User:Mrsmscotbord12/sandbox

Introduction and Description
Situational crime prevention (SCP) is a relatively new concept that employs a preventative approach by focussing on methods to reduce the opportunities for crime. SCP focuses on the criminal setting and is different from most criminology as it begins with an examination of the circumstances that allow particular types of crime. By gaining an understanding of these circumstances, mechanisms are then introduced to change the relevant environments with the aim of reducing the opportunities for particular crimes. Thus, SCP focuses on crime prevention rather than the punishment or detection of criminals and its intention is to make criminal activities less appealing to offenders.

SCP focuses on opportunity-reducing processes that:
 * Are aimed at particular forms of crime;
 * Entail the management, creation or manipulation of the immediate environment in as organised and permanent a manner as possible; and
 * Result in crime being more difficult and risky or less rewarding and justifiable.

The theory behind SCP concentrates on the creation of safety mechanisms that assist in protecting people by making criminals feel they may be unable to commit crimes or would be in a situation where they may be caught or detected, which will result in them being unwilling to commit crimes where such mechanisms are in place. The logic behind this is based on the concept of rational choice - that every criminal will assess the situation of a potential crime, weigh up how much they may gain, balance it against how much they may lose and the probability of failing, and then act accordingly.

Applying SCP to Information Systems (IS)
It has been suggested that the theory behind situational crime prevention may also be useful in improving information systems (IS) security by decreasing the rewards criminals may expect from a crime. SCP theory aims to affect the motivation of criminals by means of environmental and situational changes and is based on three elements:


 * Increasing the perceived difficulty of crime;
 * Increasing the risks; and
 * Reducing the rewards.

IS professionals and others who wish to fight computer crime could use the same techniques and consequently reduce the frequency of computer crime that targets the information assets of businesses and organisations. Designing out crime from the environment is a crucial element of SCP and the most efficient way of using computers to fight crime is to predict criminal behaviour, which as a result, makes it difficult for such behaviour to be performed. SCP also has an advantage over other IS measures because it does not focus on crime from the criminal’s viewpoint. Many businesses/organisations are heavily dependent on information and communications technology (ICT) and information is a hugely valuable asset, which means IS has become increasingly important. While storing information in computers enables easy access and sharing by users, computer crime is a considerable threat to such information, whether committed by an external hacker or by an ‘insider’ (a trusted member of a business or organisation). After viruses, illicit access to and theft of, information form the highest percentage of all financial losses associated with computer crime and security incidents. Businesses need to protect themselves against such illegal or unethical activities, which may be committed via electronic or other methods and IS security technologies are vital in order to protect against amendment, unauthorised disclosure and/or misuse of information. Computer intrusion fraud is a huge business with hackers being able to find passwords, read and alter files and read email, but such crime could almost be eliminated if hackers could be prevented from accessing a computer system or identified quickly enough.

Despite many years of computer security research, huge amounts of money being spent on secure operations and an increase in training requirements, there are frequent reports of computer penetrations and data thefts at some of the most heavily protected computer systems in the world. Criminal activities in cyberspace are increasing with computers being used for numerous illegal activities, including email surveillance, credit card fraud and software piracy. As the popularity and growth of the Internet continues to increase, many web applications and services are being set up, which are widely used by businesses for their business transactions.

In the case of computer crime, even cautious companies or businesses that aim to create effective and comprehensive security measures may unintentionally produce an environment, which helps provide opportunities because they are using inappropriate controls. Consequently, if the precautions are not providing an adequate level of security, the IS will be at risk.

Situational Crime Prevention and Fraud
In computer systems that have been developed to design out crime from the environment, one of the tactics used is risk assessment, where business transactions, clients and situations are monitored for any features that indicate a risk of criminal activity. Credit card fraud has been one of the most complex crimes worldwide in recent times and despite numerous prevention initiatives, it is clear that more needs to be if the problem is to be solved. Fraud management comprises of a whole range of activities, including early warning systems, signs and patterns of different types of fraud, profiles of users and their activities, security of computers and avoiding customer dissatisfaction. There are a number of issues that make the development of fraud management systems an extremely difficult and challenging task, including the huge volume of data involved; the requirement for fast and accurate fraud detection without inconveniencing business operations; the ongoing development of new fraud to evade existing techniques; and the risk of false alarms.

Generally, fraud detection techniques fall into two categories: statistical techniques and artificial intelligence (AI) techniques.

Important statistical data analysis techniques to detect fraud include:
 * Grouping and classification to determine patterns and associations among sets of data.
 * Matching algorithms to identify irregularities in the transactions of users compared to previous profiles.
 * Data pre-processing techniques for validation, correction of errors and estimating incorrect or missing data.

Important AI techniques for fraud management are:


 * Data mining – to categorise and group data and automatically identify associations and rules that may be indicative of remarkable patterns, including those connected to fraud.
 * Specialist systems to programme expertise for fraud detection in the shape of rules.
 * Pattern recognition to identify groups or patterns of behaviour either automatically or to match certain inputs.
 * Machine learning techniques to automatically detect the characteristics of fraud
 * Neural networks that can learn suspicious patterns and later identify them.