In-depth

Fighting fraud with technology

Business fraud is on the up and is costing the UK economy billions. Technology is often the cause, but is also the solution to combating this type of fraud.

Business fraud is on the up and is costing the UK economy 1.37bn, according to new figures from accountants BDO Stoy Hayward. But the organisation believes the real figure could be much higher.

The accountants found that the figure rose sharply from 2005, when fraud cost business 1bn. The research found that only 15 per cent of businesses actually bothered to report fraud to the police. It estimated the actual cost of fraud to UK companies was nearer 5bn.

Advertisement - Article continues below

BDO said that value of reported fraud in the UK has risen 314 per cent from 2003, much of the fraud reported was "carousel" - high-value VAT fraud. This happens when criminals obtain a VAT registration number to buy goods, such as processors or mobile devices, from other EU member states, then sell on the goods inclusive of VAT and then disappear without paying this VAT to HM Revenue and Customs.

The Midlands was the worse affected region with several carousel frauds committed there. London and the South East also reported rises in the amount of fraud. Nine prosecutions last year involving fraud cost the UK Treasury 372m in lost revenues.

Experts said that detecting fraud in the modern corporate environment is an increasing challenge and is usually met with ever more sophisticated technology.

Advertisement
Advertisement - Article continues below

"Computer systems that do automatic transaction analysis are commonly used by banks and credit card companies and data mining techniques help to search out 'what if' scenarios," said Chris Paley-Menzies, head of forensic technology at RGL Forensic Accountants & Consultants. "However, these should also be allied with strong control procedures and transparency in financial authorisations".

Advertisement - Article continues below

Dan Morrison, partner, Corporate Fraud and Asset Recovery Group at law firm Mishcon de Reya said that there are a number of straightforward steps companies can take to dramatically improve the security and efficacy of their response if the crooks do strike.

"Careful scrutiny of prospective employees who will have high level access to your IT and security systems - experience shows beyond doubt that the majority of these frauds are carried out by insiders or at least with some level of inside help," said Morrison.

He added that companies needed to make sure they have in place a company policy permitting monitoring of emails and telephone calls in order to detect and prevent fraud. Provided such a policy has been adopted and reasonable steps have been taken to draw it to the attention of employees, the monitoring will not fall foul of the interception rules under the Regulation of Investigatory Powers Act.

Advertisement - Article continues below

"Intelligent monitoring in risk areas may provide advance warning of a planned fraud and, at the least, makes the insider's job more difficult," he said.

Morrison said hardware and software needed to be set up so that only those who truly need such rights can install new software to any part of your network. He said that PCs should not have floppy, CD or DVD drives unless there is a genuine business need for the user of a particular unit.

"By the same token, remove or disable unnecessary USB (or equivalent) ports and thereby prevent the use the portable data storage devices that are now readily and inexpensively available to the public," he said.

Advertisement
Advertisement - Article continues below

Jarrod Haggerty, forensic technology director, PricewaterhouseCoopers LLP said that robust risk management systems can go a long way to mitigate the likelihood of economic crime.

"A significant weapon in the fight against today's high-tech criminal is to understand where a business is most exposed to the threat of fraud through its IT infrastructure," said Haggerty. "In turn, IT can play a major role in the fight against fraud."

Advertisement - Article continues below

He said that businesses should tailor their defence mechanisms so that they are in line with their corporate business practices, ethos and culture.

Haggerty added that there are very few 'off the shelf' solutions that fit all of an organisation's requirements, so companies should consider the following; has the company recently undergone a rigorous assessment of its IT fraud risk exposure and has it addressed any significant gaps that emerged? Does the company have a formal incident response plan? Does the company have a written code of ethics with clear statements about the consequences of ethical breaches of its IT policies, so that management and staff know what is expected of them?

He said that if a company hasn't considered the implications of the Data Protection Act and what it may be required to implement in order to capture and review electronic evidence or any of the previous considerations then appropriate remedial action should be taken.

Advertisement - Article continues below

Richard Kusnierz, Director of fraud detection and risk management software company IDS said where there is a recognition that fraud occurs, organisations are putting in place hugely expensive mechanisms, "but there are cheaper and better options that are far more effective," he said.

"It is estimated that the UK invests 8bn every year in technology and measures to counter the 32bn fraudulent activity costs the country every year," said Kusnierz. "Yet there is a real lack of understanding of how to counter fraud. Many of the expensive technology solutions are complex both to implement and use - and in many cases the investment remains unused."

He said that one large financial institution recently invested a six-figure sum in anti-money laundering technology when existing software already used internally could have met all compliance requirements with only minimal additional investment.

"This lack of understanding promotes further confusion, leading organisations to invest heavily in technology without implementing the processes that are key to actually catching and deterring fraudulent activity," said Kusnierz.

Advertisement - Article continues below

He pointed out one example where running a fraud detection algorithm across the accounts payable information can flag up a number of anomalies, with multiple flags dictating prioritisation of follow-up investigation.

"Critically, this algorithm can be run constantly, in real-time, highlighting not only potential mistakes - such as payment to the wrong supplier - but also instances of potentially fraudulent activity that can be immediately followed up, before the perpetrator leaves the organisation," said Kusnierz.

Other experts said that as companies start to review their document management policies for compliance and regulatory matters they will become more aware of the use of their IT systems.

"This will also put them in a better position to implement the most effective tools for their organisation," said Andrew Szczech, electronic evidence consultant at computer forensics company Kroll Ontrack. "This approach, however, needs to be carefully considered to ensure that the ability of employees to carry out their legitimate activities is not compromised."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020