Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Chelsea Binns
September 15, 2015
Will dedicated hotlines increase cyber crime reporting? Yes, according to one New Jersey lawmaker’s recent proposal to introduce a Cyber Fraud Hotline. The story behind this proposal illustrates a growing public need for cyber crime reporting mechanisms.
Research suggests that would-be tipsters across the globe are often aware of cyber crime; yet don’t know how to report it. It is important to understand the history behind the use of fraud hotlines to receive crime tips and the present use of this reporting mechanism to receive tips about cyber crime.
Fraud hotlines are confidential reporting mechanisms for tipsters to report allegations of fraud, waste, abuse, mismanagement or other criminal conduct. While fraud hotlines were historically telephone-driven mechanisms, today’s hotlines may offer tipsters the opportunity to report in many formats, including text, email and Web forms.
Over the last 40 years, hotlines have been employed in a wide range of sectors. The government sector began using hotlines to receive tips in the 1970s. In 2002, hotline use became more prevalent in the private sector following the Sarbanes Oxley Act (SOX), which required anonymous reporting mechanisms in publicly-listed companies. SOX was a policy response to several egregious internal frauds (Enron, Arthur Andersen, Adelphia Communications, ImClone, WorldCom).
The use of fraud hotlines in the private sector was later reinforced by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Dodd-Frank was a policy response to corporate crime (Bernie Madoff) which caused the global financial crisis of 2008-2012.
It is clear lawmakers believe hotlines have the potential to thwart crime. The legislation enacted between 2002 and 2010, and the recent proposal in New Jersey, was based on the assumption that callers use hotlines to report crime.
However, it is important to note the Dodd-Frank legislation added a reporting incentive – a money reward for hotline tipsters. Dodd-Frank expanded the whistleblower provisions in SOX and the Securities and Exchange Act of 1934 to provide tipsters, who report violations of certain laws to federal authorities, a reward based on the amount of money recovered by the Securities and Exchange Commission (SEC). Overall, the tipster is promised between 10 percent to 30 percent of recoveries over $1 million.
The program is still too new to validate the success of offering reward money for tips, but the early data show promise. According to the SEC Office of the Whistleblower, to date, 18 whistleblowers have been paid over $50 million in exchange for their tips.
Today, hotlines are currently being used to receive cyber crime tips. The Federal Bureau of Investigation and the National White Collar Crime Center jointly offer an Internet Crime Complaint Center (IC3) to hear cyber crime complaints via webform. On a local level, agencies such as The Sangamon County Sheriff’s Office in Illinois recently created a cybercrime hotline, with more reporting options, and will hear tips by phone, email and text.
Other government hotlines are presently offering rewards to callers. Some agencies have even recently increased their reward amounts. New York State recently started a hotline to receive tips about illegal guns. This hotline offers a $500 reward. Since 1982, Kansas City has operated a hotline, which pays callers for their tips regarding felony crime. Recently, they doubled their reward from $1000 to $2000.
There is reason to believe that callers will report crime without reward. Fraud hotlines in private sector organizations typically do not offer reward money, yet have had great success in catching organizational crime. In fact, in their 2015 “Report to the Nations on Occupational Fraud and Abuse” the Association of Certified Fraud Examiners (ACFE) found that hotlines are the most effective way to detect organizational fraud. The ACFE’s findings have been consistent in this regard since 2002.
In New Jersey, Assembly Republican Leader Jon Bramnick learned that his constituents had knowledge of cyber crimes, but didn’t know how to report them. He also determined that he, himself, didn’t know how to report them either. Thus he concluded New Jersey needed “one-stop shopping” for cyber fraud reporting.
Across the globe, in Mumbai, India, research suggest their residents experienced similar reporting challenges. A 2010 KPMG Survey revealed that most respondents, 79 percent, did not know how to report cyber crime.
In response to their cyber reporting challenges, Australia recently implemented a cyber hotline at the national level, the Australian Cybercrime Online Reporting Network (ACORN). ACORN is expected to revolutionize cyber crime reporting, by “enable[ing] police to access a national picture of the cybercrime affecting Australians and Australian businesses, enabling them to develop improved tactical and strategic responses to key cybercrime threats.”
Naturally, for entities deciding to implement a similar hotline, cost may be a concern. However, some are able to implement their cyber crime hotline at no cost to taxpayers. For the Sangamon County Sheriff’s Office, the hotline was implemented “…at no cost to taxpayers…[by] us[ing] a line that was already owned by the sheriff’s office and hook[ing] up a voice mail to it.”
While cyber crime hotlines are not always easy to implement, it is clear that governments are recognizing their value in the fight against cyber crime.
Author: Chelsea Binns is an assistant professor at St. John’s University. She is also the second vice president and training director of the New York Chapter of the Association of Certified Fraud Examiners (NYCFE). Chelsea is currently writing a book about fraud hotlines. She can be reached at [email protected].