“Fraud is an iceberg.” This common cliché has been repeated to exhaustion. However, a truth repeated a thousand times does not become a lie.
Companies continually fight fraud, knowing that there is probably more fraud than that already detected. But this is where the “fraud is an iceberg” metaphor ends.
A ship equipped with the adequate tools and adequate information can circumvent the iceberg, while companies equipped with top-notch detection tools and information can face the iceberg and deal with the problem.
Consciously living with the effects of fraud does not mean that fraud has to be tolerated.
Fraud Fronts
We can divide fraud potential into three fronts for the sake of simplicity:
- The products and services provided by the company (fraud on products/services)
- The ways that those products and services are delivered (fraud on channels)
- The people that work in these processes (internal fraud and partners fraud)
In each of these categories, the beneficiaries of fraud might be service users, company employees, or organized groups using them as intermediaries.
As Raul Azevedo mentions on his article fraud has strength in numbers, fraudsters are not only average users that find out how to make “free” calls. Fraud is a business by itself, with very attractive profit margins. It can also be used for financing other criminal activities and terrorism.
And we must not forget that the impacts and losses are not felt only on the direct financial side. Fraud can also cause brand damage with customers and investors. If the general public sees a company as an easy target for fraudsters, then in its final days the company will only have fraudsters as customers.
Communication Service Providers (CSP’s) are obvious candidates on all three fronts:
- They sell a great deal of electronic-based products, including voice calls, text messages, data access, movies, games, etc., which in the current digital world are easy targets (e.g., premium cable channels)
- The products and services are intrinsically distributed through immense networks consisting of multiple machines and devices, making them prone to attacks and subject to setup/configuration errors.
- There are persons that may have privileged access to the goods and/or knowledge of undiscovered failures.
However, CSP’s are not alone in facing threats of fraud. Other industries are also exposed to these phenomena:
- Account take over fraud may occur in the online retail business.
- Loyalty card programs in general are vulnerable.
- Electric power companies may be “supplying” energy for free to ill-intentioned customers.
- Insurance companies can be affected by fraud schemes (e.g., collusion in car insurance) that may seem too minute to require forensic investigation.
And it’s not just a company’s core business that faces fraud risks. For example, company benefits can be misused or abused by its employees.
So, what do we do when we have all these potential attack vectors?
Analyze company processes
First, business must understand their processes so that weaknesses and strengths may be identified. For example, understanding how products are provisioned and distributed is crucial to identifying fail points. A CSP not only has to deal with telecom related fraud; it also must understand the retailing processes running in the background to avoid suffering from retail-related frauds.
Prevent and detect
A great deal of fraud can be avoided with prevention mechanisms that keep company assets, products, and services out of reach of fraudsters (e.g., using customer background checks or comparing their information with databases of known fraudsters).
Continuous detection methods must accompany prevention methods in case those prevention methods fail. The ongoing stream of events has to be checked to detect unusual volumes, unusual patterns, sequences of apparently unrelated events, atypical behaviors of users, etc.
For instance, why did product/service X suddenly started to be in such a high demand? Is it related to its launch or has someone, somewhere, found a pernicious hidden feature? Why are so many customers suddenly using scratch cards to make payments?
Detection methods may include real-time verification of usage to detect abuse as earlier as possible and gradual building of customer behavioral patterns to detect abnormalities.
Monitor and Control
A successful Fraud Management solution will provide information in a timely manner to analysts so that they can make decisions. However, an overflow of information can damage the decision power of the analysis. Information must be presented in a directed fashion to avoid overflow.
The solution should also offer business sensors to provide a global overview split into categories (financial, operational, services, products, etc.). This way, managers can direct their team work based on ongoing trends that may be of greater impact to the business.
Collaborate to Resolve
Collaboration is another resolution enhancer, allowing teams to switch cases between their members if the analysis requires an expert on a given matter. Collaboration should not be restricted to fraud department specialists; other company departments could be involved as part to the solution. For example, the fraud department may send a case for analysis by the infrastructures department to confirm a network failure.
Because Fraud Management doesn’t end in the detection phase, a Case Management tool is fundamental to ensure the case is analyzed and closed in the shortest time possible. This will assist analysts in their work by providing them the list of cases to work. When analyzing a case, the background information available will help the analyst make a decision. It is important to have customer details in one single point to avoid accessing distinct applications.
For instance, analyzing frauds related to physical distribution requires a tool to visualize locations so the analyst may quickly observe any patterns.
And last but not least, a Fraud Manager will have a wealth of information to understand how the team is performing and where to improve, using data instead of perceptions to support decisions.
Leverage Knowledge and Experience
The know-how to fight fraud is already available in your company, in the people that understand the processes, and in the fraud analysts. A Fraud Management Solution will enhance their expertise by doing the following:
- Providing clear and quick monitoring sensors
- Gathering relevant information for case background
- Allowing swift collaboration between people and areas
- Reducing the time spent on analysis (false-positives)
- Collecting historical information to improve future decisions
Cover all Departments and Business Units
Fraud can affect more than the company’s core business (the products and services provided). It can be present in other areas such as customer care, external sales agents, or even in the Human Resources Department.
For instance, an ill-intentioned employee may amass the tiny amounts that result from rounding values like $12.123 to $12.12. (You may recognize this from the movie Superman III, where Richard Pryor steals the rounded half-cents that don’t go into employees’ paychecks).
All areas and processes must be properly defended from the fraud effect with adequate prevention, detection, and monitoring.
Multi-industry
Obviously, one-size-fits-all cannot be applied in the fraud business case for all industries, as each type of industry is quite different one from another. However, best practices can be replicated to some degree between distinct types of business as there are some analogies between processes:
- Service abuse
- Credit card stuffing
- Incentives and commissions
- Partnerships
- Customer care
- Internal fraud
- Provisioning
- Document forgery
- Cyber security
- Human resources
Enterprise Business Assurance
The fraud phenomenon can be present in several departments within a company, not only those directly working with the products and services. It can include both external agents and internal agents, working on small scales or very large scales, and may reach the levels of organized crime and terrorism.
A global, integrated approach to the fraud fighting process is possible and achievable. Distinct industries and businesses can benefit from this vision by focusing on the crucial stages, integrating the knowledge of employees and supplying a truly enterprise-wide vision of fraud fighting.
Let Us Know What You Thought about this Post.
Put your Comment Below.