Non-financial Internal Control and Information Systems. In December 1996, America Online (AOL), then the world’s largest provider of computer on line services, noticed a surge in new access traffic in Russia. The new surge of access was from people dialling into access points set up in 40 Russian cities to give travelling customers connections at local call rates. AOL found that the increase in traffic was being paid for by fraudsters who used numbers from stolen credit cards to enter its network and the wider Internet without paying.

On examination, the new customers appeared to have had valid credit card numbers—possibly obtained from the underground market in Moscow—to establish fraudulent accounts. As did most on-line services at that time, AOL allowed new customers to register simply by dialling through a personal computer modem and entering the name and credit card details. No documentary proof was required. AOL usually stopped accounts only after the owners of stolen or misused credit card numbers called to complain about charge for services they did not request. But that may be a month or so after the fraud.

In a move that was unprecedented, AOL cut off access to AOL for all computer users in Russia as of 14 December 1996.

Required

Describe what control procedures AOL could have used to prevent this fraud from happening?