September 06, 2016

How Does Fraud Work? Cheque Out the Anatomy of a Fraud

The anatomy of a fraud is an interdependent process that ends up victimizing people and organizations.

Fraud is defined as “any intentional or deliberate act to deprive another of property or money by guile, deception, or other unfair means" by the Association of Certified Fraud Examiners.

How does fraud work?

While people tend to think of individuals getting defrauded, fraud against a company is also common. Insider fraudsters commit fraud in the workplace and on the job while criminals, customers and third-parties commit fraud from the outside.

What does fraud cost?  

The typical organization is generally advised to budget 5% of its revenues to fraud each year.

The 2016 Identity Fraud Study by Javelin showed that the number of identity fraud victims increased by 3% to 13.1 million consumers in the U.S. last year; and the amount stolen was $15 billion.

The LexisNexis True Cost of Fraud study showed that every dollar lost to fraud cost merchants $2.40, up from $2.23 a year ago.

How is data stolen?

First Step: Criminals collect confidential information in different ways. Online, they use websites, social media pages, etc. Dumpster divers physically steal information. Insider fraudsters physically steal information in the workplace, they use visual hacking strategies, and access files in computers.

Determining the Victim: Criminals study stolen data to determine if there is enough to target one victim or victim organization. The criteria includes by the volume of information, how easy a target might be, and potential financial return.  

Rounding out a Stolen Identify: If there’s not enough information, the criminal uses other collection strategies. For example, social engineering involves tricking people into breaking security procedures – and mistakenly providing information or downloading malicious software. In a phishing scam, criminals pretend they are legitimate organizations and mail or phone to obtain more information.  

Identifying Holes: Criminals will identify points of weakness in an organization or computer system. In the 2016 Global Fraud Study, a lack of internal controls contributed to fraud most (it was cited in 29.3% of cases). The next weak spot was being able to override existing internal controls.

The Fraud: The fraudster will finally be ready to attack (it can take weeks or years even). The most common types of fraud are identity theft (opening accounts fraudulently, taking over existing accounts, etc.) Dishonest vendors might bill the company for goods or services not provided. Dishonest customers might submit bad checks or falsified account information for payment.

The following safeguards support fraud prevention in the workplace.

  • Create a culture of security with commitment from all employees from the top down.
  • Stay up-to-date on compliance requirements.
  • Equip all hard drives with safeguards.
  • Provide on-going employee training.
  • Encourage employees to report misconduct with a whistle-blower hotline.
  • Use fraud risk assessments to identify risks.
  • Develop a cyber breach response plan.
  • Vet third-parties to make sure they are committed to information security.
  • Streamline security processes in the workplace. For example, partner with a document destruction leader that provides a chain of custody for the secure destruction of both paper documents and hard drives.

Do you know where fraud is most likely to occur in the workplace? Find out the 5 most likely areas – and how to better protect your organization.