Monday, 30 March 2009

Companies plagued by cheque fraud

Payments fraud is on the increase, including old fashioned forms of fraud such as cheque fraud according to the findings of the 2009 Association of Finance Professionals' (AFP) Payments and Fraud Control Survey.

More than 70% of companies surveyed experienced actual or attempted payments fraud in 2008, with 40% experiencing increased fraud activity during the second half of 2008 as economic conditions worsened in the U.S. Overall 30% of respondents said incidents of fraud increased in 2008 compared to 2007.

The pickings appeared to be richer for fraudsters from larger companies, with 80% of companies with annual revenues in excess of $1 billion falling victim to payments fraud in 2008, compared with just 63% of companies with annual revenues under $1 billion.

Also old fashioned payment methods such as cheque appeared to be more susceptible to fraud with nine out of 10 companies that experienced attempted or actual payments fraud in 2008 being victims of cheque fraud. Other common forms of fraud were ACH debit (28%); consumer credit/debit cards (18%); corporate/commercial cards (14%t); ACH credits (7%); and wire transfers (6%).

US companies are being encouraged to write less cheques with solutions such as ACH and commercial cards being offered as an alternative, but it seems there is still some way to go before all payments migrate to electronic channels, which are still susceptible to fraud, but perhaps not to the same extent as fraudulent cheques.

Government stimulus funds could increase fraud

Ponzi schemes and other old fashioned forms of fraud are growing, and efforts by governments to combat the credit freeze are presenting new opportunities for fraudsters. That is the conclusion drawn in the latest Kroll Global Fraud Report. According to Kroll the greatest threat is misuse of government stimulus funds, particularly in areas such as infrastructure funding.

"Those impacted by the economic instability who are inclined to engage in fraudulent business practices will work to secure stimulus funds by any means possible,” said Blake Coppotelli, senior managing director in Kroll’s Business Intelligence and Investigations practice. “One prime area is infrastructure projects. With the near collapse of the real estate and construction markets, traditional fraud and rackets, such as bribery, kickbacks and bid-rigging, will find a wealth of opportunity in the stimulus funds. In our experience, without extensive anti-fraud policies, oversight and enforcement, 10% of these funds will be lost to fraud and criminal activity.”

Fraudsters will also be provided with new opportunities, says Kroll such as preying on companies as they move into "riskier geographies" in search of growth, to cheating to obtain a piece of the huge government stimulus pies. In its latest fraud report, Kroll says Ponzi schemes and other "old classics" are growing –for example, various financial scams and straight-forward corruption. According to Kroll, " smaller scale" pyramid schemes are multiplying in Latin American countries and elsewhere.

Often some of the most difficult frauds to predict are those committed by so-called "corporate saviours", as they "cook the books" not so much for personal gain but out of the misguided belief that they are acting in the best interests of the company or its employees. "They do not even realize that their actions would be considered fraudulent, or the damage that they might cause to others," says Kroll.

Kroll also says that the risks for companies that look to do more business in other geographies are also more acute in developing regions. Its survey found that the incidence of the top 10 major
frauds is generally higher in the Middle East and African countries, and lower, except for IP (intellectual property) fraud, in Europe and North America.

Despite the proliferation of fraud, Kroll says more regulation may not be the answer. After the Enron and WorldCom scandals at the beginning of the millennium, the US government introduced Sarbanes-Oxley legislation, but Kroll says despite such legislation fraudsters continue to penetrate and defraud companies in any industry, in any country around the world.

Friday, 27 March 2009

Chip and PIN no 'panacea'

Chip and PIN has forced fraudsters away from the high street, Shopsafe.co.uk director Simon Crisp was quoted as saying recently. While that may be true, what it has done is resulted in higher levels of card-not-present fraud and cross-border card fraud.

Crisp is quoted as saying stopping card fraud is about staying "one step ahead" of the fraudsters and that Chip and PIN is helping deter criminals. Well most so-called fraud experts would argue that Chip and PIN is not the 'panacea' some thought it would be and that it has merely forced fraudsters to become more sophisticated in their efforts to use cards for criminal purposes.

While it may have helped reduce the amount of card present fraud committed on the high street, online shopping presents numerous opportunities for fraudsters as the card is not presented. Malicious software and phishing attacks can also be used to capture personal banking as well as PIN and password details. I don't think Chip and PIN can really be classed as staying one step ahead of the fraudsters, as they have already jumped that 'hurdle'.

Tuesday, 24 March 2009

Banks still spending on fraud prevention

A new report on US banks' fraud management strategies concludes that funding for addressing fraud is unlikely to be scaled back despite the economic downturn,

"The good news is that funding for addressing fraud management is seen as mission-critical by financial institutions," says Nick Holland, senior analyst with Aite Group and author of the report. Holland says bank fraud management departments are centralising, investing in monitoring technology and continuing to place a strong emphasis on the "human element" as the most critical component of fraud mitigation.

The report, which is based on interviews with fraud managers at 23 of the top 150 US financial institutions, also sheds some interesting light on the drivers for banks' fraud management strategies, both now and in three years time. Supporting law enforcement efforts and recouping fraud losses are not necessarily high on banks' agenda. Instead more than 80% said preventing fraud losses and meeting compliance requirements was important now, increasing to 90% or more in three years.

While banks spend a lot of time, money and effort in trying to meet regulatory requirements, preventing fraud should be a priority of the bank regardless of compliance, as not only does it cost the banks millions ever year, but it also tarnishes their relationship with customers and impacts brand loyalty. Will there come a day when people shop for banks based not only on interest rates but also their track record in preventing fraud?

Banks could do more to protect customer data

As more fraudsters take over customer bank accounts, a company that shreds confidential information says banks need to do more in terms of safeguarding confidential material and educating customers about the risks of fraud.

According to CIFAS, the UK’s fraud prevention service, in 2008 there was a 207% rise in facility takeover fraud, whereby "scammers" intercept bank statements, credit card bills, receipts and account slips so that they can take over bank accounts that belong to other people.

Interestingly, while banks appear to have done considerable work in terms of implementing internal systems to detect fraud, sending credit card or account statements and PIN numbers by post to customers is hardly state-of-the-art fraud prevention.

Shred Easy, which c
ollects, destroys and recycles materials including paper and IT equipment, believes more could be done to educate bank customers about fraud and that banks should provide free advice on fraud and identity theft.

There is something to be said for greater customer awareness of what indicators to look out for in order to help prevent and detect fraud earlier. When you open an account with a bank it would be good to receive a pamphlet/brochure on bank account and credit card fraud and tips as to what telltale signs or behaviours customers should look for.

But also banks need to rethink their approach to safeguarding customer data. If they are still sending out paper account statements that can easily be intercepted (instead of say a digitally signed encrypted electronic file) then customer education will only go so far in helping reduce fraud.

Friday, 20 March 2009

Detecting suspicious activity sooner rather than later

This is what Michelle Weatherhead, manager, EMEA, Risk Solutions for payments software provider, ACI Worldwide, had to say recently about the rise in UK card fraud in 2008.

The APACS annual statistics finding that UK card fraud in 2008 increased by 14% is, unfortunately, relatively unsurprising. The one statistic that was immediately notable was the increase in card ID theft, which was up 39%.

Card ID theft, which is when someone gets hold of your card details and PIN and starts to use them on an ongoing basis, is a real problem. There is the issue of consumer education - encouraging members of the public to shred card statements when they dispose of them, change PINs regularly and carefully check statements to make sure they are accurate, is a first step. However, there are techniques that the bank can use to help prevent this type of fraud.

One step that many banks are turning to is monitoring all activity on an account, both financial and non-financial transactions, as well as combining intelligence about how a customer uses all their cards and accounts, not just an individual one.

This helps the banks build up a complete profile of that individual - how often they travel, where they tend to shop, how much they usually spend - so that as soon as a transaction occurs that is outside that customer's usual spending patterns, alarm bells start to ring and that transaction can be flagged as suspicious. What is important is that the banks detect suspicious activity as soon as the account is taken over, otherwise the fraudster will build up their own 'profile' so activity may appear genuine.

This leads to tools such as SMS alerting, which banks are starting to implement to help them stop fraud early. SMS alerting means that if suspicious activity occurs, such as a transaction that is overseas, over a certain value, or in a type of outlet the customer hasn't used before, the bank can send a text message to the customer immediately, informing them of the transaction and asking them to respond if it isn't genuine.

This can also be used to confirm with customers that they have changed their address or requested a new PIN for example, which can be a first sign of account takeover.This combination of activity can enable the banks to block compromised cards quickly, protecting themselves from losses, and also building confidence with members of the public that they are protected too.

Fraud is always changing and moving - the APACS’ statistics for 2009 when they come out in 12 months’ will show similar trends to those we have seen in this announcement - but as banks embrace the latest technology, just maybe some of these numbers will start to come down.

Thursday, 19 March 2009

The battle against fraud steps up a gear

For some time now I have been drawing links between the economic crisis and the increased discovery of fraud. It is not rocket science really, as economic hardship can make people that may not normally commit fraud, find themselves suddenly fiddling the books or altering accounts in order to cover up losses or poor performance.

Of course, there is always the more criminal element that looks for vulnerabilities to commit new and varied forms of fraud. Most of the fraud experts I have spoken to have said that the crisis is not likely to lead to a greater incidence of fraud, but greater discovery of frauds that may have been going on for some time. The Madoff Ponzi scheme is a case in point.

However, a survey conducted by Vanson Bourne on behalf of predictive analytics software provider, SPSS Inc., has found that one in four (26%) financial companies reported increased levels of fraud, which it claims is double the UK average of 12%.

But it is not necessarily a lack of preparation that is exposing financial service providers to fraud, as 82% of respondents said they were very or well prepared to combat fraud, compared to 73% across all industry sectors. Now this is obviously where SPSS comes in and says predictive analytics is one tool that financial service providers should have in their anti-fraud armoury.

Yet, having the latest whizz bang anti-fraud solutions in place does not necessarily mean you are less exposed to fraud. Firstly it depends what solutions you have in place, whether they are joined up enterprise-wide or operate in silos, how well educated and trained your staff are to uncover various types of fraud and to interpret various data inputs and analytics that could suggest fraud.

We have all heard the stories of fraud technologies that generate "false positives", which means staff spend more time responding to false alerts or red flags than they do to real incidences of fraud. Professional fraudsters are also fairly adaptable and can change certain behaviours in order to circumvent technologies, which may only be programmed to look for past known behaviours of fraudsters, not new permutations.

While the bulk of the responsibility and liability for fraud has historically been with the companies that are the victims, increasingly the government appears to be assuming more responsibility with the setting up of a National Fraud Reporting Centre (NFRC) where people and businesses will be able to report suspected cases of fraud.

The UK National Fraud Strategic Authority has also given the Crown Courts extended powers to bar solicitors and estate agents from working if they are convicted of fraud. It is all part of the Government's efforts to change the perception that fraud is a "victimless" crime, but while businesses take fraud seriously, will this get the police to treat fraud more seriously?

There was an interesting report on the BBC's Panorama program recently about the government's inability to successfully recover the assets of organised crime or money earned through illicit means. While a reporting centre is a step up as information sharing can often uncover patterns of fraud across various enterprises, the authorities need to make the evidence stick and the information needs to be adequately followed up by the police, which to date have not made significant inroads when it comes to catching fraudsters.

Thursday, 5 March 2009

FSA faces multimillion pound compensation claim

The Securities & Exchange Commission in the US has copped serious flack over its handling of the alleged Madoff Ponzi scheme and it looks like it is the turn of the UK's Financial Services Authority (FSA) to cop some flak - in fact it is facing a multimillion pound compensation claim from investors in collapsed fund, GFX Capital Markets.

According to a report in The Times, the FSA knew about concerns pertaining to GFX's business practices and that its boss Terry Freeman had changed his name after earlier being disqualified until 2012 as a company director.

Lawyers for investors in GFX which collapsed with estimated losses of £44 million, claim that the FSA could have acted sooner based on the knowledge it possessed. Is this the first of many such claims that we are likely to see against the FSA as angry investors seek retribution for their losses?

While it is all to easy to use the regulators as a scape goat for a lack of due diligence by investor or investment funds, this crisis raises serious questions about the regulatory oversight and due diligence conducted by the FSA and perhaps suggests that more regulation or granting more powers to the FSA is not going to be the panacea some hope it might.