Criminologists such as Gottfredson, McKenzie, Eck, Farrington, Sherman, Waller and others have been at the forefront of analyzing what works to prevent crime. Commissions and research bodies such as the World Health Organization, United Nations, the United States National Research Council, the UK Audit Commission have analyzed their and others' research on what lowers rates of interpersonal crime.
They agree that governments must go beyond law enforcement and criminal justice to tackle the risk factors that cause crime because it is more cost effective and leads to greater social benefits than the standard ways of responding to crime. Multiple opinion polls also confirm public support for investment in prevention. Waller uses these materials in Less Law, More Order to propose specific measures to reduce crime as well as a crime bill.
Some of the highlights of these authorities are set out below with some sources for further reading. The World Health Organization Guide (2004) complements the World Report on Violence and Health (2002) and the 2003 World Health Assembly Resolution 56-24 for governments to implement nine recommendations, which were:
- Create, implement and monitor a national action plan for violence prevention.
- Enhance capacity for collecting data on violence.
- Define priorities for, and support research on, the causes, consequences, costs and prevention of violence.
- Promote primary prevention responses.
- Strengthen responses for victims of violence.
- Integrate violence prevention into social and educational policies, and thereby promote gender and social equality.
- Increase collaboration and exchange of information on violence prevention.
- Promote and monitor adherence to international treaties, laws and other mechanisms to protect human rights.
- Seek practical, internationally agreed responses to the global drugs and global arms trade.
The commissions agree on the role of municipalities, because they are best able to organize the strategies to tackle the risk factors that cause crime. The European Forum for Urban Safety and the United States Conference of Mayors have stressed that municipalities must target the programs to meet the needs of youth at risk and women who are vulnerable to violence.
To succeed, they need to establish a coalition of key agencies such as schools, job creation, social services, housing and law enforcement around a diagnosis.
Several factors must come together for a crime to occur:
- an individual or group must have the desire or motivation to participate in a banned or prohibited behavior;
- at least some of the participants must have the skills and tools needed to commit the crime; and,
- an opportunity must be acted upon.
Primary prevention addresses individual and family-level factors correlated with later criminal participation. Individual level factors such as attachment to school and involvement in pro-social activities decrease the probability of criminal involvement.
Family-level factors such as consistent parenting skills similarly reduce individual level risk. Risk factors are additive in nature. The greater the number of risk factors present the greater the risk of criminal involvement. In addition there are initiatives which seek to alter rates of crime at the community or aggregate level.
For example, Larry Sherman from the University of Maryland in Policing Domestic Violence (1993) demonstrated that changing the policy of police response to domestic violence calls altered the probability of subsequent violence. Policing hot spots, areas of known criminal activity, decreases the number of criminal events reported to the police in those areas. Other initiatives include community policing efforts to capture known criminals. Organizations such as America's Most Wanted and Crime Stoppers help catch these criminals.
Secondary prevention uses techniques focusing on at risk situations, especially focusing on youth who drop out of school or get involved in gangs. It targets social programs and law enforcement at neighborhoods where crime rates are high. The use of secondary crime prevention in cities such as Birmingham and Bogotá has achieved large reductions in crime and violence. Programs that are focused on youth who are at risk have been shown to significantly reduce crime.
Tertiary prevention is used after a crime has occurred in order to prevent successive incidents. Such measures can be seen in the implementation of new security policies following acts of terrorism such as the September 11, 2001 attacks.
Situational crime prevention uses techniques focusing on reducing on the opportunity to commit a crime. Some of techniques include increasing the difficulty of crime, increasing the risk of crime, and reducing the rewards of crime.
Situational crime prevention
Introduction and description
Situational crime prevention (SCP) is a relatively new[when?] concept that employs a preventive approach by focussing on methods to reduce the opportunities for crime. SCP focuses on the criminal setting and is different from most criminology as it begins with an examination of the circumstances that allow particular types of crime. By gaining an understanding of these circumstances, mechanisms are then introduced to change the relevant environments with the aim of reducing the opportunities for particular crimes. Thus, SCP focuses on crime prevention rather than the punishment or detection of criminals and its intention is to make criminal activities less appealing to offenders.
SCP focuses on opportunity-reducing processes that:
- Are aimed at particular forms of crime;
- Entail the management, creation or manipulation of the immediate environment in as organised and permanent a manner as possible; and
- Result in crime being more difficult and risky or less rewarding and justifiable.
The theory behind SCP concentrates on the creation of safety mechanisms that assist in protecting people by making criminals feel they may be unable to commit crimes or would be in a situation where they may be caught or detected, which will result in them being unwilling to commit crimes where such mechanisms are in place. The logic behind this is based on the concept of rational choice - that every criminal will assess the situation of a potential crime, weigh up how much they may gain, balance it against how much they may lose and the probability of failing, and then act accordingly.
One example of SCP in practice is automated traffic enforcement. Automated traffic enforcement systems (ATES) use automated cameras on the roads to catch drivers who are speeding and those who run red lights. Such systems enjoy use all over the world. These systems have been installed and are advertised as an attempt to keep illegal driving incidences down. As a potential criminal, someone who is about to speed or run a red light knows that their risk of getting caught is nearly 100% with these systems. This completely disincentivizes the person from speeding or running red lights in areas in which they know ATES are set up. Though not conclusive, evidence shows that these type of systems work. In a Philadelphia study, some of the city's most dangerous intersections had a reduction of 96% in red light violations after the installation and advertisement of an ATES system.
Applying SCP to information systems (IS)
Situational crime prevention (SCP) in general attempts to move away from the "dispositional" theories of crime commission i.e. the influence of psychosocial factors or genetic makeup of the criminal, and to focus on those environmental and situational factors that can potentially influence criminal conduct. Hence rather than focus on the criminal, SCP focuses on the circumstances that lend themselves to crime commission. Understanding these circumstances leads to the introduction of measures that alter the environmental factors with the aim of reducing opportunities for criminal behavior. Other aspects of SCP include:
- targeting specific forms of crime e.g. cybercrime
- aiming to increase the effort and decrease potential risks of crime
- reducing provocative phenomena
Another aspect of SCP that is more applicable to the cyber environment is the principle of safeguarding. The introduction of these safeguards is designed to influence the potential offender's view of the risks and benefits of committing the crime. A criminal act is usually performed if the offender decides that there is little or no risk attached to the act. One of the goals of SCP is to implement safeguards to the point where the potential offender views the act unfavourably. For example, if a driver approaches a traffic junction where there are speed cameras, he or she evaluates that there is a nearly 100% chance of being caught trying to run a red light, and hence slows down. The use of crime "scripts" has been touted as a method of administering safeguards. Scripts were originally developed in the field of cognitive science and focus on the behavioural processes involved in rational goal-oriented behaviour. Hence scripts have been proposed as tool for examining criminal behaviour. In particular the use of what is termed a "universal script" has been advanced for correctly identifying all the stages in the commission process of a crime.
Application to cybercrimes
It has been suggested that cybercriminals be assessed in terms of their criminal attributes, which include skills, knowledge, resources, access and motives (SKRAM). Cybercriminals usually have a high degree of these attributes and this is why SCP may prove more useful than traditional approaches to crime. Clarke proposed a table of twenty-five techniques of situational crime prevention, but the five general headings are:
- Increasing the effort to commit the crime
- Increasing the risks of committing the crime
- Reducing the rewards of committing the crime
- Reducing any provocation for committing the crime
- Removing any excuses for committing the crime
These techniques can be specifically adapted to cybercrime as follows:
Increasing the effort
Increasing the risk
Reinforcing authentication procedures- background checks for employees with database access, tracking keystrokes of computer users, use of photo and thumb print for ID documents/credit cards, requiring additional ID for online purchases, use of cameras at ATMs and at point of sale.
Reducing the rewards
Removing targets and disrupting cyberplaces – monitoring Internet sites and incoming spam, harsh penalties for hacking, rapid notification of stolen or lost credit bankcards, avoiding ID numbers on all official documents.
Reducing provocation and excuses
Avoiding disputes and temptations – maintaining positive employee-management relations and increasing awareness of responsible use policy.
Many of these techniques do not require a considerable investment in hi-tech IT skills and knowledge. Rather, it is the effective utilization and training of existing personnel that is key.
It has been suggested that the theory behind situational crime prevention may also be useful in improving information systems (IS) security by decreasing the rewards criminals may expect from a crime. SCP theory aims to affect the motivation of criminals by means of environmental and situational changes and is based on three elements:
- Increasing the perceived difficulty of crime;
- Increasing the risks; and
- Reducing the rewards.
IS professionals and others who wish to fight computer crime could use the same techniques and consequently reduce the frequency of computer crime that targets the information assets of businesses and organisations. Designing out crime from the environment is a crucial element of SCP and the most efficient way of using computers to fight crime is to predict criminal behaviour, which as a result, makes it difficult for such behaviour to be performed. SCP also has an advantage over other IS measures because it does not focus on crime from the criminal’s viewpoint. Many businesses/organisations are heavily dependent on information and communications technology (ICT) and information is a hugely valuable[clarification needed] asset, which means IS has become increasingly important. While storing information in computers enables easy access and sharing by users, computer crime is a considerable threat to such information, whether committed by an external hacker or by an ‘insider’ (a trusted member of a business or organisation). After viruses, illicit access to and theft of, information form the highest percentage of all financial losses associated with computer crime and security incidents. Businesses need to protect themselves against such illegal or unethical activities, which may be committed via electronic or other methods and IS security technologies are vital in order to protect against amendment, unauthorised disclosure and/or misuse of information. Computer intrusion fraud is a huge business with hackers being able to find passwords, read and alter files and read email, but such crime could almost be eliminated if hackers could be prevented from accessing a computer system or identified quickly enough.
Despite many years of computer security research, huge amounts[clarification needed] of money being spent on secure operations and an increase in training requirements, there are frequent reports of computer penetrations and data thefts at some of the most heavily protected computer systems in the world. Criminal activities in cyberspace are increasing with computers being used for numerous illegal activities, including email surveillance, credit card fraud and software piracy. As the popularity and growth of the Internet continues to increase, many web applications and services are being set up, which are widely used by businesses for their business transactions.
In the case of computer crime, even cautious companies or businesses that aim to create effective and comprehensive security measures may unintentionally produce an environment, which helps provide opportunities because they are using inappropriate controls. Consequently, if the precautions are not providing an adequate level of security, the IS will be at risk.
Situational crime prevention and fraud
In computer systems that have been developed to design out crime from the environment, one of the tactics used is risk assessment, where business transactions, clients and situations are monitored for any features that indicate a risk of criminal activity. Credit card fraud has been one of the most complex crimes worldwide in recent times and despite numerous prevention initiatives, it is clear that more needs to be done if the problem is to be solved. Fraud management comprises a whole range of activities, including early warning systems, signs and patterns of different types of fraud, profiles of users and their activities, security of computers and avoiding customer dissatisfaction. There are a number of issues that make the development of fraud management systems an extremely difficult and challenging task, including the huge volume of data involved; the requirement for fast and accurate fraud detection without inconveniencing business operations; the ongoing development of new fraud to evade existing techniques; and the risk of false alarms.
Generally, fraud detection techniques fall into two categories: statistical techniques and artificial intelligence (AI) techniques.
Important statistical data analysis techniques to detect fraud include:
- Grouping and classification to determine patterns and associations among sets of data.
- Matching algorithms to identify irregularities in the transactions of users compared to previous profiles.
- Data pre-processing techniques for validation, correction of errors and estimating incorrect or missing data.
Important AI techniques for fraud management are:
- Data mining – to categorise and group data and automatically identify associations and rules that may be indicative of remarkable patterns, including those connected to fraud.
- Specialist systems to programme expertise for fraud detection in the shape of rules.
- Pattern recognition to identify groups or patterns of behaviour either automatically or to match certain inputs.
- Machine learning techniques to automatically detect the characteristics of fraud
- Neural networks that can learn suspicious patterns and later identify them.
- Barthe, Emmanuel (2006). "Crime Prevention Publicity Campaigns" (PDF). U.S. Department of Justice. p. 9.
- Willison R. (2006). "Understanding the perpetration of employee computer crime in the organisational context" (PDF). Information and Organisation. 16: 304–324. doi:10.1016/j.infoandorg.2006.08.001.
- Clarke, R (ed) Situational Crime Prevention: Successful Case Studies (2nd ed.) Harrow and Heston, New York, 1997, ISBN 978-0911577389
- Page B.H., Automated Traffic Enforcement Systems: The Efficacy of Such Systems and Their Effect on Traffic Law, p 13, 2009
- Parker, D. (1998) Fighting computer crime: A New Framework for protecting Information. Wiley Computer Publishing, New York.
- Cornish, D. and Clarke, R. Opportunities, Precipitators and Criminal Decisions: A Reply to Wortley's Critique of Situational Crime Prevention. In Theory for Practice in Situational Crime Prevention, Crime Prevention Studies, (Vol 16) M. Smith and D. Cornish, Eds, Criminal Justice Press, New York, 151-196.
- Handbook on Crime and Deviance. Edited by Marvin D. Krohn, Alan J. Lizotte and Gina Penly Hall. Springer Science and Business Media, LLC 2009.
- Me G., Spagnoletti P., Situational Crime Prevention and Cyber-crime Investigation: the Online Pedo-pornography Case Study, Eurocon 2005
- Willison R. Siponen M. Overcoming the insider: reducing employee computer crime through Situational Crime Prevention, Communications of the ACM, Vol 52(9), 2009
- Beebe N.L., Rao V.S., Using Situational Crime Prevention Theory to Explain the Effectiveness of Information Systems, Security, Proceedings of the 2005 SoftWars Conference,, Las Vegas 2005
- Bolton R., Hand D.J. (2002). "Statistical Fraud Detection: A Review". Statistical Science. 17 (3): 235–255. doi:10.1214/ss/1042727940.
- Garfinkel S.L., Inside Risks, The Cybersecurity Risk, Communications of the ACM, Vol 55 (6), p29 - 32, 2012
- Sukula S.K., Mittal, K.K., Computer crimes and preventive measures in cyber law, Journal of Social Welfare and Management, Vol 2(2), p63 - 70, 2010
- Thakar U., Dagdee N., Varma S., Pattern Analysis and Signature Extraction for Intrusion Attacks on Web Services, International Journal of Network Security and Its Applications, Vol 2(3), p190 - 205, 2010
- Willison R., Backhouse J., Opportunities for computer crime: considering systems risk from a criminological perspective, European Journal of Information Systems, Vol 15, p 403 - 414, 2006
- Prabowo H.Y. Building our defence against credit card fraud: a strategic review, Journal of Money Laundering Control, Vol 14(4) p 371–86, 2011
- Palshikar G.K., The Hidden Truth: data analysis can be a strategic weapon in your company’s management and control of fraud,  Intelligent Enterprise 2002
- Predictive policing
- Audit Commission, Misspent youth: Young people and crime, London: Audit Commission for Local Authorities and NHS in England and Wales, 1996
- Her Majesty's Inspectorate of Constabulary, Beating crime, London: Home Office, 1998
- Home Office, Reducing offending: An assessment of research evidence on ways of dealing with offending behaviour, edited by Peter Goldblatt and Chris Lewis. London: Home Office, Research and Statistics, 1998
- International Centre for Prevention of Crime, Urban Crime Prevention and Youth at Risk: Compendium of promising strategies and programs from around the world, Montreal, 2005
- International Centre for Prevention of Crime, Crime Prevention Digest II: Comparative Analysis of Successful Community Safety, Montreal, 1999
- International Centre for Prevention of Crime, 100 Crime Prevention Programs to Inspire Action across the World, Montreal, 1999
- National Research Council (US), Fairness and Effectiveness in Policing: The Evidence, edited by Wesley Skogan, Washington, DC: The National Academies Press, 2004
- National Research Council (U.S.), Juvenile crime, juvenile justice, edited by Joan McCord, et al., Washington, DC: National Academies Press, 2001
- National Research Council and Institute of Medicine, Violence in families: assessing prevention and treatment programs, Committee on the Assessment of Family Violence Interventions, Board on Children, Youth, and Families, Edited by Rosemary Chalk and Patricia King. Washington, DC: National Academies Press, 2004
- Sherman, Lawrence, David Farrington, Brandon Welsh, Doris MacKenzie, 2002, Evidence Based Crime Prevention, New York: Routledge
- Skogan, Wesley and Susan Hartnett, Community Policing: Chicago Style, New York: Oxford University Press, 1997
- United Nations, Economic and Social Council, Guidelines for the Prevention of Crime, New York: United Nations, Economic and Social Council, Office for Drug Control and Crime Prevention, 2002
- Waller, Irvin, Less Law, More Order: The Truth about Reducing Crime, West Port: Praeger Imprint Series, 2006
- Welsh, Brandon, and David Farrington, eds., Preventing Crime: What Works for Children, Offenders, Victims, and Places, New York: Springer, 2006
- World Health Organization, World report on road traffic injury prevention: Summary, Geneva, 2004
- World Health Organization, Preventing violence: A guide to implementing the recommendations of the World Report on Violence and Health, Geneva: Violence and Injuries Prevention, 2004
- World Health Organization, World Report on Violence and Health, Geneva: Violence and Injuries Prevention, 2002