The role of IT/IS in combating fraud in the payment card industry

The vast growth of the payment card industry (PCI) in the last 50 years has placed the industry in the centre of attention, not only because of this growth, but also because of the increase of fraudulent transactions. The conducted research in this domain has produced statistical reports on detection of fraud, and ways of protection. On the other hand, the relevant body of research is quite partial and covers only specific topics. For instance, the provided reports related to losses due to fraudulent usage of cards usually do not present the measures taken to combat fraud nor do they explain the way fraud happens. This can turn out to be confusing and makes one believe that card usage can be more negative than positive. This paper is intended to provide accumulative and organized information of the efforts made to protect businesses from fraud. We try to reveal the effectiveness and efficiency of the current fraud combating techniques and show that organized worldwide efforts are needed to take care of the larger part of the problem. The research questions that will be addressed in the paper are: 1) how can IT/IS help in combating fraud in the PCI?, and 2) is the implemented IT/IS effective and efficient enough to bring progress in combating fraud? Our research methodology is based on a case study conducted in a Macedonian bank. The research is explorative and will be mostly qualitative in nature; however some quantitative aspects will be included. The findings indicate that fraud can take up many forms. A classification of the different forms of data theft into different fraudulent appearances was made. We showed that the benefits from implementing the fraud reduction efforts are multiple. Results show that a bank has to be very small to experience losses from fixed expenditures coming from the implementation of the fraud reduction IT/IS. Medium-sized and large banks should not even see any problems arising from those expenditures. Based on the empirical data and the presented facts we can conclude that the fraud reduction IT/IS do have a positive effect on all sides of the payment process and fulfills the expectations of all stakeholders

Towards a theoretical foundation of IT governance: the COBIT 5 case

Abstract: COBIT, (Control Objectives for Information and Information related Technologies) as an IT governance framework is well-known in IS practitioners communities. It would impair the virtues of COBIT to present it only as an IT governance framework. COBIT analyses the complete IS function and offers descriptive and normative support to manage, govern and audit IT in organizations. Although the framework is well accepted in a broad range of IS communities, it is created by practitioners and therefore it holds only a minor amount of theoretical supported claims. Thus critic rises from the academic community. This work contains research focusing on the theoretical fundamentals of the ISACA framework, COBIT 5 released in 2012. We implemented a reverse engineering work and tried to elucidate as much as possible propositions from COBIT 5 as an empiricism. We followed a qualitative research method to develop inductively derived theoretical statements. However our approach differs from the original work on grounded theory by Glaser and Strauss (1967) since we started from a general idea where to begin and we made conceptual descriptions of the empirical statements. So our data was only restructured to reveal theoretical findings. We looked at three candidate theories: 1) Stakeholder Theory (SHT), 2) Principal Agent Theory (PAT), and 3) Technology Acceptance Model (TAM). These three theories are categorized and from each theory, several testable propositions were deduced. We considered the five COBIT 5 principles, five processes (APO13, BAI06, DSS05, MEA03 and EDM03) mainly situated in the area of IS security and four IT-related goals (IT01, IT07, IT10 and IT16). The choice of the processes and IT-related goals are based on an experienced knowledge of COBIT as well of the theories. We constructed a mapping table to find matching patterns. The mapping was done separately by several individuals to increase the internal validity. Our findings indicate that COBIT 5 holds theoretical supported claims. The lower theory types such as PAT and SHT contribute the most. The presence and contribution of a theory is significantly constituted by IT-related goals as compared to the processes. We also make some suggestions for further research. First of all, the work has to be extended to all COBIT 5 processes and IT-related goals. This effort is currently going on. Next we ponder the question what other theories could be considered as candidates for this theoretical reverse engineering labour? During our work we listed already some theories with good potential. Our used pattern matching process can also be refined by bringing in other assessment models. Finally an alternative and more theoretic framework could be designed by using design science research methods and starting with the most relevant IS theories. That could lead to a new IT artefact that eventually could be reconciled with COBIT 5

Building an Application-specific Memory Hierarchy on FPGA

The high potential performance of FPGAs cannot be exploited if a design suffers a memory bottleneck. Therefore, a memory hierarchy is needed to reuse data in on-chip memories and minimize the number of accesses to off-chip memory

Creatieve mogelijkheden van ICT voor KMO's: wereldwijd bestudeerd

Crowdsourcing en trust zijn twee belangrijke thema’s als het gaat om informatietechnologie bij KMO’s. Dat bleek tijdens een driedaagse conferentie eind juni in Guimarães. Howes tdocent en –onderzoeker Jan Devos was er één van de sprekers

IT governance in SMEs: trust or control?

It is believed by many scholars that a small and medium-sized enterprise (SME) cannot be seen through the lens of a large firm. Theories which explain IT governance in large organizations and methodologies used by practitioners can therefore not be extrapolated to SMEs, which have a completely different economic, cultural and managerial environment. SMEs suffer from resource poverty, have less IS experience and need more external support. SMEs largely contribute to the failure of many IS projects. We define an out-sourced information system failure (OISF) as a failure of IT governance in an SME environment and propose a structure for stating propositions derived from both agency theory and theory of trust. The theoretical question addressed in this paper is: how and why do OISFs occur in SMEs? We have chosen a qualitative and positivistic IS case study research strategy based on multiple cases. Eight cases of IS projects were selected. We found that trust is more important than control issues like output-based contracts and structured controls for eliminating opportunistic behaviour in SMEs. We conclude that the world of SMEs is significantly different from that of large companies. This necessitates extra care to be taken on the part of researchers and practitioners when designing artefacts for SMEs

Narratives of an outsourced information systems failure in a small enterprise

In this study we investigate a case of an outsourced information systems (IS) failure (OISF) within the collaborative partnership among asymmetric partners. A small and medium-sized enterprise (SME) is dealing with an independent software vendor (ISV) conducting a project of implementing an IS that fails. We used a narrative research methodology for our enquiry. In the construction of our narrative we followed the OISF framework as a theoretical touchstone. As a major conclusion we found that asymmetric collaborations with partners with inadequate managerial and technical IT capabilities are extremely prone to OISF’s. We showed that an outcome-based and fixed price contract is not an adequate instrument to conduct such a partnership and to avoid a failure