The Top 3 Fears that Paralyze Fraud Prevention

SPECIAL TO THE WEB

Tasha Bailey, CFE

As a senior risk vendor analyst, I've primarily worked with companies that bring in annual revenues of $5 billion or more, and I've seen the full range of attempts to address fraud within the purchasing-to-accounts-payable cycle. Often, the company doesn't put a robust process in place until it's in the news with a violation, an FCPA incident or an internal case of undetected embezzlement that might have gone on for years. But why? As money walks out the door, why wouldn't companies adopt a more proactive stance for early detection?

The answer is fear. Fear can prevent a mom-and-pop shop or a Fortune 500 industry leader from becoming serious about fighting fraud. Business analytics and portal systems certainly enable companies to more quickly mine through volumes of data and identify red flags, yet they're not a requirement for fraud prevention. Depending on the size of the company, it can data mine and detect fraud early with such basic tools as Microsoft Access and Excel. And while companies pay lip service to efforts to fight fraud, they're often slow to take advantage of even these most elementary methods. Let's consider how the fear factor plays into the decision — or indecision — to fight fraud.

Fear No. 1: Cost. Like health or car insurance, fraud prevention software is a cost for which you don't always recognize an immediate return. Management wants money brought back to the bottom line, and it's easy to assign a dollar figure to payment errors using platforms like duplicate invoice analysis. But when it comes to identifying and preventing risk and potential fraud, returns can be harder to quantify.

I often hear concerns about spending money on a system that might or might not identify fraud. And if the system does identify fraudulent activity, companies are now obligated to spend more for the additional investigation and possible litigation. Larger companies might see money lost to fraud as "pennies," but pennies add up. That's money that could have been reinvested toward a company's bottom line.

Fear No. 2: Technology. Companies are concerned that implementing new software technology might increase their exposure to fraud via data breaches. They're also concerned that technology will replace internal auditors. While data encryption and similar tools can combat the risk of data breaches, addressing personnel concerns are trickier.

When I work with companies, I point out that technology in any form is a means to assist — not replace — people. Computers alone don't "discover" fraud; they simply detect red flags that can point you in the right direction. The red flag could be a simple data-entry error or an anomaly within the data. Technology helps identify red flags, but human input and investigation is required to determine if fraud is indeed occurring. From there, companies must ask questions.

Fear No. 3: Loss of reputation. Companies might fear their reputations will take a hit if they uncover ongoing fraud schemes. Social media has evolved to become an incredibly popular form of information sharing, so all it takes is the hint of a rumor and the damage is done. Employees might post information — or alleged information — that makes it appear as though a company is attempting to hide something. For that reason, it's to a company's advantage to be open with their employees in their effort to fight fraud. Employees are less likely to whistleblow in public when there are safe, internal options for them to report discrepancies to management. For example, use proactive social risk-management strategies, such as toll-free hotlines, to help employees feel comfortable reporting potential or suspected frauds without the fear of retaliation.

Passive detection methods aren't enough anymore. It's been proven time and again that instilling proactive efforts to discover or reduce fraud will increase the bottom line and enhance a company's reputation.

Read more from Tasha, and find out the best practices for engaging analytic tools and front-line staff to identify and prevent fraud on Fraud-Magazine.com.

How Much is Your Identity Worth?

GUEST BLOGGER

Zach Capers, CFE
ACFE Research Specialist

Recently, I attended the ID360 conference in Austin, which was presented by the University of Texas at Austin’s Center for Identity. The theme of the conference was “The Identity Economy” with speakers focusing on such topics as personal identity management, social media and online security. The discussions of these interrelated topics made me consider the ways I leverage my own identity in the emerging identity economy, and — more concerning — how my identity is used by others.

Identity is now a form of currency, and the consequences of this development are unfolding in interesting and often unpredictable ways. As a music lover living in Austin, I have noticed during the past few years how the identity economy is developing in the realm of live music and event ticketing. For example, during the recent South by Southwest (SXSW) festival, I found myself shamelessly tweeting about the Mazda car company for a chance to win passes to an event I wanted to attend. Despite how obnoxious my shilling must have seemed to others on my Twitter feed, I felt it was worth it, particularly because I ended up winning the passes.

The identity economy was apparent in other aspects of SXSW as well. This year, an increasing number of events required that prospective attendees register through their Facebook accounts. This meant that attendees had to open their Facebook pages to applications that often collect and share personal information for marketing and other purposes. I found this too much to bear, so I avoided events that required compromising my Facebook account; however, countless other festival-goers likely did so without questioning the practice of providing access to their personal information in exchange for access to an event.

Another facet of the identity economy is the phenomenon of developing a user reputation to enhance standing within a particular user base. For example, the ticketing firm 1iota provides free tickets to television shows and concerts based largely on reputation. If you sign up for an event, win tickets and subsequently follow through with attending the event, your chances of winning tickets to the next show increase. Conversely, if you win tickets and fail to attend the show, your chances of receiving tickets in the future plummet. The idea is that those who build a strong reputation on the site tend to be more enthusiastic and dependable fans whom organizers prefer to have at their events. Reputation systems have been in use for many years with websites such as eBay and LinkedIn, and they will only increase in number and variety going forward.

At last month’s Coachella music festival in Indio, California, the identity economy was also in full swing. All ticket buyers were required to wear a wristband containing a registered radio-frequency identification (RFID) chip, and all wristbands had to be activated with the individual’s personal information, with the option to connect the wristband to a Facebook or Spotify account. No doubt much of this information was collected for demographic research and subsequent marketing efforts. However, the RFID technology was also used to streamline entry, reduce fraud in the secondary market and track the movement of individuals inside the festival grounds to maximize logistical efficiency. Another result is that individuals can no longer attend America’s most popular and profitable music festival anonymously.

While many of these uses of identity might seem relatively innocuous, we must always question how much of our identity we are willing to trade for convenience. Our evolving — or devolving — concepts of privacy and identity are fundamentally changing not only commerce, but also the strategies through which companies and criminals exploit our personal information for profit. At the ID360 conference, the University of Texas announced a Master of Science in Identity Management and Security degree program; the first of its kind in the nation. Perhaps a new generation of identity experts will help guide us through the burgeoning convergence of our identities and the economy.

51 Billion: The Number of Devices that will be Connected to the Internet in 2020

AUTHOR'S POST

Mandy Moody, CFE
ACFE Media Manager

51 billion. According to one of last year's breakout session speakers at the ACFE Global Fraud Conference, this is the number of devices that will be connected to the Internet in 2020. With that many devices expected, the amount of searchable data will exponentially increase quite possibly by the day. 

Walt Manning, CFE, President at Investigations MD, will cover the best ways to navigate your way through all of this data in his Post-Conference session, Obtaining, Managing and Searching Electronic Evidence at the 26th Annual ACFE Global Fraud Conference this June. The Pre- and Post-Conference sessions, a four-hour session and two-day seminar, respectively, are ideal for those looking to spend more time digging deeper into specific issues they face as fraud fighters.

Of course, Manning isn't the only expert offering insight in these sessions. This year’s Pre-Conference sessions on Sunday, June 14 include:

  • Bitcoin, Alt Currencies and the New Landscape for Laundering Money
    The development of new payment products and services, such as digital currencies, mobile devices and prepaid cards, holds great transformational promise in the world’s developed economies, as well as in its emerging ones. Read more.
  • Building an Effective Ethics Program
    The importance of tone at the top in an organization is bolstered by its formal ethics policy. In this session you will understand the mechanics behind creating an ethics policy, how to incorporate whistleblower mechanisms and protections, and obtain executive buy in. Read more.
  • Counter Fraud Analytics Using Statistical and Predictive Modeling Techniques
    Given recent advances in technology and big data computing, new anti-fraud techniques are emerging that go beyond rules-based tests that simply ask questions of the data based on what is currently known. What about the unknown fraud risks in the organization? Read more.

This year’s Post-Conference sessions, held Thursday, June 18-Friday, June 19 include:

  • Auditing/Investigating Fraud Seminar
    The Auditing/Investigating Fraud Seminar is structured as a series of general lecture and specific breakout sessions developed to get the respective disciplines up to speed in fraud examination. Read more.
  • Bribery and Corruption
    Corruption schemes make up 37 percent of reported fraud cases, with a median loss of $200,000, according to the ACFE’s 2014 Report to the Nations. Those often devastating effects, combined with a dramatic increase in the number of enforcements, have made bribery and corruption a key issue for many global organizations. Read more.
  • Obtaining, Managing and Searching Electronic Evidence
    Fraud examinations are constantly evolving, and technology is often the driving force behind these changes. In today’s data-driven environment, the evidence obtained to investigate and eventually prosecute a fraud can come from numerous sources — many of which are now digital. Read more.

Read more about these sessions and find other conference information at FraudConference.com.