Anti-fraud: The Next Phases in the On-going Battle

Modern frauds, particularly related to payments, are a far cry from the manual cheque frauds of old, as they are being perpetrated across all forms of payment devices, from credit and debit cards to investment instruments, to automated clearing houses (ACH). Financial and commercial institutions are constantly seeking comprehensive anti-fraud solutions that can cover all threats and protect all types of customers, including corporate ones, given how such crimes now have a global reach and have become highly sophisticated.

To prevent fraud it is advisable to adopt best practice, which in my opinion involves opting for separate individual modules that cover separate fraud areas completely, and report into a central over-arching control solution. These modules must be easily adaptable so that they can be integrated into reporting platforms. A payment card fraud module is usually the first one to be implemented. A real-time web-based application using proven anti-money laundering (AML) profiling and transaction monitoring and framework engines is best. The rule-based application can combat and prevent the modus operandi used by organised criminals around the world. The module should be applicable for both issuers and acquirers and set up for all payment cards including prepaid cards, which seem to be picking up market share in different regions and are popular with corporate treasurers. Gift and reward cards can be a real threat too when not properly monitored and are prone to money laundering.

Extensive market research within financial institutions and corporations, overlooking internal procedures and ways how businesses interact, quickly teach you that there are various areas where improvements, such as enhanced authentication and access control tools, can result in reduced risks.

Every industry, company or geographical location will have its specific needs, issues and even country regulations that need to be taken into consideration when building an anti-fraud tool. Therefore, it is of the utmost importance that when focusing on a specific part you first have a complete understanding of the overall situation concerning where and how fraud occurs. Is it an internal or external threat your corporation is facing, domestic or cross-border, online or physical? These are some of the main topics that are analysed in-depth during a business analysis, which everyone should complete.

The problems come from different sides. Both internal and external threats present different criminal approaches and philosophies. In most cases, internal problems emerge out of greed, poor internal control systems, disagreements and revenge, but at the core, these people normally do not have a criminal mind; at least to start with. On the contrary, when dealing with an external threat the setup is different and can take up any form of disguise. The criminal mindset is unpredictable and has no boundaries, regulations or time to look at. Their aim is financial gain no matter what is needed to do so.

A good example is where organised crime tries to put one of their associates on an important position within a company. This poses a serious threat and takes enormous time and effort to identify the mole within. Or, what we are witnessing today is where cyber criminals intrude your internal systems placing sniffers and malware that can easily be controlled remotely. Malware can reside in your system for a long time and when the time is right can easily be accessed remotely. Corporations must take appropriate protective measures.

Recent data breaches within the payment industry have proven that even with all the extra Payment Card Industry Data Security Standard (PCI DSS) rules in place, vigilance and constantly updating different levels of security is a must. Make sure to also keep track of what is going outside from your system.

These intrusions can quickly cause a huge damage and be a driver for negative publicity. It will also have its impact on the morale of the hard working, loyal employees. Look at the different forms of staff member extortions, fear of retaliation and physical harm to themselves or family members will prevent the employee from reporting this. Not really aware of what may happen will make them an easy target that can be pushed to another level. Or the man in the middle approach, driven out of greed or frustration that will have no problem transferring funds or assets to anywhere asked, in order to keep up the life they are leading. Add it all up and you have the right ingredients for a financial nightmare.

When looking at huge losses caused by internal fraud, and aware of the steady increase, it provides corporations with pause to think. Initiatives to deploy an internal fraud solution module, where employees would play a main role are needed. Employee fraud can happen on every level within a company and can cause extra barriers when done by a board member or highly placed executive. It is the main fear of all companies, being betrayed by employees that have always been trustworthy and loyal during their entire career. It also has an impact on recruitment, internal trust and confidence that the public has in a company. It requires a strong, transparent but firm policy and management backup. It needs to clearly define the company point of view and internal fraud approach. Any organisation should have the ability to prevent, detect and investigate fraud, and take the necessary action to pursue potential fraudsters as far as necessary. The only way to reach this is with a decisive management and the right tools to do so.

The rise of e-banking across continents has spiked identity theft cases big time and victimised unsuspected e-bankers and corporations. Yearly, thousands of customers are fooled with dubious sites or known website look-alikes. Identity phishing is still a widely used tool for criminals to obtain personal data and launch fraudulent scams.

So end users need the possibility to pause dubious payments, to further investigate the origin or beneficiary and take appropriate action to either release or block payments manually. We chose to add an embedded IP locator tool where dodgy IP addresses can easily be identified and blacklisted. In conjunction with an SMS server to notify customers of problems, the right tools are at hand to prevent hackers trying to hit banks or corporate customers through their e-portal.

Whatever compliance suite you choose working on one single platform is crucial, where all reporting modules are centralised for clarity and behaviour-spotting purposes. Sharing obtained intelligence and results provides corporations with an increased risk scoring result and better capabilities to fight fraud.


Related reading