Professional Documents
Culture Documents
Milestone 1
Date:
Tutor Name:
Student Name:
Aditya Santokhee
Samuel Ogogo
Mauritius
Ethical Issues
Despite the numerous benefits of online banking, numerous unethical behaviour of third
parties has continued to affect innocent bank customers. These bad citizens (Abreu et al.,
2015) have exploited others as they have shown a lack of transparency, with the aim of
cheating others and have used various means to interfere with transactions, thereby causing
great harm to both banks and customers (KoenigLewis, Palmer, and Moll, 2010).
Ollmann (2004), discusses a case of phishing where a bank customer gets an email from a
fraudster that appears to be from his bank with the subject of the message titled security
2
update. The e-mail explains that their online banking system needs to be upgraded. The
mail further threatens to suspend the customers account within two days if he does not
update his login details by clicking on a link provided. The link then opens a fake bank page
and supplies the sender of the email with the username and password of the customer that
has been filled in. A similar scenario was mention by Jakobsson and Myers (2006).
According to the Kantian theory, the sender of the email in the above scenario who has
fraudulently collected the login details of a customer for any reason is unethical. This is
because the Kantians are of the opinion that people must do the right thing regardless of the
consequence (Dickens, 2012). According to the Kantians, we are good or bad, if we could
imagine every other person doing what we are doing (Duquenoy, Jones and Blundell, 2007).
On the other hand, the Utilitarian theory focuses on whether the act carried out was for the
benefit of the society (Dickens, 2012), which would make such act ethical. Therefore, from
the utilitarian point of view, the end would always justify the means: meaning that, if the
username and password that was gotten from the customer were to expose stolen public
funds, then such an act would be viewed as ethical. Furthermore, a government agent who
interferes with an online banking transaction between a bank and its customer, in the course
of doing his job or to track out fraudster who has been disturbing the society, would be
acceptable and ethical.
Social Issues
Having known the security threats that are involved in the online banking system, banks
ought to communicate warning security messages to their customers, so that they would be
aware of the risks involved (Koskosas, 2011). These customers need to be up-to-date with
the latest safety programs such as antivirus programs and firewall. It is, therefore, the
responsibility of the bank management, all staffs and other levels of operation, to input into
their business culture, security and risk management.
Many customers have suffered the loss of money, emotional and psychological trauma being
the victim of online fraud (Reisig, Pratt and Holtfreter, 2009). Some have gone as far as
committing suicide after losing a huge amount of money from fraudulent online banking
transactions. Many customers have chosen not to participate in any online transaction while
some have even refused to apply for their credit cards, because they feel it is insecure
(Brooks, 2006)
Apart from customers, security threats have also affected the banks negatively because they
have lost revenues, customer relationships, and millions of dollars due to fraud related
attacks (Aburrous et al., 2010). Furthermore, this online fraud through phishing attacks has
also brought damage to many banks reputations, thus leading to loss of customers: a loss
that sums up to millions of dollars. (Aburrous et al., 2010)
Legal Issues
Unlike conventional crimes which are perpetrated mostly by young men who abuse drugs
and alcohol, online crimes are committed by educated and intelligent people of the society
(Moore, Clayton, and Anderson, 2009). There are many laws against these crimes that
protect both the banks and other victims. What is illegal varies from one country to another.
In the UK, the Computer Misuse Act 1990 in section 1 sub (1) (2) (3) punishes anyone who
intentionally interferes with another persons computer, or data (Computer Misuse Act,
1990). The same Act in section 3ZA sub (1) (2) (3) states that when a person causes a
disruption of a system of communication or supply of money, he is guilty of a crime and is
punishable by 14years imprisonment. Therefore, the phisher in the aforementioned scenario
who operates a fake copy of a bank website to get peoples bank credentials and secret
details, would be punished under this Act. This law also punishes a person who installs a
key-logger on another persons computer, to capture his password details for any reason
(Computer Misuse Act, 1990).
However, according to the Freedom of Information Act 2000, local authorities, government,
and other organization have the right to monitor, disrupt, interfere, with online transactions,
if it was for the benefit of the society, and if it means doing their job (Johnson and Hampson,
2015). In line with the cited scenario, this Act protects a government agent who retrieved the
personal log in details of a person who has stolen public funds because it is beneficial to the
society.
Many of these crimes have been compared to real-world crimes by Jewkes, (2006). For
example, he compares unauthorized access to someones computer (hacking) with
trespassing and sending a virus, worms and other malicious items with vandalism. But
unlike real-world crimes, online crimes require only a computer and connection to the
internet (Jewkes, 2006). The enforcement of all these laws against online banking fraud
must, therefore, be taken serious, if not they will seem to be useless (Brenner, 2009).
Professional issues
Professional bodies have a code of conducts to regulate the functions of individual
professionals who are their members (Kizza, 2010). Examples of such bodies in the UK are
Association for Computing Machinery (ACM), British Computer Society (BCS) and The
Institution of Engineering and Technology.
The Association for Computing Machinery (ACM) code of conduct requires software
engineers who are its members to avoid harm to people, to be trustworthy, fair and
indiscriminate (ACM code of ethics and professional conduct, 2016). According to section 4.2 of
the ACM code, for the benefit of the public, its members must not expose any confidential
information gained in their professional work (ACM code of ethics and professional conduct,
2016). In relation to scenario mentioned at the onset, it is against the ACM code of conduct
for a professional to send an email to a customer with the aim of luring him to log into a
fake bank page to get his personal details. All professionals must also refrain from
unauthorized altering of online information without permission. Modifying or overwriting of
someones data for selfish gains is also unprofessional (ACM code of ethics and professional
conduct, 2016).
4
In the same vein, members of the BCS are required to safeguard the interest of the public by
performing their duties with care and diligence (The chartered institute for IT, 2016). The BCS
code of conduct also states that its members must not use or pass on confidential information
without permission (The chartered institute for IT, 2016). This, therefore, means that it is
against the BCS code of conduct for a professional to carry out such illegal act in the above
scenario.
Conclusion
According to Aguila Vila et al. (2013) all these security threats discussed in this review can
be categorized in the following:
Recommendation
Banks should use effective authentication programs to ensure secure online transactions
and also use different communication mediums. They must continue to inform customers
of the latest threats and attack patterns adopted by these online criminals (Koskosas,
2011). In other words, they should provide anti-phishing training tips for detecting
phishing emails and websites (Alnajim, 2011). Software engineers must develop secure
online banking applications that would focus on the direct attacks on operating systems.
These applications should also be distributed through trusted channels, reputable sites
that have been tested for security (Aguila Vila et al., 2013).
Bibliography
Abreu, R., David, F., Legcevic, M., Segura, L., Formigoni, H. and Mantovani, F. (2015)
Ethics and fraud in e-banking services, 2015 10th Iberian Conference on Information
Systems and Technologies (CISTI), .doi: 10.1109/cisti.2015.7170491.
Aburrous, M., Hossain, M.A., Dahal, K. and Thabtah, F., 2010. Experimental case studies
for investigating e-banking Phishing techniques and attack strategies. Springer Science +
Business Media.
ACM code of ethics and professional conduct, 2016. Available at: <https://www.acm.org/aboutacm/acm-code-of-ethics-and-professional-conduct#CONTENTS> [Accessed 25 March 2016].
Aguila Vila, J., Serna-Olvera, J., Fernandez, L., Medina, M. and Sfakianakis, A. (2013) A
professional view on ebanking authentication: Challenges and recommendations. Institute of
Electrical & Electronics Engineers (IEEE).
A. M. Alnajim, "High level anti-phishing countermeasure: A case study," Internet Security
(WorldCIS),
2011
World
Congress
on,
London,
2011,
pp.
139-144.
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?
tp=&arnumber=5749899&isnumber=5749844
BCS
code
of
conduct.
IT,
2016.
Available
at:
Brenner, S.W. (2009) Order & disorder: Crime, war, and terrorism. Oxford University Press
(OUP).
Brooks, J., 2006. Anti-phishing best practices: keys to aggressively and effectively
protecting your organization from phishing attacks. White Paper, Cyveillance.
Davidoff, S. and Ham, J. (2012) Network forensics tracking hackers through cyberspace.
Upper Saddle River, NJ: Prentice Hall.
Dickens, J. (2012) Social work, law and ethics. New York, NY: Taylor & Francis.
Downs, J.S., Holbrook, M.B. and Cranor, L.F., 2006. Decision strategies and susceptibility
to phishing. Proceedings of the second symposium on Usable privacy and security - SOUPS
06, pp.7990.
Drig, I. and Isac, C., 2014. E-banking servicesfeatures, challenges and benefits. Annals of
the University of Petroani, Economics, 14(1), pp.41-50.
Duquenoy, P., Jones, S. and Blundell, B.G., 2007. Ethical, legal and professional issues in
computing. United Kingdom: CENGAGE Lrng Business Press.
Fisher, A.W. and McKenney, J.L. (1993) The development of the ERMA banking system:
Lessons from history. (15 Vols). Institute of Electrical & Electronics Engineers (IEEE).
Hawke, J.D., Mr, P., Mr, A.D., Deslandes, J., Bundesbank, D., Am, F., Ms, M., Mr, M.H.,
Kloefer, A., Kreditwesen, B.F.D., Mr, B., Mr, R., Mr, T., Mori, T., Hiroaki, Ms, K., Suzuki,
T., Kojima, K., De Nederlandsche Bank, H., Smid, E., Bankenkommission, E., Kunz, M.,
6
Ms, Q., Martin, K., Washington, D.C., John, C., Federal, Y., Mr, G.J., Mr, C., Barbara, Y.,
Federal, R., Ms, H., Richards, J., Mr, D.C., Mr, H.K., Wilke, C., Mr, J.-P., Commission
Bancaire, Uwe Neumann Banca D italia and Filippo Siracusano Bank Of Japan (2000)
Electronic banking group initiatives and white papers Basel committee for banking
supervision, Office of the Comptroller of the Currency, .
Jagatic, T.N., Johnson, N.A., Jakobsson, M. and Menczer, F. (2007) Social phishing,
Communications of the ACM, 50(10), pp. 94100. doi: 10.1145/1290958.1290968.
Jakobsson, M. and Myers, S. eds., 2006. Phishing and countermeasures: Understanding the
increasing problem of electronic identity theft. United States: Wiley-Interscience.
Jewkes, Y. (ed.) (2006) Crime online: Committing, policing and regulating Cybercrime.
United Kingdom: Willan Publishing.
Johnson, D. and Hampson, E. (2015) Utilising the UK freedom of information act 2000 for
crime record data, Records Management Journal, 25(3), pp. 248268. doi: 10.1108/rmj-052015-0020.
Kalakota, R. and Whinston, A.B. (1996) Electronic commerce: A managers guide. 10th edn.
Reading, MA: Addison-Wesley Educational Publishers.
Kizza, J.M. (2010) Ethical and social issues in the information age. 3rd edn. London:
Springer-Verlag New York.
KoenigLewis, N., Palmer, A. and Moll, A. (2010) Predicting young consumers take up of
mobile banking services, International Journal of Bank Marketing, 28(5), pp. 410432. doi:
10.1108/02652321011064917.
Koskosas, I. (2011) E-banking security: A communication perspective, Risk manag (Bas),
13(1-2), pp. 8199. doi: 10.1057/rm.2011.3.
Moore, T., Clayton, R. and Anderson, R. (2009) The economics of online crime. (23 Vols).
American Economic Association.
Ollmann, G., 2004. The Phishing GuideUnderstanding & Preventing Phishing Attacks.
NGS Software Insight Security Research.
Computer
misuse
act
1990,
c.
Available
http://www.legislation.gov.uk/ukpga/1990/18/section/1 (Accessed: 5 March 2016).
at:
Reisig, M.D., Pratt, T.C. and Holtfreter, K., 2009. Perceived risk of Internet theft Victimization:
Examining the effects of social vulnerability and financial Impulsivity. Criminal Justice and
Behavior, 36(4), pp.369384.
Shah, M. and Clarke, S. (2009) E-banking management: Issues, solutions, and strategies.
United States: Information Science Reference.
Society, I.I.E., Electrical, I. of and Engineers, E. (2007) 2007 inaugural IEEE international
conference on digital Ecosystems and technologies: [DEST 07]; 21 - 23 February 2007, .