Skip to Main Content
Article navigation
Volume 27, Issue 1
27 February 2019
Information and Computer Security Cover Image for Volume 27, Issue 1
Case Report| February 11 2019

Customer data security and theft: a Malaysian organization’s experience Available to Purchase

Mohd Aizuddin Zainal Abidin;
Mohd Aizuddin Zainal Abidin
Faculty of Accountancy,
Universiti Teknologi MARA
, Shah Alam, Selangor,
Malaysia

Mohd Aizuddin Zainal Abidin received his master’s degree in Aaccountancy from University Teknologi MARA, Malaysia. He has many years of experience in accounting and auditing in public and private international organizations.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Anuar Nawawi;
Anuar Nawawi
Faculty of Accountancy,
Universiti Teknologi MARA
, Shah Alam, Selangor,
Malaysia

Anuar Nawawi is a Lecturer at the Faculty of Accountancy, Universiti Teknologi MARA, Malaysia. He received PhD in Commerce (Accounting) from the University of Adelaide, South Australia. He also holds a professional qualification of the Chartered Institute of Management Accountants (Passed Finalist), an affiliate Registered Financial Planner and a master’s degree in Accounting (with distinction) from Curtin University of Technology, western Australia. He has taught a variety of courses centered on the accountancy discipline. Among them are financial accounting, auditing, management accounting, taxation, financial management, strategic management, computerized accounting and research methodology. His research interests are diverse, including areas such as management accounting, strategic management, forensic accounting and corporate governance.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Ahmad Saiful Azlin Puteh Salin
Ahmad Saiful Azlin Puteh Salin
Faculty of Accountancy,
Universiti Teknologi MARA
, Perak,
Malaysia

Ahmad Saiful Azlin Puteh Salin is a Senior Lecturer at the Faculty of Accountancy, Universiti Teknologi MARA Perak Branch Tapah Campus. He received PhD in corporate governance and ethics from the Edith Cowan University, Australia. He also a Fellow Member of the Association of Chartered Certified Accountant, UK (ACCA, UK), a full member of Malaysian Institute of Accountants (MIA) and a member of Malaysian Insurance Institute (MII) and Qualitative Research Association of Malaysia (QRAM). He has taught a variety of courses in corporate governance, business ethics, taxation, financial accounting and reporting, management accounting, costing and integrated case study. His research interests focus primarily in the field of governance, Islamic and business ethics, financial reporting, management, accounting education, SMEs and public sector accounting. He published many articles in local and international journals and was appointed as a reviewer in several international journals and conferences.

Ahmad Saiful Azlin Puteh Salin can be contacted at: ahmad577@perak.uitm.edu.my
Search for other works by this author on:
This Site
PubMed
Google Scholar
Author & Article Information
Ahmad Saiful Azlin Puteh Salin can be contacted at: ahmad577@perak.uitm.edu.my
Publisher: Emerald Publishing
Received: April 07 2018
Revision Received: June 29 2018
Accepted: June 30 2018
Online ISSN: 2056-497X
Print ISSN: 2056-4961
© Emerald Publishing Limited
2019
Emerald Publishing Limited
Licensed re-use rights only
Information and Computer Security (2019) 27 (1): 81–100.
https://doi.org/10.1108/ICS-04-2018-0043
Article history
Received:
April 07 2018
Revision Received:
June 29 2018
Accepted:
June 30 2018
Purpose

This study aims to identify weaknesses in current internal control systems in protecting customer data and the drivers that motivate employees to steal customer data and the impact of customer data theft on the organization.

Design/methodology/approach

A case study approach was taken to investigate and analyze internal control system weaknesses. One organization that involved investor and treasury services was selected as a case study in this research. A mixed method of data collection, specifically survey questionnaires and observations, was used.

Findings

This study revealed that employees are aware of the policy to protect customer data in their organization. Ironically, customer data theft still occurred despite the company having an internal control system. The main concern was the attitude of the employees to adhere to the policies in place, which becomes the major cause of internal control violation. Employees tend to ignore policies and standard operating procedures, providing opportunities for data theft and fraud to occur, although they realize this will result in a severe impact on the reputation of a company.

Research limitations/implications

The results provide further confirmation of the fraud triangle theory, i.e. opportunity on the possible causes of the data theft and fraud, supporting prior empirical research and surveys conducted by researchers and global professional firms on fraud. This study, however, was conducted on only one organization with limited participation from employees because of the sensitivity of the nature of the topic.

Practical implications

This study provided recommendations that can be a reference for companies and regulatory bodies in preventing customer data theft cases, such as regular training and awareness campaigns to the staff, stringent recruitment policies, close monitoring on the accessibility of customer data and continuous use of advanced technology to prevent a data breach.

Originality/value

This study is original, as it focuses on an organization that operates in the financial services industry, which is one of the most attacked sectors for data theft and cybercrime activity globally. Furthermore, this kind of research is rare in fraud literature, particularly in developing markets such as Malaysia. The findings of this study are inferred from the direct observation of the organizational and employee work environments, activities and behaviors, which are private and confidential and difficult to access by researchers for publication in academic journals.

Keywords:
Malaysia, Internal control, Customer information
© Emerald Publishing Limited
2019
Emerald Publishing Limited
Licensed re-use rights only
You do not currently have access to this content.
Don't already have an account? Register

Purchased this content as a guest? Enter your email address to restore access.

Please enter valid email address.
Email address must be 94 characters or fewer.
Pay-Per-View Access
$41.00
Rental
This article is also available for rental through DeepDyve. Read this now at DeepDyve
4,549 Views
16 Crossref
View Metrics
A Reward-Driven bloom’s taxonomy framework for cybersecurity awareness: integrating cognitive learning with gamification principles
Determinants of the acceptance of cybersecurity chatbots: an extended protection motivation perspective
Evaluating cyber resilience frameworks for e-government: applicability of NIST CSF, ISO/IEC 27001 and COBIT 2019 in developing country contexts
Everyday tracking and extraordinary harm: item finder misuse in digital coercive control

Suggested Reading

Exploration of internal service systems using lean principles
Management Decision (June,2006)
Internal control and employees’ occupational fraud on expenditure claims
Journal of Financial Crime (July,2018)
Internal controls and fraud – empirical evidence from oil and gas company
Journal of Financial Crime (October,2016)
Determinants of internal control characteristics influencing voluntary and mandatory disclosures: A Malaysian perspective
Managerial Auditing Journal (January,2010)
Customer knowledge management and the strategies of social software
Business Process Management Journal (February,2011)

Related Chapters

Internal Control, Corporate Life Cycle, and Firm Performance
The Political Economy of Chinese Finance
The Role of Auditing in the Management of Corporate Fraud
Ethics, Governance and Corporate Crime: Challenges and Consequences
Effectiveness of Internal Control Systems of Listed Firms in Ghana
Accounting in Africa

Recommended for you

These recommendations are informed by your reading behaviors and indicated interests.

Cited By

Google Scholar
CrossRef (16)
This Feature Is Available To Subscribers Only

or Create an Account

Close Modal
Close Modal