cartoons and a presentation. The components were tested by trial in two Qatari schools and evaluated by experts and a representative sample of Qatari citizens. Furthermore, the research proves the existence and extent of the e-mail phishing problem in Qatar in comparison with the UK where people were found to be less vulnerable and more aware. It was discovered that Qatar is an attractive place for phishers and that a lack of awareness and e-law made Qatar more vulnerable to the phishing. The research identifies the factors which make Qatari citizens susceptible to e-mail phishing attacks such as cultural, country-specific factors, interests and beliefs, religion effect and personal characteristics and this identified the need for enhancing Qatari s level of awareness on phishing threat. Since literature on phishing in Qatar is sparse, empirical and non-empirical studies involved a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government.

364.16

Transatlantic collaboration in response to cyber crime : how does strategic culture affect EU-U.S. collaboration in the fight against cyber crime?

Nagyfejeo, Eva

January 2016

This thesis takes Marieke de Goede’s intriguing hypothesis on counterterrorism as a starting point. She argues that despite the fact that the general strategic cultures of the European Union (EU) and the United States of America (U.S.) look different on the surface, nevertheless the pre-emptive approach, which is often associated with the U.S., is also deeply rooted in European history. Indeed, most authors agree that there has been considerable convergence behind the scenes on transatlantic counterterrorism. Accordingly, this study attempts to establish whether we can draw similar conclusions regarding EU and U.S. behaviour in the realm of cyber security. The main focus is cyber-crime and this is analysed through the lens of strategic culture. The study examines how far varying attitudes, shaped by strategic culture, hinder the process of cooperation. Moreover, it suggests that an extended version of strategic culture may serve as an alternative tool to aid our understanding of EU and U.S. approaches to fighting cyber-crime, at both strategic and operational levels. Currently, there is no literature on fighting cyber-crime collaboratively employing a strategic culture approach. This thesis rejects the argument that there is a single, overarching strategic cyber culture that characterises both the U.S. and the EU. However, it offers the following propositions: 1. The presence of several strategic cyber cultures, within both the U.S. and the EU, creates fragmentation in collaboration. 2. Fragmentation is a partial product of various state and sub-state entities that often do not have a clear understanding of their roles in cyber security, which creates overlaps and disparities in power, thereby generating individual and diverse approaches and attitudes to counter cyber-crime. 3. Treating the U.S. government as a ‘monolithic’ entity, especially with regard to cyber-crime policy is a misapprehension. It may be that the growing alignment of U.S. and EU policies originates from the fact that agencies, such as the State Department or DHS, take a decidedly less militaristic approach towards cyberspace, which is a view that aligns more closely with the EU. 4. There is clearly much more convergence in collaboration at the operational level, where there are similar attitudes (U.S. agencies trust each other less than their European counterparts). By contrast, attitudes at the strategic level, together with legal incompatibilities, frequently hinder joint inquiries. These findings draw heavily upon semi-structured interviews with cyber security officials, politicians, former officials, law enforcement agents and cyber consultants from the private sector. This provides a unique insight into current EU and U.S. security community approaches to the threat of cyber-crime, including their mind-set, strategic behaviour and decision-making procedures.

364.16