See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/378693540

A Qualitative Analysis of Challenges in Online Fraud Detection and Investigation

Chapter · March 2024

DOI: 10.4018/979-8-3693-3555-0.ch009

CITATION READS
1 140

1 author:

Michelle Espinoza
Marymount University
6 PUBLICATIONS 1 CITATION

SEE PROFILE

All content following this page was uploaded by Michelle Espinoza on 04 March 2024.

The user has requested enhancement of the downloaded file.

158

Chapter 9
A Qualitative Analysis of
Challenges in Online Fraud
Detection and Investigation
Michelle Denise Espinoza
https://orcid.org/0009-0009-5213-6974
Marymount University, USA

ABSTRACT
This study employed a qualitative method through a focus group discussion with fraud prevention practi-
tioners working in the insurance, ecommerce, and financial industries. During the discussion, examples of
the paradoxical challenge of too-much-yet-too-little data emerge as well as examples of the interworking
our digital and physical worlds. Based on grounded theory, the authors explore the various trends and
challenges faced by practitioners and provide recommendations to enhance their firm’s investigative
capacity. This chapter contributes to the literature on online fraud detection and prevention by exploring
the understudied problem of how resource constraints and data deluge contribute to the challenge of
online fraud investigations and combines theory with insights from fraud analysts to give practitioners
additional strategies to consider when implementing or enhancing their own fraud prevention programs.

INTRODUCTION

Scholars and practitioners agree that challenges to cybercrime prevention include the shortage of qual-
ity data to train machine-learning detection models and limited human expertise that can make sense of
the data that exists (Sen et al., 2022). The FBI’s Regional Computer Forensics Laboratory 2012 annual
report noted that the volume of data requiring analysis for each case grew 500% between 2006 and 2013
(RCFL, 2012). Cross-linking multiple data sources and devices in addition to sifting through the sheer
volume of data associated with a single forensic investigation continues to compound to problem more
than a decade since that report (Yaacoub et al., 2022). This study employed a qualitative method through
a focus group discussion with fraud prevention practitioners working in the insurance, e-commerce, and

DOI: 10.4018/979-8-3693-3555-0.ch009

Copyright © 2024, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.

Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

financial industries. During the discussion, examples of the paradoxical challenge of too-much-yet-too-
little data emerge as well as examples of the interworking between digital and physical worlds. Based
on grounded theory, we explore the various trends and challenges faced by practitioners and provide
recommendations to enhance their firm’s investigative capacity.
Detection and investigation of online fraud, illustrated in Figure 3, can be loosely summarized as a
six-phase process that includes capturing data, detecting fraudulent activity, investigating the activity,
reporting, evidence collection, and updating existing monitoring efforts for subsequent occurrences of
fraudulent transactions which use the same modus operandi (Ahmed & Kit, 2018). Much focus in recent
years has turned to improving online fraud detection methods and algorithms while the investigation pro-
cess, arguably the bottleneck and most labor-intensive component of the fraud detection and investigation
process, has received less attention (Vance & Roper, 2023). Additionally, the cost for each component
of the process disproportionately supersedes the time investment required as shown in Figure 1. The
Centers for Medicare and Medicaid Services, for example, reports that roughly 51% of US Medicare’s
fraud prevention system funds are spent on investigation as opposed to 44% of costs going towards
development and modeling, yet the Office of the Inspector General (OIG), which investigates these
fraudulent claims, consistently notes that they do not have enough resources or bandwidth to keep pace
with the rise in Medicare fraud (Center for Medicare and Medicaid Services, 2015). 90% of suspected
Medicaid fraud cases were still pending investigation in Medicaid’s 2022 annual report (Maxwell, 2023).
Similarly, a June 2023 report from the US Department of Labor states that the OIG is still reviewing
approximately 163,000 open unemployment insurance fraud complaints related to COVID-19 relief while
receiving 100-300 new UI fraud complaints each week related to pandemic unemployment benefits (US
Department of Labor, 2023). Using the investigation resolution pace noted in the report and assuming
that the office continues collaborating with the 50 U.S. Attorney’s Offices on the current Fraud Strike
Force, it will take the OIG until July 2050 to get through the backlog of pandemic-related investigations.
The US government made an estimated $200 billion in improper payment, and as of August 2023, the
Department brought charges against 3,200 defendants (roughly 1,000 per year) and recovered $1.4 bil-
lion in stolen relief funds (US District Attorney Office, 2023).
Few firms have access to the sizeable budgets and resources of the US Federal Government, and
if the US Government cannot keep pace with the volume of fraud investigations, how much more can
industry firms hope to achieve?

Figure 1. Time vs. cost in fraud vs detection process

159
 
Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

When asked how participants’ respective fraud analyst team split their time, one participant said,
“Our full-time fraud analysts are also responsible for crediting member [customer] accounts… if I
had to guess, it’s probably at least half the time on investigation and then the other half just managing
refunds and probably a really small percentage in education and preventative measures to information
our membership.”
When asked what percentage of fraud reports go uninvestigated because of resource constraints, each
participant shook their head and agreed that their analysts can only cover a fraction of the fraud claims
and reports that come through their departments. One participant noted that despite layoffs throughout his
company, their fraud claims department was the only department and budget that grew during 2022-2023.
Compounding this resource constraint problem, fraudsters evolve their methods nearly as quickly
as companies develop detection models, rendering the companies’ detection efforts obsolete faster than
their effectiveness can be realized (Kurshan & Shen, 2020). One might question the value of investing
anything at all into detection models, but this is like arguing to remove TSA checkpoints from airports
or locks from doors just because a bad actor circumvents prevention and detection efforts. Likewise,
it is impractical to think that the existence of a TSA checkpoint or home alarm eliminates the need for
human intervention and investigation when detecting suspicious activity. Both detection and [human-
in-the-loop] investigation comprise the necessary components of a fraud prevention system. The latter
component is most labor-intensive (Al-Hashedi & Magalingam, 2021).
This chapter contributes to the literature on online fraud detection and prevention by exploring the
understudied problem of how resource constraints and data deluge contribute to the challenge of online
fraud investigations and combines theory with insights from fraud analysts to give practitioners additional
strategies to consider when implementing or enhancing fraud prevention programs.

METHODOLOGY

The study employed a qualitative method via focus group discussion. Combining insights gleaned from
the focus group discussion with insights from extant literature, this researcher examines the challenge
of reaching the dynamic equilibrium of data in fraud detection. Focus group responses were analyzed
using Atlas.ti software and a conventional approach of content analysis was used to derive the coding
categories from the transcript data. Rossman & Rallis (2012) define coding as the process of organizing
the data by bracketing text excerpts into a word representing an overarching theme or category.
First, each quote was coded by the speaker and the industry in which they work. Since these codes
are mutually exclusive, they were excluded from co-occurrence analysis. Next, mentions of specific cy-
bercrime types or modus operandi were coded so that this researcher could evaluate whether there was
a higher prevalence or mention of cybercrime types in one industry more than others.
For the third and fourth reviews, quotes referencing law enforcement and the ease with which one
can open a bank account today were combined under the category of policy. Codes for other emergent
themes such as victim vulnerability, pattern discovery, cross-platform enablement, and the abundance
or lack of data were also applied.

160

Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

FRAUD DETECTION METHODS

Fraud detection requires manual investigation to confirm whether a false alarm was triggered. Similarly,
push notifications from a doorbell camera or motion-sensing lights alert a user when motion is detected,
verification by a human is required to confirm whether the alert warrants action or whether the alert was
triggered by a benign event. Fraud and cybercrime take multiple forms and fraudsters’ methods con-
stantly evolve to evade detection and exploit vulnerabilities specific to a company’s business model—this
makes it impractical to build modus operandi-specific models (Masihullah et al., 2022). Social media
companies may be plagued by bad actors creating millions of malicious accounts to disseminate fake
news, impersonate other users, or distribute malware (Cao et al., 2014; Nasery et al., 2023). E-commerce
companies battle fraudulent credit card transactions, refund scams, and malicious account creation for
review manipulation (Marchal & Szyller, 2019). Some liken fraud detection to finding a needle in a hay-
stack, and in some cases, the entire haystack is made of needles as Valve discovered when they disabled
virtual goods trading from their 18-million player userbase after learning that nearly every transaction
was fraud-sourced (BBC News, 2019).
Multiple supervised and unsupervised machine learning methods such as classification, anomaly
detection, clustering, random forest algorithms, and neural networks are used for fraud detection. These
models are useful to an extent, but because they rely on historical training data, which is often imbal-
anced, and assume that transactions are independent, their effectiveness is limited against the dynamic
modus operandi found in real-world transactions (Ali et al., 2022). Graph-based anomaly detection
(GBAD) methods, which consider the interactions between transactions, have proven more effective in
several scenarios, but the models still require ongoing tuning and manual investigation of transactions
suspected to be fraudulent (Pourhabibi et al., 2020).
Feature engineering, creating variables from the properties and attributes of transactions, requires
domain knowledge and creativity (Zhang et al., 2022). Feature engineering is akin to the secret sauce that
makes or breaks a model and while specific details used in a company’s detection models should not be
disclosed, common attributes analyzed include IP address geolocation, email naming patterns, activity
spikes, age of account, utilization patterns, etc. (Ali et al., 2022). Each of the focus group participants
stated that they rely on Google to research details through publicly available information as part of their
investigation process.

LEVERAGE POINTS IN A SYSTEM AND DETERRENCE THEORY

Leverage points in a complex system are points where a small shift in one thing produces big changes
in everything, akin to the butterfly effect described in Chaos Theory (Abson et al., 2017). Jay Forrester
described leverage points as counterintuitive, or if they are intuitive, we intuitively use them backward
systematically worsening whatever problems we are trying to solve (Meadows, 1999). As digitization
increases, online fraud increases. As online fraud increases, the investigative capacity of organizations
decreases, which reduces the likelihood of catching or stopping fraudsters. This creates a positive feed-
back loop encouraging fraudsters to continue or increase their attacks against the business, which results
in higher financial losses to the business which then reduces the available budget and bandwidth to
investigate fraudulent activity (see Figure 2). Deterrence theory holds that the likelihood and celerity of
punishment for an action are inversely correlated with the incentive to commit the act (Tomlinson, 2016).

161
 
Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

Figure 2. System view of effect of online fraud on investigative capacity

One of the challenges in battling cybercrime and online fraud is the fact that unlike common street
crimes, an instance of cybercrime may cut across multiple jurisdictions and geographies whose nexus
is difficult to pinpoint (Paschal et al., 2021). The territoriality principle was strongly favored at the
turn of the twentieth century as a way to enforce sovereignty and exert control within a government’s
borders (Hodgson, 2008). This territoriality principle, in the form of the criminal jurisdiction mindset,
is no longer tenable in the Internet age and only serves to exacerbate the problem of online fraud and
cybercrime (Cross, 2020). Hodgson (2008) advocates for the application of the doctrine of forum non
conviens which permits a US court to decline to exercise its judicial jurisdiction if the court would be a
seriously inconvenient forum and if an adequate alternative forum exists. Though transnational cyber-
crime is impacting businesses at staggering rates, court-admissible evidence must be certified by the
government/jurisdiction that gathered it, which can take years (Vance & Roper, 2023). Evidence collected
overseas requires the prosecution to invoke a Mutual Legal Assistance Treaty (MLAT) which funnels
through the US Department of Justice’s Office of International Affairs (OIA) and can often take years to
process (Vance & Roper, 2023). To reduce the MLAT bottleneck, the US passed the Clarifying Lawful
Overseas Use of Data Act (CLOUD) in 2018 which allows international partners to obtain electronically
stored evidence without using the MLAT process. Unfortunately, only two other countries, the United
Kingdom and Canada, have entered into the agreement with the U.S. (U.S. Department of Justice, 2022).
The participants each mentioned that only a fraction of the fraud they uncover is referred for prosecu-
tion. It is widely acknowledged by fraudsters, law enforcement, and businesses alike that because the risk
of getting caught and facing punishment is so low, there is little to dissuade fraudsters from committing
their crimes. The focus group participants each acknowledged that their companies rarely, if ever, pursue
legal charges against fraudsters involved in the fraud cases they investigate. One participant stated “We
probably refer like 3-5% of cases to law enforcement and in our case, we hand them the entire case with

162

Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

all of the details so that all they really gotta do is go make an arrest or something like that, but that
doesn’t usually pan out. Very rarely does it pan out.”
Changing the jurisdictional mindset of the courts and law enforcement needs to happen at a policy
level [outside of companies’ realm of influence], but because fraudsters select the path of least resistance,
businesses can apply deterrence theory by enabling fraud analysts to swiftly investigate and close the
loopholes being exploited by fraudsters. Businesses should confer with their fraud analyst departments
to understand whether any policy decisions or process constraints inhibit their analysts’ ability to reduce
the loopholes being exploited, and management should support removing these barriers. Just as juris-
dictional policies are a major constraint to successfully implementing deterrence theory at the macro
[societal] level, so too do management and organizational policies contribute to intra-organizational
constraints (Rahman, 1998).

THEORY OF CONSTRAINTS

In 1984, Eliyahu Goldratt introduced the theory of constraints (TOC) in his novel, The Goal. The theory
of constraints is a management philosophy premised on the idea that goal attainment by a system is
limited by at least one constraint and to optimize a system’s performance, one must identify and remove
the constraints (Şimşit et al., 2014). According to Goldratt’s (1984) theory, there are five steps to focus
on for a system’s continuous improvement:

1. Identify the system’s constraint.

2. Decide how to exploit the system’s constraint.
3. Subordinate everything else to the above decision
4. Elevate the System’s Constraint
5. If in any of the previous steps, a constraint is broken, go back to Step 1

Figure 3. Fraud detection and investigation phases

The five steps of TOC, in Figure 4, are frequently abbreviated as 5FS in the literature. Though the
steps and logic seem ordinary and uninspiring, TOC was at odds with the popular and widely practiced
Lean Manufacturing principles at the time of its introduction. TOC’s implementation demonstrated

163
 
Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

great success both in empirical studies and at several Fortune 500 companies such as 3M, Amazon,
Boeing, Delta Airlines, and GE (Watson et al., 2007). Lean manufacturing focuses on minimizing waste,
while TOC focuses on increasing throughput and continuous process improvement. These philosophies
need not be at odds with each other and can be applied in tandem. In the context of fraud detection
and investigation, reducing the investigation bottleneck will naturally reduce the wasted data filling the
investigation backlog.

Figure 4. Goldratt’s theory of constraints: Five focusing steps

The six-phase process describing the fraud prevention and investigation cycle is over-simplified and
does not consider factors such as minimizing customer friction, maintaining, or improving customer
satisfaction, reputational risks, or other tradeoffs that may be necessary to balance business-specific
operational needs.
What if one considers the reverse application of TOC? Removing constraints in the system increases
throughput, it seems logical that adding constraints would decrease throughput. Let us extend our process
to include the inbound volume of fraudulent transactions. What constraints can one place before the
fraud is detected to reduce the volume of fraudulent transactions affecting the business?
Focus group participants believed that educating customers and front-line staff would decrease the
volume of fraud impacting their businesses. One participant stated: “Customer support and just like
more education as far as fraud [goes] because for a customer I don’t feel like there’s a lot of education
that’s provided. So normally when I’m dealing with a customer, especially if I know that it [the transac-
tion] was something they didn’t intend to do, I’ll try to educate them as much as possible because a lot

164

Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

of times they just think like the only fraud that’s around is like ‘oh, they got my debit card number’ and
then that’s pretty much all the risk out there.”
Another participant noted “If the frontline was a little more skilled in those difficult conversations
[that would help] because I think they [the frontline workers] feel a lot of times that they don’t want to
insult the customer or that they don’t have the right to question a customer about their transaction. You
know it would save us [the fraud analysts] a lot of time because then we have to go back [and have those
conversations]. We see it [fraud] every day. The pattern is blaring then we have to call these people
back and have the harder conversation [letting the customer know they were scammed]. It’s kind of like
doing the job twice. If they [the frontline worker] had the conversation up front [when they suspected
the fraud] it would have been easier.”
In some cases, the same customer may be victimized by multiple scams, “they’re [the customer is]
highly groomed and the bad actor is very skilled at emotionally connecting with them… sometimes I just
have to be very direct [with the customer] and say ‘I know you don’t want to hear it, but you’re being
scammed’. I had one lady—it took me three years to get her to understand that she was routinely being
scammed and they’ll [the fraudsters] switch it up. So if you shut down one scam for this person, you’re
[the customer] on their [the fraudster’s] blacklist and they [the fraudster] will call you again and get
that customer enrolled in a total scam…. It’s very difficult convincing people sometimes that they’re
being scammed.”
Specific detection measures should not be advertised outside of the core management and/or fraud
prevention and investigation teams, particularly to reduce the risk of insider threats. However, educating
frontline workers and customers about trends in online fraudulent schemes and specific warning signs
that customers should be vigilant for, may go a long way towards stemming the tide of fraud. Using
mainstream media interviews, such as 60 Minutes segments, or illustrating documented cases from De-
partment of Justice press releases into 1-page colorful flyers that will capture customer interest. Openly
displaying this educational material and engaging customers in these conversations may alleviate some
of the embarrassment and stigma that fraud victims experience (Fei & McKinnon, 2021).

DISCUSSION

Literature on fraud prevention and detection, particularly IT or data-based prevention and detection
is still scarce (Trierweiler, 2022). As echoed by our participants, investing in a large forensic team to
untangle fraudulent activity is unfeasible for most enterprises; the goal of a fraud detection system may
be to make optimal use of a company’s limited investigation capacity (Baesens et al., 2015). Each of
our participants noted that a substantial portion of reported fraud goes uninvestigated because of limited
investigation capacity, the too much data dilemma. Likewise, they each mentioned that their investiga-
tions require data enrichment or additional data from external sources, the too little data dilemma, but
expressed a desire to have a single platform that consolidated the data from multiple sources, which goes
back to the too much data dilemma.
In one scenario described, the same applications that fraudsters used to intercept and redirect ship-
ments, were the same applications used to track and apprehend the thieves, an example of data being
weaponized against its victim and later used by the victim to defend against the perpetrator.
This highlights the paradoxical role of data. Companies invest in protecting their systems and data
from breaches. Data breaches pose substantial risks to companies, particularly SMEs for whom a single

165
 
Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

data breach can jeopardize their survival (Shaikh & Siponen, 2023). Short-term incident costs include
loss or damage to assets, intellectual property theft, loss of business continuity, and labor costs involved
with investigating the breach. Long-term costs include reputational damage, market losses, loss of exist-
ing and potential customers, and in some cases, fees and fines related to the breach (Shaikh & Siponen,
2023). As Burrell et al. (2023) note, industries are interwoven and companies are not just protecting
their data, but often the data of other vendors and partners too (Burrell et al., 2023). Ironically, this asset
[data] they invest so much in protecting is an asset that most organizations struggle to extract value from
(Magistretti et al., 2020). Only 18% of companies surveyed by Deloitte (2019) have been able to leverage
the hidden potential in their unstructured data and according to Davenport & Harris (2017), companies
average eighteen to thirty-six months of regularly working with data to develop a steady stream of rich
insights that can be translated into practice. Mikalef & Krogstie (2019) note the importance of having
the skill set to transform raw data into actionable insight, yet none of the participants were familiar with
modern graph-based detection techniques and do not use graph databases in their organizations.
A surprising dynamic described by both financial industry participants is the difficulty their repre-
sentatives have in convincing love scam victims that they were being victimized by scammers. In some
cases, the victims went as far as accusing the banks of being the scammers and of stealing their [the
victims’] money.
The duration of the victim grooming phase, in some cases, was also a surprise. For example, bad actors
seeking lateral movement in the networks of businesses with compromised credentials have been known
to spend months observing the interactions between organization users and planning their exploits. It was
not until 2023 that we discovered Chinese state-sponsored hackers had infiltrated and gone undetected
on some high-profile networks for more than 5 years (Dow Jones Institutional News, 2023). Fraudsters
engaged in synthetic identity theft have been known to cultivate thousands of synthetic identities over a
2-3-year period (Bhardwaj & Kaushik, 2022). Participants from the financial industry described cases
where scammers groomed their victims for up to 5 years before striking. The duration factor, while not
the focus of this paper, complicates the detection and investigation process. In some cases, the tenure of
the investigator may be shorter than the time it takes for the fraudulent pattern to emerge in the transac-
tion network. Additionally, investigations use much shorter windows of activity for analysis. Signals,
interactions, and other clues that may spot the emerging fraudulent activity go unnoticed. The statute
of limitations in the prosecuting jurisdiction is another time constraint to contend with. As more time
passes, the evidence available to the defense and prosecution diminishes, weakening the prosecution’s
case and minimizing the likelihood of successful prosecution (Vance & Roper, 2023).

CONCLUSION

This chapter explored the understudied problem of how resource constraints and data deluge contribute
to the challenge of online fraud investigations and combined theory with insights from fraud analysts to
give practitioners additional strategies to consider when implementing or enhancing fraud prevention
programs. The statistics and participant feedback suggest that companies should invest more in investi-
gative capacity to cope with a surplus of suspected fraudulent transactions. Given the low likelihood of
criminal prosecution, the aim of the investigation should be confirmation that a transaction is fraudulent
so that the vulnerability can be addressed by the business. Addressing the vulnerability may involve dis-
abling the accounts involved in the transaction or altering internal policies that fraudsters are exploiting.

166

Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

The actions needed to increase constraints on the volume of inbound fraudulent transactions are con-
tingent on the business model of affected organizations but may involve customer education or front-line
employee awareness training. Swifter confirmation of fraudulent transactions in the investigation phase
and the ensuing remediation may increase constraints on inbound fraud as fraudsters will be forced to
modify their modi operandi more often to evade detection.
Along with increasing investigative capacity, businesses should examine their investigative process
for opportunities to automate data enrichment or enhance their analysis process. Expanding the temporal
window of transactions being analyzed or viewing transactions from the perspective that the majority
of transactions are fraudulent, and the anomalies are legitimate may allow for additional patterns to
emerge. Cybercrime and online fraud will continue plaguing businesses for the foreseeable future until
the broader societal and systemic issues underlying the problems are fixed, but this chapter provides a
starting point for businesses to rethink approaches to mitigation.

REFERENCES

Abson, D. J., Fischer, J., Leventon, J., Newig, J., Schomerus, T., Vilsmaier, U., von Wehrden, H., Aber-
nethy, P., Ives, C. D., Jager, N. W., & Lang, D. J. (2017). Leverage points for sustainability transforma-
tion. Ambio, 46(1), 30–39. doi:10.1007/s13280-016-0800-y PMID:27344324
Ahmed, A. A., & Kit, Y. W. (2018). Collecting and Analyzing Digital Proof Material to Detect Cyber-
crimes. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf
on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and
Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech), (pp. 742–747). IEEE.
Al-Hashedi, K. G., & Magalingam, P. (2021). Financial fraud detection applying data mining techniques:
A comprehensive review from 2009 to 2019. Computer Science Review, 40, 100402. doi:10.1016/j.
cosrev.2021.100402
Ali, A., Abd Razak, S., Othman, S. H., Eisa, T. A. E., Al-Dhaqm, A., Nasser, M., Elhassan, T., Elshafie,
H., & Saif, A. (2022). Financial Fraud Detection Based on Machine Learning: A Systematic Literature
Review. Applied Sciences (Basel, Switzerland), 12(19), 9637. doi:10.3390/app12199637
Baesens, B., Van Vlasselaer, V., & Verbeke, W. (2015). Fraud Analytics Using Descriptive, Predictive,
and Social Network Techniques: A Guide to Data Science for Fraud Detection (1st ed.). John Wiley &
Sons. doi:10.1002/9781119146841
BBC News. (2019, November 1). Valve shuts down money laundering via CS:GO game. BBC. https://
www.bbc.com/news/technology-50262447
Bhardwaj, A., & Kaushik, K. (2022). Investigate Financial Crime Patterns Using Graph Databases. IT
Professional, 24(4), 27–36. doi:10.1109/MITP.2022.3157029
Burrell, D. N., Nobles, C., Cusak, A., Jones, L. A., Wright, J. B., Mingo, H. C., Ferreras-Perez, J.,
Khanta, K., Shen, P., & Richardson, K. (2023). Cybersecurity and Cyberbiosecurity Insider Threat Risk
Management. In Handbook of Research on Cybersecurity Risk in Contemporary Business Systems (pp.
121–136). IGI Global. doi:10.4018/978-1-6684-7207-1.ch006

167
 
Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

Cao, Q., Yang, X., Yu, J., & Palow, C. (2014). Uncovering Large Groups of Active Malicious Accounts
in Online Social Networks. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Com-
munications Security, (pp. 477–488). ACM. 10.1145/2660267.2660269
Center for Medicare and Medicaid Services. (2015). Centers for medicare and medicaid services fraud
prevention system return on investment. Centers for Medicare and Medicaid Services. https://www.
cms.gov/about-cms/components/cpi/downloads/fraud-prevention-system-return-on-investment-fourth-
implementation-year-2015.pdf
Cross, C. (2020). ‘Oh we can’t actually do anything about that’: The problematic nature of jurisdiction for
online fraud victims. Criminology & Criminal Justice, 20(3), 358–375. doi:10.1177/1748895819835910
Dow Jones Institutional News. (2023, March 17). China’s novel attacks target U.S., Mandiant says. Dow
Jones Institutional News. https://www.proquest.com/docview/2787762436?parentSessionId=6aqN80V
1jJ1Ey1%2BpE66NlIdkmp9FJz1UdZeAvd7Lyp4%3D&pq-origsite=primo&accountid=27975&source
type=Wire%20Feeds
Fei, M. K. W., & McKinnon, T. (2021). COVID-19 and cyber fraud: Emerging threats during the pan-
demic. Journal of Financial Crime, 29(2), 433–446.
Hodgson, T. W. (2008). From famine to feast: The prosecution of multi-jurisdictional financial crime
in the electronic age. Journal of Financial Crime, 15(3), 320–337. doi:10.1108/13590790810882900
Kurshan, E., & Shen, H. (2020). Graph Computing for Financial Crime and Fraud Detection: Trends,
Challenges and Outlook. International Journal of Semantic Computing, 14(04), 565–589. doi:10.1142/
S1793351X20300022
Magistretti, S., Dell’Era, C., & Verganti, R. (2020). Searching for the right application: A technology
development review and research agenda. Technological Forecasting and Social Change. Science Direct.
https://www.sciencedirect.com/science/article/pii/S0040162518308539
Marchal, S., & Szyller, S. (2019). Detecting organized eCommerce fraud using scalable categorical
clustering. Proceedings of the 35th Annual Computer Security Applications Conference, (pp. 215–228).
ACM. 10.1145/3359789.3359810
Masihullah, S., Negi, M., Matthew, J., & Sathyanarayana, J. (2022). Identifying Fraud Rings Using Do-
main Aware Weighted Community Detection. Machine Learning and Knowledge Extraction: 6th IFIP
TC 5, TC 12, WG 8.4, WG 8.9, WG 12.9 International Cross-Domain Conference, CD-MAKE 2022,
Vienna, Austria.
Maxwell, A. (2023). Medicaid Fraud Control Units Fiscal Year 2022 Annual Report. US Department
of Health and Human Services Office of Inspector General. https://oig.hhs.gov/oei/reports/OEI-09-23-
00190.pdf
Meadows, D. (1999). Places to intervene in a system. The Sustainability Institute.
Mikalef, P., Pappas, I. O., Krogstie, J., & Pavlou, P. A. (2020). Big data and business analytics: A re-
search agenda for realizing business value. Information & Management, 57(1), 103–237. doi:10.1016/j.
im.2019.103237

168

Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

Nasery, M., Turel, O., & Yuan, Y. (2023). Combating fake news on social media: A framework, review,
and future opportunities. Communications of the Association for Information Systems, 53(1), 833–876.
doi:10.17705/1CAIS.05335
Paschal, U., Nwankwo, W., Masajuwa, F. U., Imoisi, S., & Chinedu, P. U. (2021). Cybercrime detection
and prevention efforts in the last decade: An overview of the possibilities of machine learning models.
doi:10.48047/rigeo.11.07.92
Pourhabibi, T., Ong, K.-L., Kam, B. H., & Boo, Y. L. (2020). Fraud detection: A systematic litera-
ture review of graph-based anomaly detection approaches. Decision Support Systems, 133, 113303.
doi:10.1016/j.dss.2020.113303
Rahman, S.-U. (1998). Theory of constraints: A review of the philosophy and its applications. International
Journal of Operations & Production Management, 18(4), 336–355. doi:10.1108/01443579810199720
Sen, R., Heim, G., & Zhu, Q. (2022). Artificial Intelligence and Machine Learning in Cybersecurity:
Applications, Challenges, and Opportunities for MIS Academics. Communications of the Association
for Information Systems, 51(1), 28. doi:10.17705/1CAIS.05109
Sen, R., Heim, G., & Zhu, Q. (2022). Artificial Intelligence and Machine Learning in Cybersecurity:
Applications, Challenges, and Opportunities for MIS Academics. Communications of the Association
for Information Systems, 51(1), 28. doi:10.17705/1CAIS.05109
Shaikh, F. A., & Siponen, M. (2023). Organizational learning from cybersecurity performance: Effects
on cybersecurity investment decisions. Information Systems Frontiers. doi:10.1007/s10796-023-10404-7
Şimşit, Z. T., Günay, N. S., & Vayvay, Ö. (2014). Theory of constraints: A literature review. Procedia:
Social and Behavioral Sciences, 150, 930–936. doi:10.1016/j.sbspro.2014.09.104
Tomlinson, K. D. (2016). An examination of deterrence theory: Where do we stand? Federal Probation,
80(3). https://www.uscourts.gov/sites/default/files/80_3_4_0.pdf
Trierweiler, M. K. (2022). IT-based Fraud Management Approaches in Small and Medium Enterprises
– A Multivocal Literature Review. Wirtschaftsinformatik 2022 Proceedings. https://aisel.aisnet.org/
wi2022/adoption_diffusion/adoption_diffusion/6/
U.S. Department of Justice. (2022). Comprehensive cyber review 2022. US DoJ. https://www.justice.
gov/dag/page/file/1520341/dl?inline
US Department of Labor. (2023). Pandemic Response Oversight Plan. US Department of Labor. https://
www.oig.dol.gov/public/oaprojects/2023%20Revised%20Pandemic%20Response%20Oversight%20
Plan.pdf
US District Attorney Office. (2023, August 23). Deputy Attorney General Lisa O. Monaco Announces
Results of Nationwide COVID-19 Fraud Enforcement Action. US DoJ. https://www.justice.gov/opa/
speech/deputy-attorney-general-lisa-o-monaco-announces-results-nationwide-covid-19-fraud
Vance, C. R., Jr, & Roper, E. (2023). Access Controls: THE NEED FOR IMPROVED INTERNATIONAL
EVIDENCE SHARING in Cybercrime Investigations. Criminal Justice; Chicago, 38(2), 34–40.

169
 
Qualitative Analysis of Challenges in Online Fraud Detection, Investigation

Watson, K. J., Blackstone, J. H., & Gardiner, S. C. (2007). The evolution of a management philosophy: The
theory of constraints. Journal of Operations Management, 25(2), 387–402. doi:10.1016/j.jom.2006.04.004
Yaacoub, J.-P. A., Noura, H. N., Salman, O., & Chehab, A. (2022). Advanced digital forensics and anti-
digital forensics for IoT systems: Techniques, limitations and recommendations. Internet of Things :
Engineering Cyber Physical Human Systems, 19, 100544. doi:10.1016/j.iot.2022.100544
Zhang, L., Wu, T., Chen, X., Lu, B., Na, C., & Qi, G. (2022). Auto Insurance Knowledge Graph Con-
struction and Its Application to Fraud Detection. Proceedings of the 10th International Joint Conference
on Knowledge Graphs, (pp. 64–70). IEEE.

170

View publication stats