Estimating the Risk of Fraud Against E-Services

• Published in: Secure IT Systems Vol. 11252; pp. 306 - 322
• Main Authors: Yesuf, Ahmed Seid, Probst, Christian W.
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2018; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: E-service; Fraud; Risk analysis; Risk estimation; Security
• ISBN: 3030036375; 9783030036379
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-03638-6_19

Industry is continuously developing, deploying, and maintaining e-services to transform traditional offerings. While protection of traditional services is well understood, their digital transformation often is vulnerable to known and new attacks. These vulnerabilities open the door for fraudsters to exploit the weaknesses of the new systems and associated services, causing losses of billions of dollars for global economy. This development is caused by the ease of developing new offerings, and the difficulty of performing thorough risk assessment during their design and development. Traditional risk assessment methodologies need to be enhanced to include threat scenarios faced by e-services, and to enable them to match the short development timeframes and to inform the decision-making process. In this paper we present a fraud risk estimation approach addresses these requirements. Based on a list of threat scenarios, our approach calculates the potential risk using pre-computed risk factors, and visualises the analysis result for an informed decision making. In doing so, our approach increases visibility and awareness of fraud risks, and reduces the time spent to calculate potential risks at the design level and throughout development. Together, these properties make our fraud risk estimation approach ideally suited for constantly applied, iterative risk analysis.