By Hagai Schaffer
Fraud is an increasingly serious threat for businesses around the world, eroding data integrity and security, consumer confidence and brand integrity. Based on the latest ACFE (Association of Certified Fraud Examiners) study, organizations lose 5 percent of revenue each year to insider fraud.
According to the study, the majority of insider fraud losses — as high as 80 percent — are caused by collusion of two or more employees, even though only 45 percent of the incidents are attributed to collusion. One reason why the losses are higher is that when more people are involved, there are more opportunities to commit fraud and it becomes easier to circumvent anti-fraud controls and conceal the fraud for longer.
Companies invest in implementing controls such as requiring that transactions above certain thresholds be authorized by a second employee and preventing the same person from re-activating an account and transferring funds. But just by coordinating their efforts, employees can work together to circumvent these measures.
Here are five measures that can help identify insider fraud and collusion:
1. Monitor all user behavior
In order to detect potential insider fraud, businesses need to monitor and recognize unusual employee behavior. This can include things like sudden extravagant purchases or not taking vacations in order to perpetuate the crime and prevent detection. Suspicious behavior can also be detected by using monitoring systems to track when employees perform unusual changes to information systems. However, in all of these cases, fraud may be detected only after damages have been incurred.
An even better way to prevent fraud is to monitor data searches in order to detect when employees are planning fraud. For example, if a bank employee is attempting to deplete a dormant account, the first step is to perform inquiries to find inactive accounts with high balances. By monitoring user queries, investigators can recognize when employees are looking for potential targets before a dormant account is re-activated or money is transferred.
2. Compare an individual’s behavior with the relevant peer group
Employees who attempt to commit fraud are typically familiar with the controls that have been put in place and can try to circumvent them. For example, bank employees that know the transaction threshold that will send a red flag as potential suspicious activity can siphon off smaller amounts of money over a longer periods of time to avoid detection.
An analytic engine — one that learns the normal behavior of individuals and can compare it with normal behavior of other employees with similar roles in the same department or in other departments — can be more accurate at identifying fraud attempts. For example, a back office employee makes a query to discover accounts that have been inactive for eight to nine months (just before they are automatically flagged as dormant); this behavior can be flagged as suspicious when compared with typical queries conducted by his peers.
3. Correlate activities in various channels and systems across the organization
Businesses typically segregate functions between roles to lessen the opportunities for employees to commit fraud. For example, in banks typically only back office clerks can reactivate a dormant account, but they cannot transfer funds. Tellers, on the other hand, can transfer funds, but cannot change account status. Collusion between a back office clerk and a teller would allow them to liquidate dormant accounts. For detecting such schemes, an anti-fraud system needs to monitor and correlate all activity across back office, transactional systems, branch offices, e-channels and other systems.
4. Detect commonalities in employees’ actions
Two employees who are both conducting an excessive amount of activity on the same customer accounts can be a clear indication of collusion, especially if they are the only employees to access these accounts. For example, if a back office clerk and a bank teller are consistently viewing the same accounts, this can be an indication that they are working together to take over these accounts. One way to identify and hopefully prevent this type of fraud is to alert fraud investigators when multiple employees perform suspicious transactions on the same accounts.
5. Use visual tools to link employees, customer accounts and suspicious activities
Analytics alone is not enough. Since collusion involves multiple employees and suspicious events, visual link analysis can be very effective. It can uncover sophisticated scenarios that are difficult to uncover using traditional representations such as tables and charts. Using tools that can cluster events and identify trends with a visual display speeds up investigation and resolution.
By monitoring and analyzing all employee activity and looking for signs of collaboration, organizations can detect suspicious activity before any funds are lost or their reputation is tarnished. There are other benefits of notifying employees that a diligent tracking system has been implemented: employees are less likely to commit fraud if they know there is a greater chance of being caught. Also, if fraud is detected when losses are small, then larger problems can be avoided.
Hagai Schaffer leads Product Management and Marketing at Intellinx Ltd., a Bottomline Technologies company, and held the same position at Sabratec Ltd. He has over 25 years of experience in the software industry in both technology and business positions. Before joining Sabratec, Hagai served as CTO at Oblicore Inc., a leading provider of Service Level Management solutions. Prior to that, he held senior technology and business management positions with SPL WorldGroup. Hagai holds B.Sc., Mathematics & Computer Science (Cum Laude) and MBA (with distinction) from the Bar-Ilan University.