Beware the millennium cowboy

The millennium bug is not that disastrous a problem.

When it first reared its head, it struck fear into the hearts of IT managers. Worldwide social and economic chaos was predicted by the doomsayers. Warner Brothers is even making a film called Y2K. Hundreds of analysts signed lucrative book deals to write about it, not to mention the myriad companies dedicated to busting the bug that have sprung up.

However, natural disasters have to rank higher in the panic stakes. In a world where sheep are cloned and mice are used to grow human ears, changing some date code is not beyond the realms of probability. But this atmosphere of anxiety and panic makes a perfect breeding ground for another type of bug - the fraudster.

Probably the most extreme example was recently uncovered by the FBI and private investigating firm, Kroll Associates. Fears of system failures are being exploited by bogus IT companies run by the Mafia to sting unsuspecting corporates for millions of dollars. Organised crime is moving from construction to high finance, according to the FBI, with banks and insurance companies being the primary targets.

Mob-run outfits gain access to the companies by offering to fix the problem through Internet ads and toll free numbers. Once the fraudsters have got into the building, they access confidential finance documents and change the software to issue inflated pay cheques into Mafia bank accounts.

According to Ovum analyst, Graham Titterington, the lack of a code of practice or professional organisation makes it even easier for con-artists to operate. "There is a danger of being ripped off from unscrupulous IT organisations. The IT industry has a long historical problem of not having a recognised standard and code of practice, and the Year 2000 emergency has given people more of an opportunity to exploit this."

Titterington claims there is no failsafe way for a company to guard against entrusting its Y2K problem to cowboys. But he does recommend some common-sense precautions. "It's best to pick a trusted or reputable supplier that you have worked with before or have heard about through word of mouth," he says.

In the UK, the Institute for the Management of Information Systems (IMIS) and the British Computer Society currently promote levels of professionalism among IT organisations. However, membership is voluntary and both adhere to their own code of conduct.

Ian Rickwood, chief executive of IMIS, claims a national register of IT professionals would be welcomed, but said there is little time to organise it. "There is no doubt that a national list of verified IT professionals would be of benefit. There are cowboys, and we are now reaching the stage when one to two people, especially SME's [small and medium-sized enterprises], are getting into panic mode and will grab at anything, and the better guys are all signed up. But time is getting very short now."

As is usually the case, moves towards regulation will be taken in the aftermath of the millennium, according to Titterington.

The risks of the millennium bug are real, the amount of money being spent solving it is considerable and the consequences of inaction are serious. But the myths surrounding the issue have grown so large they obscure the real problem, leaving companies open to IT scams.