Fraud is on the rise. A 2016 AFP Payment Fraud and Control survey revealed that 73% of financial professionals admitted their company fell victim to payment fraud in the prior year. A PWC report notes that the figure is up eleven percentage points from 2014, when it was only 62%.
Think about that. A majority of companies surveyed lost money—directly from payment fraud, then indirectly from customers pulling out due to a lack of faith in those companies. In addition to the financial burden, they suffered blows to their reputations and could face potential legal action.
So, how can we reduce the number of companies and customers that have to deal with fraud?
How can we ensure that 2017 will not be a repeat of 2016?
- Utilize forensic accounting.
- Learn exactly what fraud is so you can spot it.
- Have a crystal-clear fraud prevention strategy in place.
We’ll be going through each of these steps (and a few more) in detail.
What Is Fraud?
At its most basic, fraud occurs whenever someone engages in deceit for the purpose of financial benefit or personal gain. This is different from identity theft, in which an individual impersonates someone else to commit fraud.
Common Types Of Fraud
Here’s a list of some common types of fraud, courtesy of the U.S. Securities and Exchange Commission:
- Advance Fee
- Binary Options
- High Yield Investment Programs
- Internet and Social Media
- Pre-IPO Investment Scams
- Ponzi Scheme
- Pyramid Schemes
- “Prime Bank” Investments
- Promissory Notes
- Pump & Dump Schemes
- Commodity Pool
- Foreign Currency Trading
- Precious Metals
It Costs Consumers Billions
In the end, fraud also affects consumers. CNBC reports that in 2016, 15.4 million consumers suffered from fraud and identity theft (which, as we mentioned, is an illegal behavior that tends to lead to fraud).
The most prevalent types of fraud consumers fell victim to included card-not-present fraud (40% increase), account takeover fraud (31% increase), and situations where the fraudsters created a new account using the consumer’s name (20% increase). That adds up to $16 billion lost, a staggering $1 billion increase from 2015.
Why Technology Matters
As you can see from the CNBC report, fraud is far too lucrative a “business” for fraudsters to simply stop. They’ll continue devising new ways to access confidential systems and hijack accounts to make a profit. That is why it is vital to be on the cutting edge of technological solutions.
For a practical example of this concept, look at gift cards. Gift cards weren’t created out of convenience; they were made to counteract fraud. Initially, if you wanted a gift certificate, you’d go into a store and the cashier would write one out for you.
However, Blockbuster was tired of suffering financial losses from fraud. Too many fraudsters were creating fake gift certificates and were reaping the benefits at Blockbuster’s expense. To deal with this, Blockbuster became the first store to use a plastic gift card which the POS (point-of-sale) system would have to read and verify. Fraud went down, and other large companies followed suit.
If Blockbuster and other companies didn’t change the gift certificate to a more updated, effective version—in this case, the plastic, coded card—they’d still be losing serious revenue. So, keeping up with the times is essential for countering the latest techniques criminals employ.
How Cybersecurity Helps
The types of fraud mentioned in the CNBC article (i.e. card-not-present, account takeover, and creating a new account using the user’s name) can be prevented using cybersecurity tactics.
For instance, card-not-present fraud and fictitious accounts can be prevented by including a card verification value (CVV) and address verification system (AVS) in your payment system. Plus, a fraud scoring system can help determine the risk level of a sale, increasing the chances of catching accounts that have been hijacked.
Forensic accounting is another key component in your cybersecurity arsenal. This is a service where professionals look at your financial books for evidence of fraud and/or embezzlement. The data gained from these investigations can then be used to identify and prosecute fraudsters.
Forensic accounting can also extend to data analytics, interviewing clients, and conducting background checks. Using these techniques, professionals can gain a better idea of how fraudsters gained access into a system, and how to prevent similar intrusions from occurring in the future.
Besides leveraging forensic accounting, you should take the following steps to mitigate fraud damage:
1. Identify And Address Your Vulnerabilities
Conduct penetration tests to identify your vulnerabilities. These are areas where it would be easiest for a fraudster (or hacker) to penetrate your system. This is especially important for areas that hold high-priority assets; if the fraudster got ahold of these, they could do significant financial damage.
Identification is only the first step, however. You will also need to “patch” these vulnerabilities to make the high-priority assets harder to get to and entrance into the system more difficult for intruders. A critical tool that will help accomplish the task is an updated monitoring system.
2. Monitor For A More Controlled Environment
Monitoring will help create a more stable and controlled environment for your data and assets. It’ll help keep an eye out for suspicious activity—both from outsiders and insiders. This, in turn, will increase the chances of mitigating an attack.
3. Educate Employees On Prevention Strategies
Employees need to know what fraud is, how to identify it, and what to do should they suspect it. In addition to this, they'll also need to know proper "cybersecurity hygiene," activities such as frequently changing their passwords. As one company vice president states in the CNBC article,
“Our password [hygiene] is very poor, and criminals know it.”
Furthermore, when it comes to identifying threats, employees should be trained to pick up on specific behaviors that may be indicative of surreptitious activity. For example, they should be cautious if another employee insists on using their password or is consistently making obvious errors while performing data entry.
4. It Comes Down To Preparation
If you don’t have this step in place, the previous steps won’t be as effective. Create an action plan to execute in the event that an incident (such as a data breach) occurs. Practice your emergency plan using white hat hackers who can simulate attacks, and involve employees from non-IT sectors so that your entire organization knows what to do. This will also allow you to receive well-rounded feedback from less technologically-inclined members of your team, and, in turn, coach them on proper procedure.
CBI Can Help
CBI provides fraud and forensic accounting services. Check these out (as well as other resources) to fortify your cybersecurity defenses and keep your organization protected from potential instances of fraud.