by Bruce Dorris, J.D., CFE, CPA, President and CEO of the Association of Certified Fraud Examiners
In the past, fraud was rarely discussed openly in organisations. There was almost a fear that if you discussed it, you were either admitting that it was occurring within your business, or that it would somehow materialise.
However, the topic of fraud can no longer be relegated to closed-door meetings. One of the best ways to prevent fraud in any organisation is to raise awareness of it and adopt a proactive mindset of how to deal with any potential scenarios on the horizon. Especially now, with technology constantly evolving and enabling fraudsters to cover their tracks in more creative ways, business leaders need to be more aware of the ways in which fraudsters are operating and how new technology can be used to detect and prevent fraud. Here are some current trends in fraud and fraud prevention that decision makers need to know:
More sophisticated cyber-criminals
Stories of large-scale data breaches and international identity-theft rings are becoming increasingly prevalent in the media. Hackers and other cyber-fraudsters are using more sophisticated tools and schemes in order to steal and use personal data. One area cyber-criminals are getting especially adept in is phishing or spear phishing (targeting specific people in an organisation who have access to records or money by posing as an executive of the company). With technology to spoof email addresses, IP numbers, phone numbers and even create fake video or audio clips, fraudsters may be able to trick even your most skeptical employee into giving out sensitive information. And once fraudsters have a way into your organisation’s framework, they can steal client or customer records, employee files, trade secrets and almost anything else you can imagine. It is essential that business leaders keep abreast of the latest schemes and train their employees on how to spot these attempts.
Data collection and privacy rules
Virtually all companies and devices are now collecting data on their users – some in obvious ways and some in less transparent ones. While the information they collect may help enhance the user experience, or increase the bottom line for the organisation, the vast amount of data being collected also serves as an attractive target for fraudsters. Some governments are trying to put proactive limits and regulations on what data companies collect and store, such as the recently adopted EU General Data Protection Regulation (GDPR). However, many organisations are still trying to figure out the best way to protect their data. Business leaders should be starting conversations with stakeholders on how they can ensure fraudsters aren’t able to access their data stores: that could mean more robust cyber-security, or only retaining certain pieces of critical data and storing customer or client records in different areas of their database.
Blockchain technology is mainly known for its role in cryptocurrency, but the technology is applicable in a number of ways. The blockchain is essentially a decentralised, timestamped record of transactions. It can act as a type of escrow for transactions. Each user involved in a transaction has a unique profile that stores relevant information about them. Since the blockchain ledger needs to be verified by both users involved in a transaction to be updated, it creates a large obstacle for fraudsters attempting to push unauthorised transactions through. The decentralised nature of the blockchain also makes it difficult for fraudsters to steal an individual’s personal identifiable information as their social security number, name and birthdate may be held in completely separate areas. Most of all, since the blockchain is timestamped and reconciled at every step of a transaction, it provides a digital trail of transactions that organizations can access and view. However, it’s important to keep in mind that a blockchain is only as secure as its underlying code, and there have been numerous instances in which faulty code resulted in major losses. There is a lot of potential in this technology, but it still may take time to iron out some wrinkles.
Machine learning for fraud prevention
While it may conjure up images of robots, machine learning is becoming increasingly valuable in detecting and preventing fraud. For instance, there is currently software available that can detect certain word patterns related to an employee embezzling money, and flag suspicious emails and intraoffice chat logs. Moreover, as the programme is exposed to more data, it becomes more accurate at identifying red flags and may even be able to recognise certain strings of words that indicate an employee is under financial stress, or is unhappy, in a manner that suggests they are at a higher risk of starting to embezzle in the near future. That’s just one example in a constantly expanding field of advanced data analytics tools that become more effective as they process more information.
While fraud prevention is not “one-size-fits-all” for organisations, being aware of trends in fraud, especially technological trends, can help business leaders at any type of organisation protect themselves and their employer from fraud. Find free fraud training and awareness resources at Fraudweek.com. For more information on fraud prevention and detection, visit ACFE.com.