Pulling the plug on computer crime

Recently a woman walked into a Los Angeles bank and tried to take $60,000 out of her account. Her bank balance showed that she had plenty of cash to cover the withdrawal.

But the woman was arrested, and so was a bank teller, for trying to steal the money. According to the charges, the customer really had only $50 in her account; the teller had manipulated the bank's computers to transfer $106,900 into her name.

This case is but one more entry into the ledger of a nationwide problem -- computterized crime. No one, including the FBI, knows how much money is syphoned off by white-collar criminals who know how to use computers. At a National Conference on Computer Related Crime meeting in Washington this month, estimates varied wildly from several million to hundreds of millions of dollars each year.

Using a computer, a clever dishonest person can steal millions of dollars, order merchandise without payment, copy valuable trade secrets, or simply add the name of fictitious employee to the payroll.

"The computer makes theft easy," says August Bequai, a Washington attorney who specializes in white-collar and computer-related crime. It also makes detecting a theft difficult, he says. "IF you change a record book, you leave a trail, but this is not so with computers."

The case in the Los Angeles bank was discovered by accident, says an assistant US attorney there. And some lawyers and computer crime experts charge that nearly all such crimes are found by accident, not by systematic checks. some criminals have continued undetected for years, often taking more than a million dollars.

Crimes committed by computer almost always involve more money than other crimes, says Herbert Edelhertz, director of the National Centre for White Collar Crime in Seattle.

In perhaps the most spectacular computer heist yet, an employee at a California bank was arrested last year for transferring $10.2 million into a Swiss account. The bank conceded it had not missed the money, and the crime was discovered because of a tip.

Banks are required by chartering laws to report losses, but many other companies shy away from the bad publicity. "White-collar crimes . . . are not always reported when discovered because a company wants to preserve its reputation for good management,' says Mr. Edelhertz.

A Plymouth, Mich., business consultant says that a year and a half ago he was called in to "mop up" a large corporation where an employee had used computers to steal inventory. The loss was more than $1 million.

The consultant, Jack Bologna, says that insurance covered the loss and the company managed to keep the crime a secret from its sockholders. If the company is big enough, he says, $1 million or even $20 million is not a major loss.

One key to controlling the losses is tighter management and better auditing.

Steven Ross, president of EDP (Electronic Data Processing) Auditors Association, says that his group teaches technology. Many of its members now serve on company committees that set up computer programs.

Mr. Ross takes issue with charges that computer crime is rampant. "I think that computer crime has been an overstated issue," he says. "A lot of alarmists are going around saying there's a possibility of a million a minute."

Most companies now have established controls, says Ross, and the newsmaking crimes are the exceptions -- the fish that escape the net. The greatest losses come from errors, not crime, he says.