A comparative study of reported and unreported computer crimes
by Hilton Kwok Hung Chan
Ph.D. Information and Systems Management
xiv, 414 leaves : ill. (some col.) ; 30 cm
With the proliferation of E-Commerce activities and the Internet, computer crime has become a threat to economic growth and national security. Unfortunately, we have little understanding of the computer abuse problem because it is extremely difficult for outside researchers to have any direct access whatsoever to the sensitive research data for analysis. Underreporting is a major obstacle to our understanding of the computer abuse problem....[ Read more ]
With the proliferation of E-Commerce activities and the Internet, computer crime has become a threat to economic growth and national security. Unfortunately, we have little understanding of the computer abuse problem because it is extremely difficult for outside researchers to have any direct access whatsoever to the sensitive research data for analysis. Underreporting is a major obstacle to our understanding of the computer abuse problem.
The key research questions in this research study are:- (a) What are the differences between reported and unreported computer crimes? (b) Why are computer crimes underreported? (c) What is the process leading to the reporting and non-reporting of computer crimes?
Previous research studies have suggested explanations for the underreporting problem of computer abuse incidents. However, these explanations only represent the victim's perspective through survey studies rather than the full facts of the case due to the unavailability of sensitive data. The unreported computer abuse incidents in the previous research are the "discovered, but unreported" cases where the victim discovers the crime, but fails to take action and report it.
This research study has explored the underreporting problem of computer crimes by collecting data from multiple sources, e.g. the victim, the informant/witness, the perpetrator, the police investigator, and other stakeholders (banks and financial institutes, Internet service providers, etc.),through multiple means, e.g. interviews, participant observation, documents analysis, and undercover operations. The unreported computer crimes in the research include both the "discovered, but unreported" cases, and the "not discovered and unreported" cases in which the victims have no knowledge of the incidents.
The purpose of this research is to understand why most victims do not report computer crimes and the process leading to the reporting and non-reporting decision by examining the differences between reported and unreported computer crime cases. The unit of analysis is the computer crime case.
In qualitative research methodology, participant observation is used to identify the special characteristics or the affecting factors of the unreported and reported computer crime cases. The qualitative approach includes:- (i) direct observations on human behaviours, events and activities, (ii) interviews with victims, perpetrators, informants, witnesses, police investigators and other stakeholders, and (iii) document analysis of reports, memos, statements, case files and archived records.
The findings from the participant observation can provide a fundamental framework for coding of the results for empirical study. The statistical techniques include the use of :- (i) contingency tables, (ii) comparing proportion differences, (iii) chi-squared test, (iv) confidence interval for difference of proportions, (v) odd ratio, (vi) correspondence analysis, (vii) principal component analysis and (viii) logistic regression. The empirical findings can provide an overall understanding of the differences between unreported and reported computer crimes and contribute knowledge to the underreporting problem.
As an extension of this quantitative analysis approach, the research is then strengthened by examining four case studies in-depth. Two good cases that fit well with the logistic regression model and two bad cases that do not fit well with the logistic regression model are selected for case study. The case study findings have enriched the research outcomes with construct validity, content validity, external validity and reliability.
The research results are extremely important and useful. Without a safe and secure environment, it will be difficult to establish trust in conducting E-Commerce between anonymous parties over the Internet. Computer abuse is a major threat to E-Commerce activities and the underreporting problem has hindered the efficacy of policy makers, law enforcement agencies, IT security professionals and corporate management in addressing the computer abuse/crime problem globally. The research findings have been analyzed using a spiral DIER (Discovery-Investigation-Escalation-Revelation) model for better understanding of the actions and responses of individuals and corporations regarding computer crime incidents. Subsequently, a workable strategy is also proposed to rectify the underreporting problem and enhance our knowledge of the computer crime problem.