SPECIAL TO THE WEB

Possibly the toughest task for any fraud examiner is preventing and deterring fraud. Some believe that fraud control and prevention is at its best when the process of detection remains a secret. However, it’s very interesting to see how people react when the mode of detection is open, and he or she knows they risk being caught.

RULE NO. 1: NEVER UNDERESTIMATE

A fraudster uses the same techniques we use for fraud prevention to find new ways to penetrate a system or process.

Regardless of your system’s complexity, it’s just a matter of time until a fraudster overcomes its protections. Periodically updating and revising your fraud identification techniques are essential.

We had this interesting training-room incident at a bank, at which we’d taught select members from a team to identify patterns in bank passbooks that could indicate fraud as they reviewed huge volumes of loan cases. We split the team into two groups: Group A (trained with special skills) and Group B (trained with basic skills).

We let Group B process the cases first, and then let Group A review the processed cases. Out of 100 proposals reviewed by Group A, 12 cases matched the patterns that we had taught them. We didn’t tell the two groups, but we then added three perfect, pre-screened, fraud-free cases. We announced to Group B that 15 cases had been turned down for loans. We allowed Group B members to review any of the cases once again.

Within an hour, a shrewd member of Group B walked up with the three cases we added, asking, “Would you please re-process these cases? I think there has been a mistake in the assessment.” We asked him why he felt so. He said, “I’ve been observing these guys [members of Group A] from across the room and felt whatever they were looking for wasn’t here." He quickly explained the pattern that we had taught Group A.

Many of us sitting inside glass walls feel secure about the processes that are our safety valves. However, it's just a matter of time before fraudsters can penetrate processes and know the triggers. Rarely, neither remains a secret. The objective is to continuously explore and never be under the impression that fraudsters won’t uncover your triggers or identification mechanisms.

RULE NO. 2: NEVER REPLACE DILIGENCE WITH AUTOMATION

Nothing can substitute for common sense and diligence. We need technological fraud prevention mechanisms, but we can’t forget that the answers we seek depend on how logically and accurately we design the questions. And if someone tampers with your logic or queries, you could be barking up the wrong tree.

The Indian people work hard to retain their culture. Many across the country have the same first names. Street, city and locality names are also very similar or exactly the same. Therefore, when investigators find a match in a credit bureau verification report of a customer, they verify all details to establish that the customer and person in the report are one and the same. Customer credentialing for granting financing or loans is one of the toughest.

I recall a verification case in which we tried to review three years of income tax return (ITR) forms. However, the preliminary verification report stated that two of the forms didn’t exist. Based on these automated reports, we were about to decline the proposal. However, we wanted to make sure that we weren’t losing a good customer because the other documents apart from the ITR didn’t show any negative patterns. It’s prudent in business not to reject good customers simply because they made mistakes in the process or documentation. In this case, we decided to investigate the matter.

The evolving story was an eyeopener. 

Read the remaining golden tenets on Fraud-Magazine.com.