More and more organised criminal groups and individuals actively
seek and implement new ways in which they can extort, steal and extract valuable intellectual property, funds,
business intelligence and confidential data from companies of all sizes within
all industries. Unfortunately, most of this theft often takes place without the
knowledge of the organisation/s affected until well after the event has
occurred and the money, data or IP is already lost, abused, sold on or made
public.
Adding further complexity to the fight against these
damaging fraudulent activities is the huge and ever-growing reliance of and advances
in technology that place cyber-crime
and hacking expertise at the
fore-front of this conduct.
How should companies defend themselves against fraud?
What is the best fraud detection practice for businesses
today (and for the future) to help them quickly, easily and pro-actively detect
fraudulent activity when it happens internally or by an attack from external source?
A common and sometimes successful approach is to assemble
an internal fraud detection team. Hiring
experienced security or data specialists to implement a complex, technical and
expensive monitoring system that only they can extract the relevant data from
is a familiar practice.
Although this sounds like a rational way to address such
an important need within a company, it can instead lead to a costly,
restrictive and limited solution.
Despite their best efforts, the security and data specialists may only be in a position to discover
‘known’ methods of fraudulent behaviour.
Other experienced staff within a company, often better placed to notice fraudulent
activity in and around their own areas of expertise and responsibility, may never
get the chance to detect acts of fraud occurring directly around them.
Key questions can be derived from this method of managing fraud detection:
Can a small team of experts effectively produce the best
results in their employer’s fight against fraud?
Or instead could a collective solution, involving many
people within an organisation (not just security or data specialists) intuitively
highlighting fraudulent behaviour, produce better, more accurate results?
Below is a very recent scenario that can qualify these key
questions.
Head of fraud detection team steals from her own employer
In September 2012, the press heavily reported on the
criminal case of a former Head of Online
Security stealing £2.4 million
from the UK’s Lloyds Bank, where she was a respected, senior member of staff. In summary, the person in charge of managing the
bank’s own online fraud detection team and relevant systems decided that she
was working harder and longer hours than her decent basic salary warranted. Subsequently, to top-up her income, she
submitted fake invoices for technology based projects and services over a 3 year period that never actually
happened or existed!
There are many things wrong with this very real scenario. That Lloyds allowed such unsophisticated, fraudulent
activity to continue undetected for so long is quite incredible. Furthermore, the person in charge of
detecting fraudulent activity for the firm, a person of trust and
responsibility, fell into the trap of defrauding her own employers. Unbelievably, she simultaneously maintained
the company’s extensive fraud detection environment! The concept of a ‘collective approach’ to
fraud detection may never have allowed this situation to occur.
A company the size of Lloyds Bank may be able to absorb
such a financial loss. The reputational damage caused by the
perception that they cannot be trusted to protect their customers’ funds and confidential
data could actually cost them a lot more.
Independent of Lloyds Bank, losing over £2 million may have put a
smaller company out of business completely before any concern of reputational
damage had even arisen.
The 'Collective Approach' - A smarter way to manage fraud detection
Consider involving the majority of staff within an organisation in the fraud detection process rather than limiting it to a select few experts.
Imagine your company, typically sub-divided into teams, departments
and areas of specific business functions, implemented a solution that was
relevant and available to each individual business group. The systems, processes, input and output
commonly utilised and produced by these individual groups would be accessible
via this solution. The staff within each
team, as a slight extension of their existing roles and utilising the familiarity
and experience of their own function, can now actively notice and report
suspicious and possibly fraudulent behaviour themselves. In theory, operating this type of collective solution
applies the practice of ‘Neighbourhood
Watch’ to fraud detection within a business, with staff keeping an eye out
on their local environment.
In turn, this practice will create an army of people fighting fraud detection within a company, all specialists in their own area of employment and readily aware of what to look out for. This collective approach would also condense the need for a dedicated, isolated and expensive fraud detection team and establish a greater level of responsibility and awareness by all staff within a company to the pitfalls of fraudulent behaviour.
For the detractors out there, claiming that this could instead
create a distracting culture of blame and distrust within a business, and that
some staff may lack the motivation to participate in such an approach, think
again. If some form of un-detected fraud
causes huge financial losses for a company, putting jobs and salaries at risk, any diligent employee would pro-actively participate
in this type of collective solution to ensure that situation is never allowed
to occur.
Here at Picviz, we are working to provide this type of cost
effective, collective solution, to empower companies of all sizes to better
manage their fraud detection needs. Be
sure to get in touch with us to learn more about our solution and how your fraud
detection practices can easily be enhanced for the future.
Dean Edwards
Picviz Labs -
2012 Assises de la Sécurité Award Winner for Innovation
@picviz
@deanedwards78