ISSN 0718-3291 Versión Impresa

ISSN 0718-3305 Versión en línea

Volumen 16 N° 2, Julio - Septiembre 2008

pdf Índice

Extendiendo el modelo e-SCARF de detección de fraude en sistemas de comercio electrónico


Francisco Arias              Narciso Cerpa


1 Facultad de Ingeniería. Universidad de Talca. Merced 437. Curicó, Chile. E-mail:

2 Facultad de Ingenieria. Universidad de Talca. Merced 437. Curico, Chile. E-mail:


En este trabajo se extiende un modelo existente de deteccion de fraude, denominado SCARF, el cual esta basado en una tecnica de auditoria concurrente que consiste en la insercion de rutinas de auditoria dentro de un programa de aplicacion, en este caso un sistema de comercio electronico. Estas rutinas capturan datos de las transacciones electronicas y son comparados con reglas que un usuario auditor ha definido previamente para detectar posibles transacciones fraudulentas.

Para extender el modelo se incorporan como requerimientos la evaluacion y sugerencias que un conjunto de 15 auditores realizaron a una segunda version del modelo, denominada e-SCARF, asi como tambien se incluyen mejoras propuestas por los autores de este trabajo. Para validar el modelo extendido, este se ha implementado para que funcione en conjunto con una plataforma de comercio electronico de pruebas y un conjunto de usuarios de distintos paises han realizado la simulacion de compras en dicha tienda.

El producto principal de este trabajo es un modelo extendido, mas robusto en sus funcionalidades que sus antecesores, con cambios en la estructura de datos, y nuevos operadores de reglas. Otro producto es el prototipo que lo implementa para una plataforma de comercio electronico actual.

Palabras clave: Fraude en comercio electronico, venta en linea, deteccion de fraude, fraude en Internet, tecnicas de auditoria.


In this work we extend a fraud detection model, called SCARF, which is based on a concurrent auditing technique that consists of inserting auditing procedures within an application program; in this case, an electronic commerce system. These procedures undertake the capture of electronic transactions data, which is compared with rules that are previously defined by an auditor with the purpose of detecting fraudulent transactions.

To extend this model, we have a set of some requirements: 1) suggestions from a group of 15 auditors that evaluated the second version of this model, called e-SCARF; 2) improvements proposed by the authors of this work. To evaluate the extended model, we have implemented it together with a testing electronic commerce platform. A set of clients from different countries has tested the model by simulating purchases from a store in the electronic commerce platform.

The result of this work is a validated extended model, with more functionalities than its previous versions, changes in the data structure and new operating rules. Another effect is the prototype that implements the model for a current electronic commerce platform.  

Keywords: E-commerce fraud, on-line sales, fraud detection, Internet fraud, auditing techniques. 



[1] B. Anderson, J. Hansen, P. Lowry and S. Summers. "Model checking for e-commerce control and assurance". IEEE Transactions on Systems. Man and Cybernetics. Vol. 35 Nº 3. 2005. 

[2] T. P. Bhatla, V. Prabhu and A. Dua. "Understanding credit card frauds". Cards Business Review 1. Tata Consultancy Services. June 2003. 

[3] R. Bolton and D. Hand, "Statistical Fraud Detection: A Review".  Statistical Science, Vol. 17 Nº 3, pp. 235-255. August 2002. 

[4] P. Burns and A. Stanley. "Fraud management in the credit card industry". SSRN eLibrary. 2002. 

[5] N. Cerpa and R. Jamieson. " A security, trust and assurance research framework for electronic commerce". IFIP TC8 Working Conference on E-CommerceE-Business. September 2001. 

[6] N. Cerpa. "Mapping object-oriented model into a relational model". Encyclopedia of Library and Information Science, pp. 1770–1777. 2003. 

[7] M. V. Cerullo and M. J. Cerullo. "Impact of sas no.94 on computer audit techniques". Information Systems Control Journal. Vol. 1. 2003. 

[8]  R. Clarke. "Promises and Threats in Electronic  Commerce". 1997. Fecha de consulta: 30 de enero de 2007. URLs: 

[9]  G.B. Davis, D.L. Adamas and C.A. Schaller. "Auditing and EDP". 2nd edition. American Institute of Certified Public Accountants, pp. 253-265. 1983. 

[10] G.A. Delzoppo, M. Mulholland and D.B. Hibbert. "A Novel Application of Ripple Down Rules to Selecting a Method of Chemical Analysis for a Variety of Chemicals and their Sample Matrices", pp. 2-6. 1993. 

[11] G. Dionne, F. Giuliano and P. Picard. "Optimal auditing for insurance fraud". SSRN eLibrary. 2003. 

[12] Z. Ferdousi and A. Maeda. "Anomaly Detection Using Unsupervised Profiling Method in Time Series Data". ADBIS Research Communications. 2006. 

[13] G. Gay and R. Simmett. "Auditing and Assurance Services In Australia". McGraw-Hill. 2000. 

[14] G. Helms and J. Mancino. "The electronic auditor". Journal of Accountancy. Vol. 185 Nº4, pp. 45-48. April 1998. 

[15] C.L. Huang, M.C. Chen and C.J. Wang. "Credit scoring with a data mining approach based on support vector machines". Expert Systems with Applications. August 2007. 

[16] K. Jamal, S. Grazioli and P. Johnson. "A cognitive approach to fraud detection". SSRN eLibrary. 2006. 

[17] J. Kim, A. Ong and R. Overill. "Design of an artificial immune system as a novel anomaly detector for combating financial fraud in the retail sector". The 2003 Congress on Evolutionary Computation. 2003. 

[18] S. Loh. "Using continuous assurance to detect fraud in e-commerce transactions". Thesis (hons). The University of New South Wales. School of Information Systems. Technology and Management. Sydney. 2002. 

[19] B. Macklin. "E-commerce at what price?". Privacy protection in the information economy. SSRN eLibrary. 1999. 

[20] W.C. Mair, D.R.M. Wood and K.W. Davis. "Computer Control and Audit". 2nd edition. The Institute of Internal Auditors, pp. 143-146, 419-420. 1978. 

[21] D. Michaud, C. Dutton and K. Magaram. "Empowering board audit committees: Electronic discovery to facilitate corporate fraud detection". SSRN eLibrary. 2006. 

[22] L.C. Mohrweis. "Usage of concurrent EDP audit tools". The EDP Auditor Journal. Vol. 3, pp. 49-54. 1988. 

[23] B. Ng and K. Wong. "An audit review system for electronic commerce". Thesis (hons). The University of New South Wales. Schools of Electrical Engineering and Computer Science and Engineering, Sydney. 1999. 

[24] C. Phua, V. Lee, K. Smith-Miles and R. Gayler. "A Comprehensive Survey of Data Mining-based Fraud Detection Research". Clayton School of Information Technology. Monash University. 2005. 

[25] M. Plonien. "Electronic commerce on the internet". The CPA Journal. Vol. 68 Nº 5, pp. 82-84. May 1998. 

[26] A. Reinstein and M. Bayou. "A comprehensive structure to help analyze, detect and prevent fraud". SSRN eLibrary. 1999. 

[27] R.S. Sriram and G.E. Sumners. "Understanding Concurrent Auditing Techniques". EDPACS, pp. 1-8. 1992. 

[28] Y.H. Tan and W. Thoen. "An Outline of a trust model for electronic commerce". Applied Artificial Intelligence. Vol. 14, pp. 849-862. 2000. 

[29] R. Weber. "EDP Auditing: Conceptual Foundation and Practice". 2nd edition. McGraw Hill, pp. 751-785. 1998. 

[30] K. Wong, B. Ng, N. Cerpa and R. Jamieson. "An Online Audit Review System for Electronic Commerce". Proceedings of the 13th Bled Electronic Commerce Conference 2000. Bled. Slovenia. June 20-23. 2000.



Otros Artículos

# Título Ver
Asignación de supervisores forestales: resolución mediante un algoritmo tabu search (2008)
Lorena Pradenas Rojas, Samuel Hidalgo Tapia, Magdalena Jensen Castillo
Determinación de la confiabilidad en interruptores de potencia: caso de estudio (2013)
Israel Gondres Torné, Raúl Báez Prieto, Santiago Lajes Choy, Alfredo del Castillo Serpa
Monitoreo, control y diagnóstico en bancos de capacitores automáticos en baja tensión (2018)
William Yero Peña, Leuber Rosa Rodríguez, Julio Ramírez Bient, Pedro García León

Desarrollado por: Cristian Díaz Fonseca -