The Assets Are Virtual but the Behavior Is Real: An Analysis of Fraud in Virtual Worlds and Its Implications for the Real World. Authors: Dilla, William N.1Harrison, Andrew J.1Mennecke, Brian E.1Janvrin, Diane J.1 Source: Journal of Information Systems. Fall2013, Vol. 27 Issue 2, p131-158. 28p. 1 Diagram, 3 Charts. Document Type: Article Subject Terms: *Assets (Accounting)*Accounting fraud*Estimation theory*Risk management in business*Corporate cultureVirtual reality Author-Supplied Keywords: corporate asset theftfraud diamondfraud risk managementfraud triangleidentity theftinvestment fraudvirtual assetsvirtual worlds Abstract: Virtual worlds are computer-generated, immersive environments where participants interact with others while engaging in social, entertainment, and economic endeavors. To illustrate how virtual worlds can be used to study fraud, we examine documented virtual world fraud cases using the ”fraud diamond” model (Wolfe and Hermanson 2004). Our findings have real-world implications regarding the causes and prevention of fraud. They include: (1) perpetrator motivations often include nonmonetary achievement and manipulation, as well as financial gain, (2) fraud victims tend to have misplaced trust and overestimate the capability of fraud prevention governance mechanisms, (3) participant-designed record-keeping systems may protect corporate assets from theft, and (4) virtual worlds may serve as a laboratory for evaluating risk management strategies. We also identify future research questions related to these issues. This research illustrates how parallels between fraudulent behaviors in virtual and real worlds can advance our understanding of fraud antecedents. [ABSTRACT FROM AUTHOR] Copyright of Journal of Information Systems is the property of American Accounting Association and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder’s express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) JOURNAL OF INFORMATION SYSTEMS American Accounting Association Vol. 27, No. 2 DOI: 10.2308/isys-50571 Fall 2013 pp. 131–158 The Assets Are Virtual but the Behavior Is Real: An Analysis of Fraud in Virtual Worlds and Its Implications for the Real World William N. Dilla Andrew J. Harrison Brian E. Mennecke Diane J. Janvrin Iowa State University ABSTRACT: Virtual worlds are computer-generated, immersive environments where participants interact with others while engaging in social, entertainment, and economic endeavors. To illustrate how virtual worlds can be used to study fraud, we examine documented virtual world fraud cases using the ‘‘fraud diamond’’ model (Wolfe and Hermanson 2004). Our findings have real-world implications regarding the causes and prevention of fraud. They include: (1) perpetrator motivations often include nonmonetary achievement and manipulation, as well as financial gain, (2) fraud victims tend to have misplaced trust and overestimate the capability of fraud prevention governance mechanisms, (3) participant-designed record-keeping systems may protect corporate assets from theft, and (4) virtual worlds may serve as a laboratory for evaluating risk management strategies. We also identify future research questions related to these issues. This research illustrates how parallels between fraudulent behaviors in virtual and real worlds can advance our understanding of fraud antecedents. Keywords: fraud triangle; fraud diamond; investment fraud; corporate asset theft; identity theft; fraud risk management; virtual worlds; virtual assets. We acknowledge helpful comments from anonymous reviewers, Rob Pinsker, Chad Simon, and participants at the Fraud in Accounting, Organizations, and Society workshop, 2011 American Accounting Association Annual Meeting, and Purdue University and University of Nevada, Las Vegas Accounting Research workshops. Editor’s note: Accepted by Miklos A. Vasarhelyi. Published Online: July 2013 131 My IPO where I raised $50 billion ISK in exchange for the future promise of my stuff was a scam. I’m not parting with all my stuff … I have a really cool shirt that says on the front, ‘‘Social Engineering Specialist’’ and on the back reads, ‘‘Because there is no patch for human stupidity.’’ I wear it a lot. —Dax (2009) Curzon Dax, a player who perpetrated a $10,000 fraud in EVE Online1 I. INTRODUCTION This quote tells us about the attitudes and perspectives of the perpetrator—either online or offline, he sees an opportunity for fraud because the perceptions and behaviors of fraud victims cannot be ‘‘patched.’’ Whether one considers human behavior in ‘‘real’’ life or in virtual worlds like EVE Online, the fact is that fraud is a common component of market activities and we can learn about the antecedents and consequences of fraud by examining the attitudes and behaviors of virtual world participants.2 Virtual worlds are popular, boasting over 100 million users monthly and generating more than $4 billion in subscription revenue annually (Public Interest Advocacy Centre [PIAC] 2011, 4). Depending on the structure of a given virtual world, participants may accumulate virtual assets by building and running a business to sell wares or services, by engaging in battle with other users to seize their property, or in some cases, by deceiving others to misappropriate their virtual property. In many cases, participants in virtual worlds such as EVE Online, Second Life, and World of Warcraft invest considerable effort to acquire or develop their virtual assets (Dibbell 2003, 2004; Westbrook 2006). Regardless of their structure or the rules by which they are governed, virtual worlds are more than simple entertainment and may contain robust economies where trading of property or assets takes place (Kirkpatrick 2007). Indeed, Reeves and Read (2009) argue that virtual worlds incorporate a wide range of substantive real-world work activities and suggest that the behaviors, institutions, and technical features associated with virtual worlds will increasingly become part of the real-world work environment. Social science researchers recognize that because virtual worlds are large-scale, complex, and sophisticated environments frequented by thousands of people, many characteristics of virtual worlds parallel those present in the real world. As a result, in cases where virtual world environments and institutions parallel the real world, observations of behavior in virtual worlds may provide insights into real-world behaviors and institutions (Bainbridge 2007; Williams 2010).3 In particular, because virtual worlds incorporate economic activity and, in many cases, information systems for keeping track of such activity, they provide a rich environment for archival studies of fraudulent behavior. Indeed, features of virtual worlds make possible research that would be difficult or impossible in the real world. Each virtual world’s Terms of Service (TOS) spells out the terms under which its proprietor grants access to that world (e.g., Second Life 2013a). For example, many virtual world 1 EVE Online is one of several virtual worlds where users assume an online game identity and interact, socialize, conduct business, and engage in a variety of goal-directed activities. ISK (Interstellar Kredits) is EVE Online’s virtual currency. $10,000 is the estimated real-world value of $50 billion ISK in U.S. dollars. 2 Fraud is ‘‘a representation about a material point, which is false, and intentionally or recklessly so, which is believed and acted upon by the victim to the victim’s damage’’ (Albrecht et al. 2012, 7). This definition is consistent with our examination of fraud involving both virtual and real-world assets, as well as with differences between virtual and real-world regulations. 3 Observation and analysis of virtual world behaviors closely parallels the research technique of ‘‘netnography,’’ or analysis of online communications among groups of consumers (Kozinets 2002). Jeacle and Carter (2011) have applied this technique to the accounting domain in their analysis of TripAdvisor postings, which shows how an Internet-mediated abstract system can draw on calculative practices to construct trust. 132 Dilla, Harrison, Mennecke, and Janvrin Journal of Information Systems Fall 2013 TOS restrict the conversion of virtual assets into real assets (Castronova 2004; Bloomfield and Rennekamp 2009). As a result, financial incentives may be less important than a perpetrator’s desire for achievement or for social manipulation, which can facilitate examining non-financial motivations for fraud (Yee 2006a). Additionally, virtual worlds can provide insight into a victim’s motivation to engage in transactions that turn out to be fraudulent because, unlike in the real world, fraud victims in virtual worlds are often willing to share their experiences (e.g., Egan 2009a; EVE Online Forum 2010). Furthermore, virtual world regulatory environments are dynamic, often changing more quickly than their real-world counterparts (Harrison et al. 2013). This allows researchers to observe and, in some cases, test how opportunities for fraud change when, for example, proprietors implement new regulations and interventions intended to prevent fraudulent activity. As a result, virtual worlds offer greater transparency and higher velocity, both of which enable researchers to observe causes and effects unobtrusively and in a timely manner (Williams 2010). While there is much to be learned from observing the conditions under which fraud involving virtual assets may occur, it is also important to consider the possibility that virtual world participants’ real-world assets may be at risk. The possibility that participants may lose real-world assets through fraudulent activity detracts from the virtual world ‘‘marketable experience,’’ and can limit the virtual world proprietor’s ability to generate additional revenue or expose the proprietor to legal liability. Thus, it is also important to understand the circumstances under which virtual world participants might be exposed to real asset loss from fraud and describe the strategies that virtual world proprietors use to address this risk. The objective of this paper is to analyze and explain the phenomenon of virtual world fraud and how it relates to the real world.4 This analysis and explanation uses the ‘‘fraud diamond’’ (Wolfe and Hermanson 2004) as a theoretical lens (see Figure 1).5 The fraud diamond indicates that fraud is likely to occur in a virtual world environment when a virtual world participant has the motivation to commit fraud, weak controls or oversight provide the opportunity to commit fraud, and the participant can rationalize the fraudulent act. Additionally, the virtual world participant must have the capability of committing the fraud. This capability may consist of personal traits, such as the ability to manipulate a victim into erroneously believing that he/she is worthy of being trusted, or technical knowledge, such as an understanding of how to exploit weaknesses in rules governing virtual world transactions or economic institutions. The analysis presented in the paper also incorporates social science research on virtual worlds. Specifically, it utilizes Yee’s (2006a, 2006b) research into the psychology of virtual world participation to understand virtual world fraud perpetrators’ and victims’ non-monetary motivations. It also integrates descriptions of virtual world economic (Bloomfield and Rennekamp 2009; Castronova 2004) and socio-regulatory (Harrison et al. 2013) institutions to investigate how virtual world fraud opportunities might be similar to, or different from, the real world. The paper reports and analyzes details of 20 cases of virtual world fraud. The analysis provides four insights into the fraud diamond’s components that are relevant to examining real-world fraud. First, non-monetary achievement (i.e., attainment of goals and accumulation of items that confer power) and manipulation (i.e., deceiving and dominating other participants for one’s own enjoyment) motivations (Yee 2006b) appear to be as prominent in virtual worlds as is financial pressure in 4 Gregor (2006) describes five types of theories in information systems research: (1) analysis, (2) explanation, (3) prediction, (4) explanation and prediction, and (5) design and action. According to Gregor’s (2006, 620) taxonomy, this paper provides an explanation theory, as it says ‘‘what is, how, why, when, and where,’’ with respect to virtual world fraud. It provides explanations, but does not aim to predict with any precision. 5 The fraud diamond is used in this analysis instead of the fraud triangle (Loebbecke et al. 1989; AICPA 2002; Hogan et al. 2008; Cohen et al. 2011; Trompeter et al. 2013), because perpetrator capabilities are often important in virtual world fraud cases. This finding complements recent practitioner observations that non-financial factors, such as career advancement and a sense of entitlement, are important motivators of fraud in real-world contexts (Center for Audit Quality [CAQ] 2010; Dorminey et al. 2011, 2012). Second, virtual world fraud victims often overestimate the ability of governance mechanisms to prevent fraud and tend to have misplaced trust, which suggests that similar victim characteristics may factor into real-world fraud. Third, participant-designed record keeping systems and resource allocation schemes appear to be important in building trust and protecting the assets of virtual organizations. Examining how these information and control systems shape participants’ attitudes and behaviors may provide practical insights that can aid in the design of real-world accounting and control systems. Finally, there is considerable variability in how virtual world proprietors manage fraud risk. Learning more about the factors that shape virtual world fraud risk management strategies is important, as real-world business environments incorporate more virtual world features (Reeves and Read 2009). The remainder of the paper proceeds as follows. Section II describes the characteristics of virtual worlds and their economies. Section III describes the methods used to identify cases of fraud that have occurred in prominent virtual environments, and Section IV presents a description of these cases. Section V presents an analysis of the cases using the fraud diamond. The final section identifies opportunities for future research about fraud in virtual worlds and describes the implications of this research for learning more about real-world fraud prevention. FIGURE 1 The ‘‘Fraud Diamond’’ Adapted From Wolfe and Hermanson (2004). 134 Dilla, Harrison, Mennecke, and Janvrin Journal of Information Systems Fall 2013 II. CHARACTERISTICS OF VIRTUAL WORLDS Characteristics of Virtual World Participants While the popular press perpetuates a stereotype of Internet and video game participants as adolescents who prefer to engage in violent games (e.g., Holtz and Appel 2010), Yee’s (2006b) survey of Massively Multi-player Online Role-Playing Game (MMORPG) participants describes a different picture. While 85 percent of Yee’s (2006b) respondents were male, his results contradict the stereotype of virtual worlds as an adolescent domain, given that the average age of respondents was 26.6 years, with a range between 11 and 68. Further, 50 percent of respondents worked full time. Given that at least half of virtual world participants are working adults who use their discretionary time to engage in virtual world activities, it is important to consider the motivations that ‘‘drive’’ these users and the potential economic consequences. Yee (2006a, 2006b) identifies five non-monetary factors—achievement, manipulation, relationship, immersion, and escapism—that motivate individuals to participate in MMORPGs (see Table 1). These five factors can individually, or in combination, influence users to participate in one or more virtual world activities. The virtual assets that facilitate achievement in virtual worlds such as EVE Online and World of Warcraft, often take considerable effort to build or acquire, and confer status or power to individuals who possess them (Dibbell 2003, 2004; Westbrook 2006). As is the case in the real world, a common motivation for fraudulent activity in a virtual world relates to a participant’s desire to build his or her virtual asset balances more quickly. Alternatively, a perpetrator with a strong manipulation motivation objectifies others and derives pleasure from deceiving, taunting, and scamming victims (Yee 2006a). Individuals with an inclination toward these behaviors may engage in fraudulent activity in order to dominate other participants. Similarly, a virtual world participant with a strong achievement motivation is likely to become a victim of fraudulent solicitations that promise easy advancement or accumulation of virtual assets. Many virtual items are difficult to obtain and promises of these rare and valuable items can be used to appeal to the naı¨ve, greedy, or desperate. Finally, an individual who possesses a strong desire to develop meaningful virtual world relationships may be more likely to put misplaced trust in fraud perpetrators. Consequently, the motivations of both perpetrators and victims are critical for understanding virtual world interaction and behaviors. TABLE 1 Yee’s (2006b) Participant Motivations Model Factor Description Achievement Desire to become powerful in the context of the virtual environment through the achievement of goals and accumulation of items that confer power. Manipulation Objectify other users and manipulate them for one’s personal gain and satisfaction. Enjoy deceiving, scamming, taunting, and dominating other users. Relationship Desire to interact with others, willingness to form meaningful relationships that are supportive in nature, willingness to disclose real-life problems and issues. Immersion Enjoy being in a fantasy world and being ‘‘someone else.’’ Enjoy storytelling aspects of virtual world and creating ‘‘history’’ for their avatar. Escapism Use the virtual world to temporarily avoid, forget about, and escape from real-life stress and problems. Characteristics of the Transaction Space Users of virtual worlds ‘‘inhabit’’ virtual spaces using embodied representations called avatars to interact and carry out transactions with others.6 Because each virtual world proprietor sets the rules that define how a user’s avatar is allowed to interact with other participants, the features of the transaction space can be quite diverse. A particularly important feature with respect to analyzing fraudulent behavior is whether the environment’s TOS allows users to convert virtual assets to real assets (Bloomfield and Rennekamp 2009; Castronova 2004; Mennecke et al. 2007). Closed games like World of Warcraft and EVE Online have TOS that restrict the direct conversion of virtual assets into real-world currency (Blizzard Entertainment 2012; EVE Online 2012). On the other hand, open games like Second Life allow participants to trade in-world assets for assets outside of the virtual world using a currency exchange, such as Second Life’s LindeX (Second Life Wikia 2011). Individuals can earn substantial real-world wealth in environments that allow virtual assets to be converted into real-world currency (Freedman 2008; Papagiannidis et al. 2008).7 Virtual world proprietors also have the discretion to determine which fraudulent acts are allowed according to their TOS. In EVE Online, participants are informed that it is permissible ‘‘when someone takes advantage of your misplaced trust, temporary confusion, or ignorance of game rules, and robs you via legal in-game means’’ (EVELopedia 2012a).8 It is only when a participant converts virtual assets acquired through fraudulent activity into real currency that he/she is subject to sanctions by the virtual world proprietor. In such cases, the proprietor punishes the TOS violation (i.e., converting virtual assets to real currency), not the fraudulent act that was committed within the virtual world. As a result, actions analogous to those that are illegal in the real world may be allowed, and indeed encouraged, in the virtual world as long as the assets garnered from the fraudulent acts remain within the virtual environment. III. CASE IDENTIFICATION AND SELECTION Similar to earlier studies of online deception (Grazioli and Jarvenpaa 2003) and fraudulent financial reporting (Cohen et al. 2011), we identified and analyzed publicly available information regarding actual frauds. An Internet-based search was used to identify virtual world fraud cases, first searching three conventional article indices (ABI/Inform, Google Scholar, and LexisNexis), then using a web search engine to search and identify sources likely to contain information about virtual world fraud (i.e., sites such as massively.com, Technorati, and virtual world message boards). The keywords ‘‘virtual,’’ ‘‘virtual world,’’ ‘‘virtual fraud,’’ ‘‘fraud,’’ ‘‘virtual theft,’’ ‘‘theft,’’ ‘‘con,’’ and ‘‘scam’’ were used. Cases were corroborated through multiple news articles, legal documents, research papers, blogs, or original posts made by participating individuals or organizations. Cases that could be traced back to an edited news source, legal documents, or a first-person account of the incident were included, and cases that were hypothetical or vaguely described were deleted. In accordance with the methodology used by Grazioli and Jarvenpaa (2003), the following criteria were used to filter the cases: 6 Avatars can take on many different representations such as idealistic humanoid forms (an elf, a dwarf, a superhero, etc.), animals (a bear, a dog, an alien, etc.), or inanimate objects (a spaceship, a car, a credit card, etc.). 7 The open/closed distinction exists along a continuum. For example, EVE Online, an otherwise closed game, allows limited trading of the game’s currency (Interstellar Kredits or ISK) for game time, which has a real-world value (Drain 2010a). 8 At the same time, the use of exploits, or taking advantage of others through bypassing normal game mechanics, such a utilizing a bug in the game, is expressly forbidden in EVE Online and other virtual worlds (EVELopedia 2012a). Two parties were in a conflict of interest. An exchange took place that dealt with the possession or acquisition of virtual world assets. The deceiver made a misrepresentation (i.e., a deceptive act) that gave him/her an unfair advantage over the target or targets. The deceptive act took place within the boundaries of the virtual world. There were clear indications that the case actually occurred. The case was sufficiently described to accurately categorize in our framework. The initial search identified 41 cases of apparent virtual world fraud that occurred between 2004 and 2011. Twenty-one cases were excluded because the deceptive act occurred entirely outside virtual world boundaries, clear indications that the case occurred were not present, or the case was not sufficiently described.9 IV. CASE DESCRIPTIONS The 20 identified cases are classified into four categories: (1) fraudulent activities in virtual world markets (seven cases), (2) theft of corporate assets (three cases), (3) identity theft (five cases), and (4) software exploits (five cases). The first category maps onto the real-world fraud category of investment scams, where overvalued or non-existent investments are sold to unsuspecting investors (Albrecht et al. 2012). Theft of corporate assets maps onto the real-world category of employee embezzlement. Identity theft is one of the most commonly reported types of online consumer fraud (National White Collar Crime Center [NW3C] 2012). Software exploits are part of the broad category of hacking, or ‘‘the unauthorized access, modification, or use of … some element of a computer system’’ (Romney and Steinbart 2012, 149). Table 2, Panel A lists the cases involving fraud in virtual world markets.10 The first four cases (i.e., EIB, Ginko Financial, Curzon Dax, and Phaser, Inc.) are similar to real-world Ponzi schemes, where operators of a virtual world bank or investment fund promised high returns to investors, but at some juncture quickly closed operations and absconded with the remaining virtual currency. The Second Life Capital Exchange (SLCapEx) was a stock exchange owned and operated by Second Life participants. Bloomfield and Cho (2011) provide evidence suggesting that CEOs, who raised large amounts of capital in the SLCapEx while it was in operation, appropriated invested assets for their own use. The CEOs may also have colluded with large investors to take advantage of smaller investors by making it appear as if the firms represented an attractive investment. The remaining two market fraud cases involve the purchase and sale of virtual land in Second Life. A Second Life participant, Marc Bragg, figured out how to illegally purchase Second Life land before these properties went up for auction, which allowed him to acquire the land for a price well below market value (Anderson 2006; Craig 2006). Second Life participant, Juggernaut Stoklitsky, used a weakness in Linden Lab’s land transfer procedures to sell the same piece of land six times (Nino 2007). He immediately converted the proceeds into real-world cash, or in some cases, received payment from victims through real-world transfers (i.e., PayPal). 9 Two types of cases where the deceptive act took place outside the boundaries of the virtual world were excluded. First, cases where a perpetrator claimed to have virtual world assets to sell online, but failed to deliver the assets after receiving money from the victim were excluded (Collington 2010; Holisky 2010), since all of the interaction between the perpetrator and the victim took place online outside of a virtual world. Thus, these cases fall into the broader category of consumer deception on the Internet (Grazioli and Jarvenpaa 2003; Nikitkov et al. 2011). Second, cases where virtual worlds were used to launder money derived from illegal activities (Monroe 2007; Muttik 2008; Storm 2011) were excluded. virtual world money laundering is a serious and significant criminal activity; however, the funds only pass through the virtual world—the criminal activities associated with the money laundering activity occur in a real-world environment. 10 Table 2 contains only brief case descriptions. Detailed case descriptions are available (see Appendix A). An Analysis of Fraud in Virtual Worlds and Its Implications for the Real World 137 Journal of Information Systems Fall 2013 TABLE 2 Virtual World Fraud Cases Panel A: Cases Involving Fraud in Virtual World Markets Reference Virtual World Brief Case Description Google Video (2006), McCarthy (2006), Pollack (2006) EVE Online EVE Intergalactic Bank (EIB): Ponzi scheme where investors were promised a high rate of return, but the bank was closed and the perpetrator kept the game currency in his personal account. Alphaville Herald (2007), Holyoke (2007), Second Thoughts (2007), Hsu (2008), Semuels (2008), Talbot (2008) Second Life Ginko Financial: A bank in Second Life that operated as a Ponzi scheme promising a 40 percent rate of return. Depositors staged a run on the bank when there were insufficient funds being deposited to cover customers’ withdrawals. Dax (2009), Egan (2009a), EVE Online (2009), EVE Online Forum (2010) EVE Online Curzon Dax: EVE Online character Curzon Dax started with a large, apparently legitimate investment scheme. Dax dissolved the fraudulent investment scheme upon leaving the game and distributed all the ill-gotten assets to another participant. Ceino (2011a), Ceino (2011b), Drain (2011) EVE Online Phaser, Inc.: Perpetrators Eddie Lampert and Mordor Exuel ran and actively promoted an investment scheme promising 5 percent weekly returns, until the operators suddenly shut it down, taking the remaining funds. Bloomfield and Cho (2011) Second Life Second Life CapEx (SLCapEx): Evidence suggests that firm CEOs who raised large amounts of capital in the SLCapEx appropriated invested assets for their own use. Anderson (2006), Craig (2006), Walsh (2006), Cheng (2007) Second Life Second Life Land Auction: Second Life participant Marc Bragg bought virtual land by linking to the URL of the auction site before the land went up for auction, thus obtaining it for a price well below market value. Nino (2007) Second Life Juggernaut Stoklitsky: Character Juggernaut Stoklitsky exploited a weakness in Second Life land transfer procedures to sell the same piece of land six times. Panel B: Cases Involving Theft of Corporate Assets Reference Virtual World Case Egan (2009b), Graham (2009) EVE Online Band of Brothers (BOB): A disgruntled director collapsed the BOB alliance and transferred its assets to a rival organization. Drain (2010b), Geere (2010), Lau (2010), Polo (2010) EVE Online Titans 4U: Perpetrator ‘‘Bad Bobby’’ stole all the assets of this large EVE Online investment fund by exploiting weaknesses in the fund’s governance structure. BBC News (2009), Egan (2009c), Ocampo (2009) EVE Online EBank: Bank CEO ‘‘Ricdic’’ stole bank assets by exploiting an internal control feature that gave each director absolute control over a portion of the bank’s assets. (continued on next page) 138 Dilla, Harrison, Mennecke, and Janvrin Journal of Information Systems Fall 2013 TABLE 2 (continued) Panel C: Cases Involving Identity Theft Reference Virtual World Case Sophos (2005) Various Korean MMORPGs Korean MMORPG Hacking (malware): A syndicate of cyber criminals used Trojan horses and other techniques to obtain game participants’ login credentials, then access and steal victims’ in-game assets. Fletcher (2009), Jianwei et al. (2012) Various Chinese MMORPGs Panda Burning Incense (malware): A syndicate of cyber criminals developed and infected victims’ computers with a worm. The worm installed password-stealing Trojan horses, which were used to obtain access to game participants’ virtual assets. BBC News (2007), Sophos (2007) Habbo Hotel Habbo Hotel (phishing): A group of Dutch teenagers set up fake websites to lure the game’s participants into giving up their login credentials. The perpetrators used the credentials to access the participants’ accounts and steal virtual furniture. Barrett (2009) World of Warcraft World of Warcraft (phishing): Victims were directed to a phishing site that mimicked an official World of Warcraft page. Victims’ stolen credentials were used to loot their accounts of virtual goods. Ward (2009) RuneScape RuneScape (phishing): Perpetrators allegedly used phishing emails to collect participants’ login credentials and steal their virtual assets. Brewer (2008), Welsh (2008) Final Fantasy XI Final Fantasy XI (provided password voluntarily): The victim shared his password with the perpetrator, under the assumption that the perpetrator would take care of the victim’s virtual items while he was absent. The perpetrator used the password to steal about $3,800 worth of virtual items from the victim. Panel D: Cases Involving Software Exploits Reference Game Case Knight (2005a) Lineage II Lineage II (exploit): A Chinese exchange student living in Japan used an automated program (i.e., a bot) to ‘‘beat up and rob’’ virtual characters in this game, then exchanged the stolen goods for cash. Knight (2005b), Terdiman (2005) EverQuest II EverQuest II (exploit): A group of participants exploited a weakness in the game’s code to produce large amounts of game currency and sell it for cash. BBC News (2011), Daily Mail (2011), Leyden (2011), Morris (2011) Zynga Poker Zynga Poker Chip Theft (exploit): British hacker Ashley Mitchell funded a gambling addiction by stealing and reselling online gaming chips from Zynga. Leyden (2004), Sophos (2004) Outwar Outwar (botnet): A group of teenagers from the U.K., Canada, and the U.S. distributed the Randex worm to generate clicks and accumulate points in the Outwar role-playing game. Table 2, Panel B lists the three cases involving theft of corporate assets.11 In each identified case, perpetrators were able to circumvent what appeared to be elaborate and effective corporate governance and internal control procedures to steal corporate assets. The Band of Brothers (BOB) asset theft case occurred after a disgruntled director defected to GoonSwarm, a rival organization. Once assured of a safe place within the rival group, the perpetrator exploited a control weakness to steal nearly all of BOB’s assets (Graham 2009), which resulted in the organization’s dissolution. The Titans 4U and EBank frauds were both perpetrated by insiders who were able to act alone to circumvent controls. Table 2, Panel C lists cases involving the use of identity theft to steal victims’ virtual assets. In the Korean MMORPG Hacking case, a group of hackers used Trojan horses and other techniques to steal participants’ login credentials from several popular Korean gaming sites, then access and steal victims’ virtual assets (Sophos 2004). The perpetrators in the Panda Burning Incense case (Fletcher 2009; Jianwei et al. 2012) operated in a similar fashion. Additionally, certain individuals were assigned the responsibility of selling stolen virtual assets on illegal markets and transferring the proceeds back to the lead perpetrators. Three cases (Habbo Hotel, World of Warcraft, and RuneScape) involve using phishing schemes to obtain participants’ credentials and steal their virtual assets.12 Finally, a Final Fantasy XI participant shared his password with another individual who offered to take care of his virtual items. The ‘‘trusted friend’’ instead used the logon credentials to steal the items (Brewer 2008; Welsh 2008). This case is notable because the victim reported the theft to local police, who refused to investigate because they determined that no ‘‘real assets’’ were stolen. The victim was also unsuccessful in his appeals for restitution to the Final Fantasy XI proprietors because he had violated the TOS by sharing his password. Table 2, Panel D lists cases involving exploits (i.e., taking advantage of virtual world code or other control weaknesses) and other schemes. The Lineage II case involved using an automated program to take unfair advantage of other participants and collect their virtual goods (Knight 2005a). The perpetrator in the EverQuest II case generated virtual currency by exploiting a programming code weakness (Knight 2005b). In the Zynga Poker Chip Theft case, the perpetrator generated online gaming chips by posing as a system administrator (BBC News 2011). In all three cases, the perpetrators exchanged the fraudulently obtained virtual currency for cash. Finally, a group of teenagers from the U.K., Canada, and the U.S. distributed the Randex worm to generate clicks and accumulate points in the Outwar role-playing game (Leyden 2004; Sophos 2004). V. CASE ANALYSIS USING THE ‘‘FRAUD DIAMOND’’ Perpetrator Motivations Early research identified non-shareable financial pressure as the primary motivation for fraud, but subsequent analyses suggest a broader set of motivations: Money, Ideology, Coercion, and Ego (or entitlement) (i.e., MICE) (Dorminey et al. 2011, 2012). Money and ego are particularly relevant to virtual world fraud. The money component assumes that some individuals commit fraud for monetary gain, regardless of whether they are experiencing non-shareable financial pressure. The ego or entitlement component of the MICE taxonomy is consistent with two of the factors that 11 In many virtual worlds, participants form organizational structures that are analogous to real-world corporations. Titles for these organizations differ across virtual worlds. They are variously known as ‘‘corporations,’’ ‘‘clans,’’ ‘‘guilds,’’ and ‘‘player associations.’’ 12 Only these phishing schemes are listed because they were the most completely described cases found. There are numerous schemes that attempt to steal users’ virtual world logon credentials. For example, see Johnson (2010) for a list of common World of Warcraft schemes. Motivate participation in virtual worlds (Yee 2006a). The perpetrator may simply be motivated to accumulate virtual currency to further his/her achievement in the virtual world, as opposed to trading the currency for monetary gains. Alternately, a player with a strong manipulation motivation may commit fraudulent acts simply because he/she enjoys deceiving or dominating other users. The following analysis examines monetary and non-monetary motivations for committing virtual world fraud separately. Monetary Two cases clearly involve the ‘‘classic’’ motivation of non-shareable financial pressure. EBank CEO ‘‘Ricdic’’ admitted to stealing a portion of the bank’s assets and converting them to cash because of personal financial pressures (Table 2, Panel B).13 British hacker, Ashley Mitchell, stole and resold online gaming chips from Zynga to support a real-world gambling habit (Table 2, Panel D). The publicly stated motivation in the Ginko Financial case was also financial pressure, as the bank had recently lost its main source of funds and had liabilities to depositors without cash flow to cover these (Table 2, Panel A). The bank manager’s lack of transparency about the disposition of customer funds, however, strongly indicates that he was simply motivated to steal their virtual currency (Holyoke 2007). Second Life land scam perpetrator, Juggernaut Stoklitsky, was clearly motivated by monetary gain, given that he is alleged to have converted game currency, or in some cases, was paid directly in real-world cash (Table 2, Panel A). Presumably, other individuals who perpetrated market-based frauds in Second Life (SLCapEx and Second Life Land Auction) also had monetary motivations, as Second Life currency can be readily exchanged for real-world cash. Alternately, it is possible that some of these individuals viewed fraudulent activity as a means of accumulating virtual assets to enhance their participation in Second Life. For those individuals, it is therefore difficult to draw a distinction between the monetary motivation of accumulating in-game currency and the nonmonetary motivations described by Yee (2006a). There is evidence that participants in the Korean MMORPG Hacking (Sophos 2005) and Panda Burning Incense (Fletcher 2009; Jianwei et al. 2012) schemes (Table 2, Panel C) converted stolen items to substantial amounts of cash. There is no direct evidence that stolen virtual goods were exchanged for cash in either the World of Warcraft or RuneScape identity theft cases. Given the size and apparent sophistication of these operations, however, it is likely that the perpetrators’ objective was to convert stolen goods to cash rather than retain the items for in-game use (Barrett 2009; Ward 2009). Finally, there is evidence that perpetrators in the Lineage II (Knight 2005a) and EverQuest II (Knight 2005b) exploit cases were also motivated by monetary gains (Table 2, Panel D). Non-Monetary EIB perpetrator ‘‘Cally’’ left a rambling video taunting his victims (Google Video 2006; Pollack 2006), which indicated that he was motivated to manipulate other players (Table 2, Panel A). Similarly, Curzon Dax made it clear that his scheme was engineered primarily to have the ‘‘pleasure’’ of fooling other participants ‘‘one more time’’ before his retirement from playing EVE Online (Dax 2009), which also suggests a manipulation motivation (Table 2, Panel A). The perpetrator’s motivation in the Band of Brothers case (Egan 2009b; Graham 2009) was apparently to revenge perceived slights from his former alliance partners (Table 2, Panel B). The revenge 13 Detailed descriptions of fraud diamond components for each case are available (see Appendix A). Motive does not match any of the motivations suggested by Yee’s (2006a) taxonomy; however, it is consistent with an ego or entitlement motive (Dorminey et al. 2012). The perpetrators in the Habbo Hotel identity theft (Table 2, Panel C) and Outwar click fraud cases (Table 2, Panel D) kept their ill-gotten assets in-game and did not convert these to cash. This indicates, in both cases, that the perpetrators had non-monetary motivations. Achievement appears to be the strongest motivation in both cases; however, adding virtual furniture to one’s ‘‘room’’ in Habbo Hotel also satisfies immersion and escapism motivations. Two of the remaining cases took place in Eve Online, a closed game that does not readily permit conversion of virtual assets into real assets. Perpetrators in the Phaser, Inc. case (Table 2, Panel A), admitted their objective was to quickly accumulate EVE Online currency (Drain 2011). The primary motivation in the Titans 4U case (Table 2, Panel B) was also to accumulate virtual currency (Drain 2010b). Thus, it appears that achievement was the primary motivator in both cases. Nevertheless, because the stolen currency had substantial real-world value (approximately $52,000 in Phaser, Inc. and $45,000 in Titans 4U), the perpetrators may also have been motivated by monetary gain. Similarly, it is not clear whether the perpetrator in the Final Fantasy XI identity theft case (Table 2, Panel C) was motivated to accumulate virtual assets for achievement or planned to convert the stolen goods into real assets. Opportunity The opportunity element of virtual world fraud consists of two sub-elements: environmental factors and victim characteristics (see Table 3). This analysis identifies three environmental factors related to virtual world fraud. The first concerns real-world regulatory policies and focuses on the TABLE 3 Opportunities for Virtual World Fraud Environmental factors Real-world regulatory policies – Lack of legal precedent concerning virtual assets – Authorities’ unwillingness to prosecute when virtual world fraud does not involve a real-world crime – Inconsistent rules across jurisdictions concerning virtual assets Virtual world regulatory policies and features – Regulation of virtual world markets – Terms of service (TOS) – Monitoring participant activity – Encouraging participants to communicate suspected illegal behavior Social norms and participant organizational structures – Tolerance for behavior considered illegal in the real world – Virtual organization governance and controls – Collusion among perpetrators Victim characteristics Monetary gain or achievement motivations Misplaced trust Lack of knowledge of: – Market regulation – Corporate governance structures – Online security 142 Dilla, Harrison, Mennecke, and Janvrin Journal of Information Systems Fall 2013 inconsistent definition and application of real-world law to virtual worlds. The second factor involves virtual world regulatory policies and features. The third factor involves virtual world social norms and participant organizational structures. Real-World Regulatory Policies Two Second Life land sale cases represent the only virtual world market fraud cases where real-world regulatory policies were applied (Table 2, Panel A). Second Life proprietor, Linden Lab, froze Marc Bragg’s account and seized his virtual assets for allegedly engaging in a land-auction fraud (Anderson 2006; Cheng 2007; Craig 2006; Walsh 2006). Bragg subsequently filed a lawsuit against Linden Lab claiming that its actions were illegal because Second Life’s TOS states that Second Life residents have ownership rights to property held within this virtual world. Because Bragg and Linden Lab entered into a confidential out-of-court settlement (Guadamuz 2007), realworld law in the United States regarding the conversion of assets illegally obtained within an open game such as Second Life remains ambiguous. Real-world implications of the Juggernaut Stoklitsky case appear to be more straightforward, since it involves fraudulent land sales where proceeds were either converted immediately to, or in some cases received directly in, real-world cash (Nino 2007). As a result, victims filed charges against the alleged perpetrator in his home state of Florida; however, no press accounts have appeared to date regarding the resolution of this case. These two cases involve fraud alleged to have taken place within the virtual environment, not in the real world. In cases where fraud or deception involving game assets or identities takes place outside of the game, effective sanctions exist. Established law generally can be applied when individuals use real-world techniques such as computer worms, malicious emails, or identity theft to steal virtual assets (Arias 2008; Fletcher 2009; Leyden 2011; Morris 2011; Shen 2010; Sophos 2004, 2005, 2007), and virtual world proprietors are usually willing to cooperate with legal authorities in such cases. Indeed, criminal charges were brought against the perpetrators in the Korean MMORPG Hacking, Panda Burning Incense, and Habbo Hotel identity theft cases (Table 2, Panel C) and in the Lineage II and Outwar software exploit cases (Table 2, Panel D). In contrast, there have been no formal legal consequences to date in the cases where the actions taken to steal a virtual asset occur entirely within a virtual environment. Attempts to recover virtual assets taken under these circumstances have been unsuccessful thus far under U.S. law (Brewer 2008). Currently, the only countries known to consider theft of virtual assets a property crime are China, Taiwan, and South Korea (Arias 2008; Carli 2007).14 Thus, the impact of real-world regulation is quite different for fraudulent acts that occur totally within virtual worlds, as opposed to cases that involve deception occurring outside the virtual environment or that include a transfer of real-world assets. Virtual World Regulatory Policies and Features Regulation of virtual world markets. Virtual world proprietors generally had weak or no regulations pertaining to investments in virtual corporations, banks, or other institutions at the time the cases involving market fraud occurred (Table 2, Panel A). There is significant variance in how proprietors have subsequently responded. EVE Online has steadfastly refused to develop significant financial regulation, even while substantial frauds continue to occur (Egan 2009c). Indeed, EVE Online participants tend to view the opportunity to interact in a more or less lawless environment as 14 The arrest of a Chinese exchange student in Japan for the Lineage II exploit case (Knight 2005a) suggests that Japan may have a similar law; however, there are no available details on the legal grounds for the perpetrator’s arrest. One of this virtual world’s attractive features (McCarthy 2006; Drain 2010a). On the other hand, Second Life has instituted strict restrictions on certain types of in-world activities. For example, Second Life closed all of its banks in January 2008 (Semuels 2008; Sidel 2008; Talbot 2008). The SLCapEx did continue to operate; however, by the end of 2009, 19 out of the exchange’s 24 companies had delisted, effectively ending its activities (Liu 2010). Closing virtual banks and allowing the virtual stock exchange to cease operations effectively avoids fraud risk exposures for both Second Life participants and its proprietor. TOS provisions. Presumably, the proprietor of a closed game should be able to deter fraud within the virtual environment by ejecting players who convert fraudulently obtained assets into real currency. There is, however, only one identified case where this occurred. EBank CEO, Ricdic, was thrown out of EVE Online (BBC News 2009) for converting his illegally obtained virtual assets to cash (Table 2, Panel B). In reality, the threat of dismissal for asset conversion is likely a weak deterrent to virtual world fraud. A player who plans to quit playing a game may: (1) realize that there are no effective real-world sanctions, as long as the fraudulent act takes place entirely within the virtual world, and (2) not care whether he/she is permanently banned from the game for converting fraudulently obtained virtual assets for real currency. Therefore, TOS provisions by themselves are unlikely to serve as an effective deterrent to virtual world fraud. In addition, TOS rarely forbid an individual from assuming alternate identities within a virtual world. Alternate identities and lack of transparency regarding transactions between Ginko Bank and related entities controlled by its owner (Table 2, Panel A) were factors in this investment scheme (Alphaville Herald 2007; Holyoke 2007). Additionally, lack of information about investor identities apparently made it possible for perpetrator, Bad Bobby, to seize control of the Titans 4U voting rights (Table 2, Panel B) and abscond with the organization’s assets (Drain 2010b; Geere 2010). While avatars are a feature unique to virtual worlds, using a masked identity to commit fraud is not limited to these environments. Indeed, many real-world schemes involve using a fictitious online representation to hide the perpetrator’s true identity (Grazioli and Jarvenpaa 2003; Albrecht et al. 2007). Monitoring and communication. It is difficult, if not impossible, for virtual world proprietors to fully anticipate and attempt to prevent all unauthorized attempts to misappropriate player assets through regulations and controls.15 This is especially true when fraud is being perpetrated by parties outside the virtual world through identity theft techniques. Therefore, monitoring and communication serve as an important additional means of mitigating virtual world fraud risk, just as in the real world (COSO 2004). Many proprietors monitor transactions for behavior indicative of TOS violations (Egan 2009d; McCarthy 2006; Talbot 2008). They also alert participants about identity theft schemes and possible game software exploits (e.g., World of Warcraft [WOW] 2012). Participants are also encouraged to report suspected illegal behavior to the proprietor (e.g., Second Life 2013b), in much the same fashion as corporate fraud hotlines are used in the real world (e.g., Tysiak 2012). Monitoring and communication systems may or may not serve as a deterrent to committing fraudulent acts that are forbidden by a game’s TOS. They do, however, facilitate detecting participants engaged in unauthorized behavior, so that such individuals can be sanctioned and if necessary, barred from a virtual world. Social Norms and Participant Organizational Structures Tolerance for behavior considered to be illegal in the real world. It is not surprising that three out of the seven cases involving virtual world market fraud and all of the asset theft cases 15 Of course, virtual world proprietors do not have an interest in preventing ‘‘authorized’’ fraudulent activities when these are considered to be an important part of a game’s overall experience, as in EVE Online, occurred in EVE Online, given that this virtual world allows and encourages fraudulent acts (Drain 2010a; EVELopedia 2012a; McCarthy 2006). There were also four virtual world market fraud cases in Second Life, even though this virtual world’s social norms do not explicitly encourage deception. At the same time, the Second Life TOS and its community standards (Second Life 2013a, 2013b) do not explicitly prohibit fraudulent asset trades, either. Virtual organization governance and controls. All of the virtual organizations where theft of assets occurred (Table 2, Panel B), had what appeared to be strong, participant-developed internal control and governance systems. Nevertheless, perpetrators in the BOB (Egan 2009b; Graham 2009) and Titans 4U (Drain 2010b) cases were able to find and exploit weaknesses in controls, allowing them to steal the all of the organization’s assets in both cases. Further, EBank had a system that limited the amount of assets controlled by an individual director, but did not eliminate the opportunity for defalcation (Egan 2009c). Collusion among perpetrators. Five out of the seven cases involving virtual world market fraud and two out of the three asset theft cases involved perpetrators working alone. This is consistent with smaller cases of real-world occupational fraud (e.g., theft of corporate assets). Nevertheless, it is inconsistent with more significant cases of occupational fraud and with financial reporting fraud, which are typically perpetrated by groups of two or more co-offenders (Albrecht et al. 2012, 53; Dorminey et al. 2011, 2012; Free and Murphy 2013). There are only two cases where multiple virtual world participants clearly colluded to commit fraud within a virtual world. The first is the Phaser, Inc. investment scheme (Ceino 2011a; Ceino 2011b; Drain 2011) where perpetrators, Eddie Lampert and Mordor Exuel, conspired to take control of the fund and steal investors’ assets. The other is the Band of Brothers case in EVE Online (Egan 2009b; Graham 2009), where the perpetrator colluded with interested third parties from a rival organization. Additionally, there is indirect evidence that collusion took place in the SLCapEx case, since Bloomfield and Cho’s (2011) data suggest that large investors may have been working together to lure smaller investors into the market and later misappropriate their assets. Indeed, the fact that there is little evidence of fraud perpetrated by groups is somewhat surprising, given the culture in virtual worlds such as EVE Online, where alliances are commonly formed to engage in goal-oriented activities (Egan 2009b). It seems that these alliances would be an ideal environment for forming the co-offender ‘‘bonds’’ described by Free and Murphy (2013).16 Victim Characteristics Victim characteristics that provide opportunities for virtual world fraud include motivation, misplaced trust, and lack of knowledge regarding issue such as market regulation, corporate governance structures, and online security (see Table 3). These are important to consider, given research evidence that suggests that fraud perpetrators choose their tactics to take advantage of victims’ known or perceived weaknesses (Johnson et al. 1993; Grazioli and Jarvenpaa 2003). Monetary gain or achievement motivation. It appears that victims were motivated by achievement in the three EVE Online market frauds (Table 2, Panel A). Similarly, Second Life participants who invested in Ginko Bank or in SLCapEx companies were apparently motivated by the possibility of earning substantial amounts of virtual currency. Just as gullible real-world investors can be lured into a Ponzi scheme by the promise of large or consistent returns, a virtual 16 Free and Murphy (2013) describe three types of bonds between co-offenders: (1) individual-serving functional bonds, (2) organization-serving functional bonds, and (3) affective bonds. The relationship between the Phaser, Inc. perpetrators is an example of an individual-serving functional bond. The rival group’s collusion in the Band of Brothers case is an example of an organization-serving functional bond. Affective bonds between co-offenders are likely to be rare in virtual worlds, as these typically develop over a very long period of time (i.e., 15 to 20 years, on average). World participant will be attracted to an investment that promises to increase his/her asset balances or status in the virtual environment (Talbot 2008). Misplaced trust. Victims’ misplaced trust was also a factor in the Curzon Dax and Phaser, Inc. cases, as the perpetrators were well-known EVE Online players who had a reputation for running successful investment schemes. Further, misplaced trust appears to be a factor in at least two identity theft cases (Table 2, Panel C). The victim in the Final Fantasy XI case (Brewer 2008; Welsh 2008) knew the perpetrator and trusted him with his login information. Victims in the World of Warcraft case (Barrett 2009) were lured to a phishing site via what appeared to be an in-game pop-up window, and there are subsequent accounts of attempts to direct World of Warcraft participants to phishing sites via ‘‘whispers’’ on the game’s chat system (Zorz 2010). Victims appear to be more likely to trust a link to a phishing site when it is provided through an in-game medium, as opposed to within an email message. Lack of knowledge of market regulation. Investors in EIB, Ginko Financial, and the two fraudulent EVE Online investment schemes (Table 2, Panel A) were apparently unaware of the risks of unregulated investments. This is similar to real-world investors’ ignorance of the risks associated with unregistered Ponzi schemes (SEC 2013). Investors in Ginko Financial and the SLCapEx were also apparently unaware of the lack of standards for record keeping, reporting, disclosure, or information assurance. While Second Life financial institutions such as Ginko Bank and its affiliated companies issued financial statements (Holyoke 2007), there is no evidence that these were audited. Similarly, none of the firms listed on the SLCapEx from May 2007 to December 2009 disclosed audited financial statements (Bloomfield and Cho 2011). As a result, these financial statements merely functioned as an illusionary safeguard, which likely added legitimacy to the organization, despite the fact that the information they contained had not been verified by an independent party. Further compounding the financial information reliability problem is the fact that there are no generally accepted accounting principles (GAAP) for virtual world organizations (Gurley 2010; Holyoke 2010) and attempts to adapt real-world GAAP to virtual world activities may lead to widely divergent results (Ernst & Young 2010). Lack of knowledge of corporate governance structures. In all three asset theft cases listed in Table 2, Panel B, a trusted organizational member easily circumvented what appeared to be strong, complex internal control structures. Virtual organization leaders’ lack of knowledge about corporate governance structures and internal controls contributed to the propensity of these organizations to become fraud victims. The leaders’ naivete´ resulted in poorly designed control structures that exposed them to the possibility of exploitation (Drain 2010b; Graham 2009; Ocampo 2009). Lack of knowledge about online security. Victims’ apparent ignorance of basic online security procedures appears to be a factor in the Korean MMORPG Hacking, Panda Burning Incense (Table 2, Panel C), and Outwar (Table 2, Panel D) cases. In other identity theft cases (i.e., Habbo Hotel, World of Warcraft, and RuneScape), participants’ lack of experience and lack of familiarity with common phishing schemes appears to be an important reason the perpetrators were successful. Also, more experienced participants may have overlooked subtle cues that they were interacting with a fake game website, consistent with evidence that even experienced Internet users can be fooled into believing that phishing websites are real (Dhamija et al. 2006). Perpetrator Capabilities An individual’s perception that he/she has the capability to commit fraud is closely related to environmental opportunities. Three types of perpetrator capabilities appear to be particularly important in the virtual world context: (1) an understanding of how to exploit weaknesses in rules governing virtual world organizations or economic institutions, (2) the ability to manipulate a victim into erroneously believing that he/she is worthy of being trusted, and (3) technical knowledge that provides one with the capability to steal victims’ identities or exploit software weaknesses. Since the capabilities an individual possesses within a virtual world derive from his/her applicable real-world capabilities, it is important to recognize that the capabilities that he/she develops and practices in order to steal virtual world assets can also be applied in real-world settings (Yee 2006a). Knowledge about Corporate Governance/Economic Institutions Perpetrators in the identified fraud cases involving virtual world markets fraud apparently understood how to exploit weaknesses in rules governing virtual world organizations or economic institutions (Table 2, Panel A). Similarly, perpetrators in the cases involving theft of corporate assets understood how to exploit weaknesses in these virtual organizations’ control procedures (Table 2, Panel B). Ability to Manipulate Others The perpetrator’s ability to manipulate others was an additional factor in the Curzon Dax and Phaser, Inc. market frauds (Table 2, Panel A) and the Titans 4U corporate asset theft case (Table 2, Panel B). Dax used his fame as an entrepreneur and entertainer to lure investors into a ‘‘special’’ fund, similar to the way Bernie Madoff enticed victims through his personal relationships and reputation (Economist 2008; Egan 2009a; EVE Online Forum 2010). Similarly, the Titans 4U fund manager, Bad Bobby, used his reputation as a successful fund manager to convince other company directors to authorize the sale of shares that eventually allowed him to take control of the fund’s assets (Drain 2010b). In contrast, the Phaser Inc. perpetrators automated the workings of their fund and avoided direct investor contact (Ceino 2011b). Instead, they built investor trust by placing frequent ads in EVE Online chat channels and building a website that provided the appearance that the Phaser, Inc. investor fund was legitimate. Technical Knowledge Perpetrators in the Korean MMORPG Hacking and Panda Burning Incense cases had the technical knowledge to develop malware that accessed victims’ computers and enabled theft of login credentials (Table 2, Panel C). Additionally, the Panda Burning Incense perpetrators developed a complex ‘‘value chain,’’ (Jianwei et al. 2012) where each individual was responsible for a single action (i.e., writing virus code, planting code on victim computers, stealing virtual assets, or converting virtual assets into currency). This system took advantage of each syndicate member’s individual capabilities and helped to conceal their identities. The perpetrators of the Habbo Hotel, World of Warcraft, and RuneScape cases (Table 2, Panel C) had the capability to design and send realistic-looking communications to victims (through either emails or in-game communication channels) and to create realistic-looking websites to collect victim login information. The Lineage II and EverQuest II perpetrators knew how to exploit weaknesses in these games’ software code (Table 2, Panel D). The Zynga Poker Chip Theft perpetrator knew how to exploit system access weaknesses at Zynga and understood how to conceal his identity by setting up multiple Facebook accounts (Daily Mail 2011). Finally, the Outwar perpetrators had the technical knowledge to develop and plant malware on host computers, which was used to exploit a weakness in the Outwar game that allowed the accumulation of points through automated play over a botnet (Leyden 2004). Rationalization There is information on perpetrator rationalization in many of the cases involving fraud in virtual world markets (Table 2, Panel A) and corporate asset theft (Table 2, Panel B), while there is little or no information on rationalization in the cases involving identity theft or software exploits (Table 2, Panels C and D). It therefore appears that when the ramifications of a fraudulent act are confined to a virtual world, perpetrators are willing to publicly discuss their rationalizations. On the other hand, when virtual world fraud involves actions that are considered illegal in the real world (i.e., identity theft or hacking) it appears that perpetrators are unwilling to publicly discuss their rationalizations. Belief that Violating Rules is Acceptable Murphy and Dacin’s (2011) framework of psychological pathways to fraud states that once an individual senses that the motivation and opportunity to commit fraud exist, he/she will ask themselves if they are aware that the behavior is fraud. If the answer is ‘‘no,’’ then there is no need to rationalize the fraudulent act. This apparently occurred in two of the Second Life market fraud cases (Table 2, Panel A). Ginko Bank CEO, Nicholas Portacarrero, denied any responsibility for the bank’s collapse, instead blaming the failure on Linden Lab’s decision to shut down Second Life casinos (Alphaville Herald 2007; Second Thoughts 2007). In the Second Life auction fraud case, Marc Bragg claimed that there was nothing wrong with his actions because the proprietor made it possible to access land auctions before they were open to the public (Craig 2006). Both perpetrators appear to have based their actions not on real-world social norms, but instead on a belief that fraudulent actions are acceptable, as long as they are not forbidden by the virtual world’s TOS. Even though EVE Online’s social norms strongly indicate that fraudulent actions are an acceptable ‘‘normal’’ part of the virtual environment (Drain 2010a; McCarthy 2006), Mordor Exuel and Eddie Lampert, perpetrators of the Phaser, Inc. (Ceino 2011b) investment fraud (Table 2, Panel A) engaged in a rationalization process. Specifically, they stated that they considered conducting an investment scam to be a ‘‘moral obstacle’’ and that they ‘‘talked it over for quite a while and came to the decision that we could live with it.’’ According to Murphy and Dacin (2011), an individual who is aware that a behavior is fraud may use affect-laden moral intuition to rationalize his/her actions. Thus, Exuel and Lampert were aware that their behavior was fraud, but rationalized away any negative affect that might be associated with their actions. They came to an intuitive conclusion that stealing from other players through an investment scheme was no different from the more common EVE Online strategy of destroying a player’s virtual assets in battle.17 Disdain or Lack of Respect for Others EIB Bank director, Cally, rationalized his fraud (Table 2, Panel A) by stating in an online video that he thought scamming people was amusing and explained that he was ‘‘not a nice person’’ (Google Video 2006). Similarly, fraudulent investment fund manager Curzon Dax publicly stated that he considered other players to be stupid and that he wanted to have fun perpetrating a scam before he left EVE Online (Dax 2009). Thus, both players’ motivation to commit fraud in order to 17 An affective judgment is not the only pathway to fraud. If a person’s intuition indicates that fraud is not acceptable, he/she may then engage in a reasoning process in which they weigh the costs and benefits of fraud. If, after that process, a person does decide to commit fraud, he/she may attempt to reduce negative affect after committing the fraud through ex post rationalization, or alternately, by confessing or attempting to make restitution (Murphy and Dacin 2011). manipulate others is closely related to their intuitive rationalizations (i.e., it is justifiable to commit fraud against individuals one considers to be intellectually inferior). VI. OBSERVATIONS, OPPORTUNITIES FOR FUTURE RESEARCH, AND CONCLUSIONS Market Fraud As is often the case in the real world, an important motivation to commit fraud in virtual world financial markets is the accumulation of wealth, both real and virtual. Even when virtual world regulations forbid or greatly restrict the conversion of virtual assets to real-world money, as in EVE Online, perpetrators are motivated to misappropriate virtual funds so they can improve their status and power. The analysis of virtual world fraud cases provides insights into other perpetrator motivations, such as the desire to manipulate other participants (Egan 2009a). These insights are useful, given that fraud investigators and researchers are only now beginning to consider nonmonetary incentives for committing fraud (Dorminey et al. 2012; Trompeter et al. 2013) and little is known about how these non-monetary incentives might influence perpetrator rationalizations (Murphy and Dacin 2011). The analysis presented here also examines the role of victim characteristics in virtual world market fraud. virtual world market participants are willing to invest, even when these markets are unregulated and reliable information about the value of virtual assets is lacking (Second Thoughts 2007; Drain 2010a). Further, statements made by virtual world participants (e.g., EVE Online Forum 2010) suggest that participants’ motivation to build relationships with others and further their sense of achievement leads to a sense of misplaced trust, making them even more susceptible to false information about the value of virtual assets (Yee 2006a). As a result, psychological motivations may outweigh rational economic considerations in making victims susceptible to fraud in virtual world markets. On the perpetrator side, two important features of virtual worlds might lead an individual to rationalize that the benefits of committing fraud outweigh the risks of getting caught and punished. First, regulations with regard to virtual world fraud are ambiguous, especially in the U.S. and other Western countries. Second, a virtual world participant has a certain degree of anonymity when embodied as an avatar. Investors’ psychological motivations, the ambiguity of regulations surrounding virtual trading environments, and seller anonymity each have real-world implications because of similarities to new, emerging financial markets. For example, the Securities and Exchange Commission (SEC) is considering regulations regarding crowdfunding, which is the use of the Internet to raise money through small contributions from a large number of investors (Bradford 2012; Hazen 2012; Tozzi 2012). These investors may have limited information about the venture that they are investing in or the identities of the individuals who are raising investment capital. We therefore offer the following research questions. RQ1: Why do investors in virtual world markets invest in unregulated securities? RQ2: To what extent does the relative anonymity provided by an avatar affect one’s propensity to commit fraudulent acts? RQ3: How does the lack of relevant regulation over virtual world markets influence the psychological processes a person uses to rationalize a fraudulent act? To address RQ1 and RQ2, researchers could treat virtual world markets as a natural laboratory and observe participant behavior, as did Bloomfield and Cho (2011). In addition, as suggested by Bloomfield and Rennekamp (2009), researchers might use virtual worlds as environments for conducting realistic, large-scale economic experiments. This approach allows researchers to query participants about their motivations and decision processes, therefore providing a means for addressing RQ3. Regardless of the methodology used, it is important for accounting researchers to focus on understanding the role of psychological and social factors when studying fraudulent behavior in virtual world markets. Theft of Corporate Assets Three cases in EVE Online where perpetrators defrauded virtual organizations were identified, but there were no similar reported cases from other virtual worlds. Social norms that require loyalty to one’s guild or organization provide a possible explanation for the lack of such behavior in other virtual worlds (e.g., World of Warcraft). Many participants invest considerable time and effort developing their reputation in a virtual world and risk forfeiting this social capital if they were to betray their guild-mates’ trust. Thus, participants who have a commitment to a virtual world and to their guild mates will protect their reputations; this, in turn, discourages corporate asset theft (Williams et al. 2006). Information transparency also appears to play a role in preventing theft from virtual world organizations. Many of these organizations have designed sophisticated systems commonly known as Dragon Kill Point (DKP) systems for allocating and keeping track of members’ pooled resources (Castronova and Fairfield 2007; Reeves and Read 2009, 129–132; WoWWiki 2011).18 As with real-life management accounting systems, DKP systems are designed to motivate and reward the organization’s members, as well as function as a control mechanism. Unlike many contemporary management control systems, which are developed from the top of the organization (Kaplan and Norton 1996, 2001a, 2001b; Cooper et al. 2012), DKP systems are developed by participants, in many cases with little direction from the organization’s leadership (Castronova and Fairfield 2007). DKP systems apparently solidify the reciprocal relationship between the group and its individual members by allowing for measurable and equitable compensation to individuals for their contributions to the group, as well as a means of controlling and securing assets (Malone 2009). Indeed, the strength of social relationships contributes to the stability of DKP systems, which, in turn, helps to explain why asset theft from virtual organizations is rare (Castronova and Fairfield 2007). Future research is needed to examine the role of DKP systems in fraud prevention. This suggests the following research questions: RQ4: To what extent do the prevailing social norms in a given virtual world influence the propensity for corporate asset theft to occur? RQ5: What role do corporation or guild record-keeping systems (e.g., DKP systems) play in preventing corporate asset theft? Given the large number of virtual world organizations and ample opportunities to observe behavior within these entities, case studies appear to be an appropriate approach to investigate RQ4 and RQ5. Retrospective analysis of documents, records of past behaviors, and digital archives of participant verbal interactions would also be useful in addressing these questions. 18 The term ‘‘Dragon Kill Points’’ originated in fantasy role-playing games such as EverQuest and World of Warcraft (Malone 2009). The term ‘‘DKP system’’ refers generically to any system used to keep track of, and distribute, a virtual world organization’s assets, regardless of game context. 150 Dilla, Harrison, Mennecke, and Janvrin Journal of Information Systems Fall 2013 Identity Theft and Software Exploits The risk response of virtual world proprietors’ to the possibility of identity theft and software exploit fraud has implications for real-world fraud prevention. Management (i.e., virtual world proprietors) can elect to accept, reduce, share, or avoid risk in accordance with the entity’s risk tolerances and risk appetite (Kinney 2000; COSO 2004). Risk management strategies vary among proprietors. EVE Online’s proprietor, CCP Games, warns participants that they accept the risk of virtual asset theft (EVELopedia 2012a, 2012b) because theft and fraud is considered to be sanctioned behavior within that virtual world (EVELopedia 2006). At the same time, CCP Games actively reduces the risks of threats to the integrity of its virtual economy and of player identity theft by monitoring the game environment for actions that violate its TOS, such as conversion of in-game assets to virtual assets (Egan 2009d, 2009e; Kuchera 2009). World of Warcraft proprietor, Blizzard Entertainment, also attempts to reduce identity theft risk by informing participants of the risks of trading with gold farmers (Blizzard Tutorial 2011; WOW 2012), who are players that play for the express purpose of gaining virtual world assets and exchanging them for real-world currency. Finally, after Zynga received extensive adverse publicity when customers signed up and were billed for unwanted items and services, it started managing risk in its social network games by policing and banning fraudulent third-party offers (Arrington 2009; Shambora 2009) and warning participants about the risks of accepting such offers (Zynga 2012). Virtual world proprietors often share or transfer fraud risk using practices such as outsourcing their virtual currency exchange function to a reliable third-party provider (e.g., Egan 2009f; Live Gamer 2012). Second Life’s proprietor apparently decided to avoid further investment loss risk by closing all of its banks after fraudulent trading schemes caused participants to incur substantial losses (Semuels 2008; Sidel 2008; Talbot 2008). The proprietor’s role in protecting participants from fraud is important, since putting participants’ real-world assets at risk detracts from a virtual world’s marketable experience and potentially exposes the proprietor to litigation from participants who have been fraud victims. This suggests the following research questions: RQ6: How do proprietors identify fraud risks? RQ7: What strategies (i.e., accept, reduce, share, or avoid) do proprietors use to manage fraud risks)? Case studies are an effective way to study RQ6 and RQ7. As a particular virtual world increases in popularity, new exploits and threats will be discovered and proprietors will usually react by changing their TOS and risk management procedures. This provides the opportunity to address these questions through longitudinal analysis of changes in the virtual world’s policies over time. Conclusions The analysis of virtual world cases presented in this paper indicates that the study of virtual world fraud has potential real-world implications and provides opportunities for further research in four areas: (1) fraud perpetrators’ non-monetary motivations and rationalizations in financial market frauds; (2) victims’ motivations and lack of knowledge in financial market frauds; (3) how corporate culture and transparent internal accounting systems might help prevent corporate asset theft; and (4) factors that shape management’s fraud risk tolerance and risk management strategies. Virtual worlds provide a unique environment for studying the conditions that lead to fraud. One important advantage of virtual worlds for research is that archival or conventional experimental data that are difficult or impossible to collect in the real world may be more accessible in a virtual world. The transparency of virtual worlds facilitates the collection of data pertaining to fraud perpetrator and victim characteristics, motivations for committing fraud, and institutional and regulatory structures. Despite the promise of archival, experimental, and survey techniques for studying fraud in virtual worlds and its implications for the real world, researchers should proceed with a degree of caution. Because proprietors seek to offer distinctive products to their participants, each virtual world typically has a unique set of rules and regulations, which makes mapping findings to realworld phenomena challenging (Williams 2010). Embedding controlled experiments in virtual worlds is one way to avoid these problems; however, as Duffy (2011) and Harrison et al. (2011) observe, this approach is not without potential difficulties. Even so, carefully designed studies in virtual world environments have considerable potential for advancing researchers’ and practitioners’ understanding of the antecedents of fraud. REFERENCES Albrecht, C. O., C. C. Albrecht, J. Wareham, and P. Fox. 2007. The role of power and negotiation in online deception. Journal of Digital Forensics, Security and Law 1 (4): 29–48. Albrecht, W. S., C. C. Albrecht, C. O. Albrecht, and M. F. Zimbelman. 2012. Fraud Examination. 4th edition. Mason, OH: South-Western Cengage Learning. Alphaville Herald. 2007. Ginko’s financial end-game. (June 8). Available at: http://alphavilleherald.com/ 2007/08/ginko-financial-2.html American Institute of Certified Public Accountants (AICPA). 2002. Consideration of Fraud in a Financial Statement Audit. Statement on Auditing Standards No. 99. New York, NY: AICPA. Anderson, N. 2006. When virtual land deals go bad. Ars Technica (May 10). Available at: http:// arstechnica.com/old/content/2006/05/6794.ars Arias, A. V. 2008. Life, liberty, and the pursuit of swords and armor: Regulating the theft of virtual goods. Emory Law Journal 57 (5): 1301–1346. Arrington, M. 2009. Zynga takes steps to remove scams from games. TechCrunch (November 2). Available at: http://techcrunch.com/2009/11/02/zynga-takes-steps-to-remove-scams-from-games/ Bainbridge, W. 2007. The scientific research potential of virtual worlds. Science (July 27). Available at: http://www.sciencemag.org/content/317/5837/472.full Barrett, L. 2009. World of Warcraft hit by new phishing scam. Internet News (September 29). Available at: http://www.internetnews.com/security/article.php/3841491/World%20of%20Warcraft%20Hit%20by %20New%20Phishing%20Scam.htm BBC News Technology. 2011. Hacker faces jail over poker chip theft. (February 3). Available at: http:// www.bbc.co.uk/news/technology-12357005 BBC News. 2007. Virtual theft’ leads to arrest. (November 14). Available at: http://news.bbc.co.uk/2/hi/ 7094764.stm BBC News. 2009. Billions stolen in online robbery. (July 3). Available at: http://news.bbc.co.uk/2/hi/ technology/8132547.stm Blizzard Entertainment. 2012. World of Warcraft terms of use. Available at: http://us.blizzard.com/en-us/ company/legal/wow_tou.html Blizzard Tutorial. 2011. About scam attempts World of Warcraft (WoW)/Battle.net. (September 28). Available at: http://www.youtube.com/watch?v¼RTrWNtE48kM Bloomfield, R., and K. Rennekamp. 2009. Experimental research in financial reporting: From the laboratory to the virtual world. Foundations and Trends in Accounting 3 (1). 152 Dilla, Harrison, Mennecke, and Janvrin Journal of Information Systems Fall 2013 Bloomfield, R., and Y. Cho. 2011. Unregulated stock markets in Second Life. Southern Economic Journal 78 (1): 6–29. Bradford, C. S. 2012. Crowdfunding and the federal securities laws. Columbia Business Law Review (1): 1– 150. Brewer, J. 2008. When a virtual crook struck this gamer, he called real cops. St. Paul Pioneer Press (January 31). Available at: http://www.twincities.com//ci_8134692?IADID¼Search-www.twincities. com-www.twincities.com Carli, R. 2007. The sword, the thief, and the EULA: A virtual property crisis in online videogames. Available at: http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall07-papers/gamesproperty.pdf Castronova, E. 2004. The right to play. New York Law School Law Review 49 (1): 185–210. Castronova, E., and J. Fairfield. 2007. Dragon Kill Points: A Summary Whitepaper. Available at: http:// papers.ssrn.com/sol3/papers.cfm?abstract_id¼958945 Ceino, D. 2011a. One of the biggest scams in Eve history, Ponzi scheme empties over 1 trillion ISK from players’ wallets. Eve News 24 (August 12). Available at: http://www.evenews24.com/2011/08/12/ one-of-the-biggest-scam-in-eve-history-ponzi-scheme-empties-over-1-trillion-isk-from-playerswallets/ Ceino, D. 2011b. The 1 trillion ISK Ponzi—Phaser Inc. speaks. Eve News 24 (August 14). Available at: http://www.evenews24.com/2011/08/14/the-1-trillion-isk-ponzi-phaser-inc-speaks/ Center for Audit Quality (CAQ). 2010. Deterring and detecting financial reporting fraud: A platform for action. Available at: http://www.thecaq.org/Anti-FraudInitiative/CAQAnti-FraudReport.pdf Cheng, J. 2007. Second Life ‘‘land’’ dispute moves offline to federal courtroom. Ars Technica (June 4). Available at: http://arstechnica.com/tech-policy/news/2007/06/second-life-land-dispute-movesoffline-to-federal-courtroom.ars Cohen, J., Y. Ding, C. Lesage, and H. Stolowy. 2011. Corporate fraud and managers’ behavior: Evidence from the press. Journal of Business Ethics. Available at: http://papers.ssrn.com/sol3/papers.cfm? abstract_id¼1160076 Collington, T. 2010. Man faces fraud charges over video game characters. WTSP Channel 10 Available at: http://www.wtsp.com/news/local/story.aspx?storyid¼122488 Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2004. Enterprise Risk Management, Integrated Framework: Executive Summary. Available at: http://www.coso.org/ermintegratedframework.htm Cooper, D., M. Ezzamel, and S. Qu. 2012. Popularizing a management accounting idea: The case of the balanced scorecard. Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id¼1911705 Craig, K. 2006. Second Life land deal goes sour. Wired.com (May 18). Available at: http://www.wired.com/ gaming/virtualworlds/news/2006/05/70909 Daily Mail. 2011. IT expert who hacked into online casino site and stole 400 billion chips faces jail. Mail Online (February 1). Available at: http://www.dailymail.co.uk/news/article-1352564/IT-experthacked-online-casino-site-stole-400-billion-chips-faces-jail.html Dax, C. 2009. EVEforum post. (December 25). Available at: http://www.eveonline.com/ingameboard.asp? a¼topic&threadID¼1239501 Dhamija, R., J. D. Tygar, and M. Hearst. 2006. Why phishing works. Available at: http://dl.acm.org/ citation.cfm?id¼1124861 Dibbell, J. 2003. The unreal estate boom. Wired (January). Available at: http://www.wired.com/wired/ archive/11.01/gaming.html Dibbell, J. 2004. Play money: Diary of a dubious proposition. (April 19). Available at: http://www. juliandibbell.com/playmoney/index.html Dorminey, J., A. Fleming, M. Kranacher, and R. Riley, Jr. 2011. Beyond the fraud triangle. Fraud Magazine 26 (5): 18–25, 51. Dorminey, J., A. Fleming, M. Kranacher, and R. Riley, Jr. 2012. The evolution of fraud theory. Issues in Accounting Education 27 (2): 555–579. An Analysis of Fraud in Virtual Worlds and Its Implications for the Real World 153 Journal of Information Systems Fall 2013 Drain, B. 2010a. EVE evolved: Outlaws of EVE. Massively by Joystiq (August 8). Available at: http://www. massively.com/2010/08/08/eve-evolved-outlaws-of-eve/ Drain, B. 2010b. EVE online player steals $45,000 worth of ISK in massive investment scam. Massively by Joystiq (September 11). Available at: http://www.massively.com/2010/09/11/eve-online-playersteals-45-000-worth-of-isk-in-massive-investm/ Drain, B. 2011. Biggest EVE Online scam ever recorded nets over a trillion ISK. Massively by Joystiq (August 12). Available at: http://massively.joystiq.com/2011/08/12/biggest-eve-online-scam-everrecorded-nets-over-a-trillion-isk/ Duffy, J. 2011. Trust in Second Life. Southern Economic Journal 78 (1): 53–62. Economist. 2008. Con of the century. (December). Available at: http://www.economist.com/node/ 12818310 Egan, J. 2009a. How the Grinch stole Christmas EVE. Massively by Joystiq (December 28). Available at: http://massively.joystiq.com/2009/12/28/how-the-grinch-stole-christmas-eve/ Egan, J. 2009b. Further developments in EVE’s ‘‘Grand Theft Alliance’’ drama. Massively by Joystiq (February 5). Available at: http://massively.joystiq.com/2009/02/05/further-developments-in-evesgrand-theft-alliance-drama/ Egan, J. 2009c. New perspective on EVE online’s latest bank embezzlement. Massively by Joystiq (July 2). Available at: http://massively.joystiq.com/2009/07/02/new-perspective-on-eve-onlines-latest-bankembezzlement/ Egan, J. 2009d. The fight against RMT in EVE online. Massively by Joystiq (August 11). Available at: http://massively.joystiq.com/2009/08/11/the-fight-against-rmt-in-eve-online/ Egan, J. 2009e. EVE Online’s anti RMT operation Unholy Rage bans over 6200 accounts. Massively by Joystiq (August 17). Available at: http://massively.joystiq.com/2009/08/17/eve-onlines-anti-rmtoperation-unholy-rage-bans-over-6200-accou/ Egan, J. 2009f. Live Gamer’s Andy Schneider on legitimizing RMT in games and virtual worlds. Massively by Joystiq (April 27). Available at: http://massively.joystiq.com/2009/04/27/live-gamers-andyschneider-on-legitimizing-rmt-in-games-and-vir/ Ernst & Young. 2010. Revenue recognition on the sale of virtual goods. Hot topic: Update on major accounting and auditing activities (April 9). Available at: https://www.google.com/search? q¼RevenueþRecognitionþonþtheþSaleþofþVirtualþGoods.þHotþTopic%3AþUpdateþonþMajorþ AccountingþandþAuditing&rlz¼1C1SNNT_enUS352US353&oq¼RevenueþRecognitionþonþtheþ SaleþofþVirtualþGoods.þHotþTopic%3AþUpdateþonþMajorþAccountingþandþAuditing&aqs¼ chrome.0.69i57.1239j0&sourceid¼chrome&ie¼UTF-8 EVE Online 2012. End user license agreement. Available at: http://community.eveonline.com/pnp/eula.asp EVE Online Forum. 2010. How Curzon Dax did what he did. (May 31). Available at: http://www.evesearch.com/thread/1327767/page/1 EVE Online. 2009. Player pulls off huge scam in EVE Online. (December 29). Available at: http://www. tentonhammer.com/node/78641 EVELopedia. 2006. Piracy Guide. Available at: http://wiki.eveonline.com/en/wiki/Piracy_guide EVELopedia. 2012a. Scams and exploits. Available at: http://wiki.eveonline.com/en/wiki/Scams_and_ Exploits EVELopedia. 2012b. Corporation management guide. Available at: http://wiki.eveonline.com/en/wiki/ Corporation_management_guide Fletcher, O. 2009. China warns about return of destructive panda virus. PC World (November) Available at: http://www.pcworld.com/article/183272/article.html Free, C., and P. R. Murphy. 2013. The ties that bind: The decision to co-offend in fraud. Available at: http:// papers.ssrn.com/sol3/papers.cfm?abstract_id¼2275750 Freedman, R. 2008. How to Make Real Money in Second Life: Boost Your Business, Market Your Services, and Sell Your Products in the World’s Hottest Virtual Community. New York, NY: McGraw-Hill. Geere, D. 2010. EVE Online fraud nets ‘Bad Bobby’ £42,000. WIRED.CO.UK (September 14). Available at: http://www.wired.co.uk/news/archive/2010-09/14/eve-online-heist 154 Dilla, Harrison, Mennecke, and Janvrin Journal of Information Systems Fall 2013 Google Video. 2006. Dentara Rast aka Cally confesses to EIB scam. Available at: http://www.stumbleupon. com/su/video/1Hc5MC Graham, F. 2009. The struggle among the stars. BBC News (February 23). Available at: http://news.bbc.co. uk/2/hi/technology/7905924.stm Grazioli, S., and S. Jarvenpaa. 2003. Consumer and business deception on the Internet: Content analysis of documentary evidence. International Journal of Electronic Commerce 7 (4): 93–118. Gregor, S. 2006. The nature of theory in information systems. MIS Quarterly 30 (3): 611–642. Guadamuz, A. 2007. Bragg v Linden Labs. Technollama (October 19). Available at: http://technollama. blogspot.com/2007/10/bragg-v-linden-labs.html Gurley, B. 2010. Virtual goods, accounting, and the power of the ‘‘rental’’ model. abovethecrowd.com (February 8). Available at: http://abovethecrowd.com/2010/02/08/virtual-goods-accounting-and-thepower-of-the-rental-model/ Harrison A., B. Mennecke, and W. Dilla. 2013. Social norms, virtual worlds, and regulatory behavior. In The Immersive Internet: Reflections on the Entangling of the Virtual with Society, Politics and the Economy, edited by, Power, D. , and R. Teigland. New York, NY: Palgrave-Macmillan. Harrison, G. W., E. Haruvy, and E. E. Rutstro¨m. 2011. Remarks on virtual world and virtual reality experiments. Southern Economic Journal 78 (1): 87–94. Hazen, T. L. 2012. Social networks and the law: crowdfunding or fraudfunding? Social networks and the securities laws–why the specially tailored exemption must be conditioned on meaningful disclosure. North Carolina Law Review 90: 1735–1807. Hogan, C., Z. Rezaee, R. Riley, and U. Velury. 2008. Financial statement fraud: Insights from the academic literature. Auditing: A Journal of Practice & Theory 27 (2): 231–252. Holisky, A. 2010. Man imprisoned on fraud and theft charges over account selling scam. WOW Insider (January 13). Available at: http://wow.joystiq.com/tag/christopher-bouffard/ Holtz, P., and M. Appel. 2010. Internet use and video gaming predict problem behavior in early adolescence. Journal of Adolescence 34 (1): 49–58. Holyoke, J. 2007. Ginko financial mess—The big picture. The Alphaville Herald (April 11). Available at: http://alphavilleherald.com/2007/11/ginko-financial.html Holyoke, J. 2010. Bill Gurley discovers virtual world bean counting. The Alphaville Herald (December 2). Available at: http://alphavilleherald.com/2010/02/bill-gurley-talks-about-accounting-with-virtual worlds-why-there-is-a-difference-between-the-provide.html Hsu, J. 2008. Second Life bank crash foretold financial crisis. msnbc.com (November 21). Available at: http://www.msnbc.msn.com/id/27846252 Jeacle, I., and C. Carter. 2011. In TripAdvisor we trust: Rankings, calculative regimes and abstract systems. Accounting, Organizations and Society 36 (4): 293–309. Jianwei, Z., G. Liang, and D. Haixin. 2012. Investigating China’s online underground economy. University of California Institute on Global Conflict and Cooperation Available at: http://igcc.ucsd.edu/assets/ 001/503677.pdf Johnson, P., S. Grazioli, and K. Jamal. 1993. Fraud detection: Intentionality and deception in cognition. Accounting, Organizations and Society 18 (5): 467–488. Johnson, R. 2010. Common scams from the World of Warcraft. The Sitejabber Daily (October 18). Available at: http://www.sitejabber.com/blog/2010/10/18/common-scams-from-the-world-ofwarcraft/ Kaplan, R. S., and D. P. Norton. 1996. Using the balanced scorecard as a strategic management system. Harvard Business Review 74 (1): 75–85. Kaplan, R. S., and D. P. Norton. 2001a. Transforming the balanced scorecard from performance measurement to strategic management: Part 1. Accounting Horizons 15 (1): 87–104. Kaplan, R. S., and D. P. Norton. 2001b. Transforming the balanced scorecard from performance measurement to strategic management: Part 2. Accounting Horizons 15 (2): 147–160. Kinney, W. R. Jr. 2000. Information Quality Assurance and Internal Control for Management Decision Making. New York, NY: McGraw-Hill. An Analysis of Fraud in Virtual Worlds and Its Implications for the Real World 155 Journal of Information Sy Author Affiliations
- Assignment status: Already Solved By Our Experts
- (USA, AUS, UK & CA PhD. Writers)
- CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS
