Rogue insiders, signature loopholes, and fraud rings: Lessons learned by a Chinese B2B mogul

The purpose of this paper is to report the findings and lessons learned from a case study that is based on Alibaba's business‐to‐business (B2B) fraud in China. The influence of such incidents and post‐hoc solutions are research worthy in today's booming digital business world.

The paper uses a case study approach and practice‐driven method that rely on user behaviors, corporate policies, and financial data. The taxonomic framework of online fraud and corresponding countermeasures arise from digital forensic reports, policy reviews, data analysis, and a literature review.

The key findings are indigenous to the Chinese B2B landscape, yet they help international stakeholders understand and address fraudulent issues. The paper finds beside the traditional customer‐based account signature, internal employees must be assigned their own signature systems to track malicious activities. Meanwhile, digital signature systems can be enhanced by reducing the record inter‐arrival time. Policy revisions are proposed to (e.g. offshore companies) lead to the decrease in the number of fraudulent incidents.

The paper extends existing understanding of online fraud by studying a Chinese case. The findings are timely and based on real world experience. Actual practices are discussed and evaluated. A range of fraudulent activities is reviewed in a comprehensive framework. The findings are important due to the public exposure and wide implications of such an incident. Also, this study reveals that fraud protection is an on‐going effort requiring a triangulation of technical artifacts, policy management, and operations management.