September 20, 2016

The Anatomy of Data Fraud

The anatomy of a fraud is an interdependent process that ends up victimising people and organisations.

Fraud is defined as “any intentional or deliberate act to deprive another of property or money by guile, deception, or other unfair means" by the Association of Certified Fraud Examiners.

How does fraud work?

While people tend to think of individuals getting defrauded, fraud against a company is also common. Insider fraudsters commit fraud in the workplace and on the job while criminals, customers and third-parties commit fraud from the outside.

What does fraud cost?  

According to one study by the Association of Certified Fraud Examiners, the typical organisation loses 5% of its revenues to fraud each year. Overall, fraud is estimated to cost the UK £193 billion each year, while 27% of UK adults are thought to have been affected by identity theft.

How does data fraud happen? 

First Step: Criminals collect confidential information in different ways. Online, they use websites, social media pages, etc. Bin raiders physically steal information. Insider fraudsters physically steal information in the workplace, they use visual hacking strategies, and access files in computers.

Determining the Victim: Criminals study stolen data to determine if there is enough to target one victim or victim organisation. The criteria includes by the volume of information, how easy a target might be, and potential financial return.  

Rounding out a Stolen Identify: If there’s not enough information, the criminal uses other collection strategies. For example, social engineering involves tricking people into breaking security procedures – and mistakenly providing information or downloading malicious software. In a phishing scam, criminals pretend they are legitimate organisations and mail or phone to obtain more information.  

Identifying Holes: Criminals will identify points of weakness in an organisation or computer system. The ACFE 2016 Global Fraud Study found that a lack of internal controls contributed to data fraud most (it was cited in 29.3% of cases). The next weak spot was being able to override existing internal controls.

The Fraud: The fraudster will finally be ready to attack (it can take weeks or years even). The most common types of fraud are identity theft (opening accounts fraudulently, taking over existing accounts, etc.) Dishonest vendors might bill the company for goods or services not provided. Dishonest customers might submit bad checks or falsified account information for payment.

The following safeguards support data fraud prevention in the workplace.

  • Create a culture of security with commitment from all employees from the top down.
  • Stay up-to-date on compliance requirements.
  • Equip all hard drives with safeguards.
  • Provide on-going employee training.
  • Encourage employees to report misconduct with a whistle-blower hotline.
  • Use fraud risk assessments to identify risks.
  • Develop a cyber breach response plan.
  • Vet third-parties to make sure they are committed to information security.
  • Streamline security processes in the workplace. For example, partner with a document destruction leader that provides a chain of custody for the secure destruction of both paper documents and hard drives.

Do you know where fraud is most likely to occur in the workplace? Find out the 5 most likely areas – and how to better protect your organisation.