While industry continues to develop more sophisticated techniques to counter technology fraud, fraudsters themselves evolve accordingly. As soon as one loophole is plugged, high-tech hoodlums simply find another. Companies therefore need to tackle fraud on more than one level. They should engender an anti-fraud culture, employ analytical tools to prevent it, and in cases of detected fraud, bring in investigators.
Bill Hoggarth, managing director of SAS, specialist in business intelligence, says: "A mere 1% reduction in fraud-related costs can typically result in a 10% increase in profit margins. An organisation would have to significantly increase sales or reduce overhead or staff numbers to achieve the same kind of bottom line benefit."
According to Hoggarth, the incidence of fraud in SA is at an all-time high, reflecting global trends of rising fraud. SAS' UK office has upgraded its estimate for total fraud in the UK from £14 billion to £18 billion annually, or almost US$30 billion. The Association of Certified Fraud Examiners (ACFE) in the United States estimated fraud in 2002 at 6% of total revenues, which translates to losses of approximately $600 billion, or about $4500 per employee.
"There is huge concern here about international fraud syndicates taking advantage of our first class banking facilities, and making SA a base for their activities," says Hoggarth. "Fraud committed by employees within SA companies also remains a massive problem, with up to 80% of all fraud reported by companies perpetrated from within."
Dishonest employees can severely damage the organisation. They are inside the security fence and know what company policies and procedures are capable of trapping. They also have the advantage of knowing exactly where the vulnerabilities in an infrastructure are.
"With the global growth of the Internet and the increasing connectivity of business data in digital form, fraudsters have more avenues and access points than ever before," says Hoggarth. "It has become increasingly difficult for companies to protect themselves against their efforts."
White-collar thieves can be very creative. They are increasingly using valid account information to impersonate customers or abusing 'trusted supplier' relationships by subtly inflating invoices and billing organisations for goods or services never received. Employees are also bypassing security protocols from within the company to hide embezzling activities.
Increasing reliance on technology in business transactions and identity verification will enable even greater scope for fraud. Fraud is difficult to stop because no company wants to admit - even within its own walls - that it is vulnerable. It results in bad press and, for publicly traded companies, it can have a negative effect on share value.
Even when fraud is discovered, prosecution is not always the most financially appealing option because sentencing tends to be light and compensation awards low compared to the damages of the crime itself.
Prevention is best
According to Hoggarth, fraud prevention is therefore the best option.
Companies can use analytical tools and software solutions to detect and prevent fraud. Patterns and anomalies become more readily identifiable, and suspicious activities can be isolated, measured and tracked. Amazon.com, for example, chose SAS as the foundation of its fraud detection system. Jaya Kolhatkar, Amazon.com's director of fraud detection explains that its implementation of SAS has greatly reduced the cases of fraud on the Amazon.com site.
"Business intelligence can identify and measure a company's exposure to potential fraudulent transactions," says Hoggarth. "It can help to assess the likelihood of any given transaction being fraudulent. It also helps to model what action the company can take if what may be a fraudulent transaction is discovered."
It is vital for organisations to capture decent data. "Only with clean, accurate data can they measure their exposure to fraud, and then decide what to do about it," Hoggarth adds.
Finally, a company's anti-fraud strategy should be followed through by bringing in professional investigators to work on cases of detected fraud.
Organisations should use effective sanctions, including appropriate legal action, against people committing fraud, whether they are customers, employees or business partners.
For more information contact Coral de Villiers, SAS Institute, 011 713 3400.
© Technews Publishing (Pty) Ltd | All Rights Reserved