Monday, October 22, 2012

A Collective Approach To Fraud Detection

Fraudulent activity in today’s business world is a booming industry in its own right.

More and more organised criminal groups and individuals actively seek and implement new ways in which they can extort, steal and extract valuable intellectual property, funds, business intelligence and confidential data from companies of all sizes within all industries. Unfortunately, most of this theft often takes place without the knowledge of the organisation/s affected until well after the event has occurred and the money, data or IP is already lost, abused, sold on or made public.

Adding further complexity to the fight against these damaging fraudulent activities is the huge and ever-growing reliance of and advances in technology that place cyber-crime and hacking expertise at the fore-front of this conduct.

How should companies defend themselves against fraud?


What is the best fraud detection practice for businesses today (and for the future) to help them quickly, easily and pro-actively detect fraudulent activity when it happens internally or by an attack from external source?

A common and sometimes successful approach is to assemble an internal fraud detection team.  Hiring experienced security or data specialists to implement a complex, technical and expensive monitoring system that only they can extract the relevant data from is a familiar practice. 

Although this sounds like a rational way to address such an important need within a company, it can instead lead to a costly, restrictive and limited solution.  Despite their best efforts, the security and data specialists may only be in a position to discover ‘known’ methods of fraudulent behaviour.  Other experienced staff within a company, often better placed to notice fraudulent activity in and around their own areas of expertise and responsibility, may never get the chance to detect acts of fraud occurring directly around them.

Key questions can be derived from this method of managing fraud detection:


Can a small team of experts effectively produce the best results in their employer’s fight against fraud?

Or instead could a collective solution, involving many people within an organisation (not just security or data specialists) intuitively highlighting fraudulent behaviour, produce better, more accurate results?

Below is a very recent scenario that can qualify these key questions.

Head of fraud detection team steals from her own employer


In September 2012, the press heavily reported on the criminal case of a former Head of Online Security stealing £2.4 million from the UK’s Lloyds Bank, where she was a respected, senior member of staff.  In summary, the person in charge of managing the bank’s own online fraud detection team and relevant systems decided that she was working harder and longer hours than her decent basic salary warranted.  Subsequently, to top-up her income, she submitted fake invoices for technology based projects and services over a 3 year period that never actually happened or existed!

There are many things wrong with this very real scenario.  That Lloyds allowed such unsophisticated, fraudulent activity to continue undetected for so long is quite incredible.  Furthermore, the person in charge of detecting fraudulent activity for the firm, a person of trust and responsibility, fell into the trap of defrauding her own employers.  Unbelievably, she simultaneously maintained the company’s extensive fraud detection environment!  The concept of a ‘collective approach’ to fraud detection may never have allowed this situation to occur.

A company the size of Lloyds Bank may be able to absorb such a financial loss.  The reputational damage caused by the perception that they cannot be trusted to protect their customers’ funds and confidential data could actually cost them a lot more.  Independent of Lloyds Bank, losing over £2 million may have put a smaller company out of business completely before any concern of reputational damage had even arisen.
 

The 'Collective Approach' - A smarter way to manage fraud detection


Consider involving the majority of staff within an organisation in the fraud detection process rather than limiting it to a select few experts.

Imagine your company, typically sub-divided into teams, departments and areas of specific business functions, implemented a solution that was relevant and available to each individual business group.  The systems, processes, input and output commonly utilised and produced by these individual groups would be accessible via this solution.  The staff within each team, as a slight extension of their existing roles and utilising the familiarity and experience of their own function, can now actively notice and report suspicious and possibly fraudulent behaviour themselves.  In theory, operating this type of collective solution applies the practice of ‘Neighbourhood Watch’ to fraud detection within a business, with staff keeping an eye out on their local environment.

In turn, this practice will create an army of people fighting fraud detection within a company, all specialists in their own area of employment and readily aware of what to look out for. This collective approach would also condense the need for a dedicated, isolated and expensive fraud detection team and establish a greater level of responsibility and awareness by all staff within a company to the pitfalls of fraudulent behaviour.  

For the detractors out there, claiming that this could instead create a distracting culture of blame and distrust within a business, and that some staff may lack the motivation to participate in such an approach, think again.  If some form of un-detected fraud causes huge financial losses for a company, putting jobs and salaries at risk, any diligent employee would pro-actively participate in this type of collective solution to ensure that situation is never allowed to occur.

Here at Picviz, we are working to provide this type of cost effective, collective solution, to empower companies of all sizes to better manage their fraud detection needs.  Be sure to get in touch with us to learn more about our solution and how your fraud detection practices can easily be enhanced for the future.
 
Dean Edwards
Picviz Labs - 2012 Assises de la Sécurité Award Winner for Innovation
@picviz
@deanedwards78