Computers making crime pay but victims keeping quiet

Press, 22 June 1979, Page 13

Computers making crime pay but victims keeping quiet

By

ROBERT PARKER

of the “Observer”

Fears that computer crime may be much more extensive than is generally believed are leading security experts to argue that changes in British law relating to the way auditors report crime are urgently needed.

At present, if external auditors discover a fraud they have to report it only to the company and shareholders, who are not themselves required to inform the authorities.

According to a wide range of fraud and security specialists, companies which are victims of comer fraud almost always the matter up. They

fear that if news got out, there would be a severe loss of confidence in their organisations. It is felt that company law should be amended to require auditors to report fraud to a body like the Department of Industry and Trade, or to the police or a professional body.

So secretive are companies about computer frauds that they often go to extraordinary lengths to keep the matter quiet. For example, a northwestern chemicals companv, defrauded of £45,000 (about S 90.000) by a salesman who got the computer to double his com-

mission, responded by asking the man to leave — but not before giving him a new car. Another company which lost tens of thousands of pounds as a result of a fraud perpetrated by one

of its senior computer men gave him glowing references in order to get rid of him without publicity. According to Mr Vince Carratu, who specialises

in fraud investigations, the man then got a job with another computerised company. He repeated the fraud and the second company also decided not to prosecute. “The last I heard about him was that

he was working in a third company as manager of a computer operation,” Mr Carratu said. An even more vivid illustration is given by a senior policeman. He heard

that a company had been the victim of a sizeable fraud, but when he asked if there were problems, the company said all was well.

Mr Adrian Norman, a consultant with Arthur D. Little, who has had eight years’ involvement with computer security and who is writing a book about it, said: “We need more publicity so that awareness of risks increases.” Computers were at their most vulnerable when being used for the first time, and when backup measures were brought in because a computer had gone out of action.

A five-year study of computer fraud by Mr Samir Abu Gabir at the Business School of City University, London, has taken a special look at auditors. Not only does it find that many auditing techniques simply are not suitable for detecting fraud in computerised accounts, but it adds that computer frauds go undetected for three years on average.

Experts are now thinking of starting a campaign to change the law. If they don’t succeed, computer crime could become the great invisible fraud of the century.