The exponential surge in online fraud and cybercrime saw almost 6 million offences committed last year, meaning around one in 10 adults in the UK were victims. According to the latest findings from the Crime Survey for England and Wales, fraud has now become the most prevalent crime in the country with people 10 times more likely to become a fraud victim than they are to suffer a theft.
What is clear is that fraud is an insidious problem that challenges all businesses in the UK and around the globe. For far too long, fraud has been viewed as a victimless crime. On the contrary, it is continually being used by criminals for monetary gain. It is also used to fund a wide spectrum of illegal activities including drug dealing, human trafficking and even the funding of terrorism. Very often, the victims are oblivious to the risks of transacting online and are amongst more vulnerable members of society.
Keeping pace
Fraud has evolved from simple and opportunistic modus operandi to more complex scenarios. Fraudsters are becoming increasingly sophisticated, making use of techniques ranging from social engineering such as phishing or vishing to cyber-enabled malware attacks. They also often hide within complex networks where they employ ‘mules’ to do their bidding. Those networks are often hard to detect as they combine fraudulent activity with legitimate and compliant transactions.
Also contributing to the rising velocity of fraud is the proliferation of online services and the anonymity those digital channels provide to consumers. For example, when making insurance claims it’s easy to inflate the value of a damaged or stolen item or to add a few additional items to the claim, therefore resulting in what’s often referred to as ‘soft fraud’.
No magic recipe
Organisations must be in a constant state of readiness and need a multi-layered and pragmatic strategy to curb this threat. It is critical that organisations adopt a holistic approach that encompasses data management, fraud detection, as well as robust policies and strict internal governance to ensure that their exposure to fraud is brought down to a minimum. The ability to analyse high volumes of data quickly, in real time, is becoming more and more a ‘business critical’ requirement. Organisations must start with enhancing their data quality, as well as collating and linking different data types coming into the organisation. The use of data analytics is often understated but could yield significant value for organisations wishing to adopt a superior approach to monitoring and detection.
Unlocking £290m in value
For businesses, fraud introduces additional costs that impinge on growth, performance and productivity. On a wider scale, it undermines sustained economic progress and the operation of free markets. The onus is therefore on individuals and businesses alike to deter and report instances of fraud. According to our research with the Centre for Economic and Business Research, efficiencies from better fraud detection tools could total £290m from 2015 to 2020. Such tools include advanced analytics which will enable businesses to intervene and prevent fraud before it happens.
Lastly but crucially, people at the head of organisations should lead by example and nurture a culture of zero tolerance towards fraud and other forms of financial crime within their organisation. There should not only be policies but enforcement of those policies in the way that day-to-day business is conducted, both internally and with external parties.
With increased government focus and regulatory scrutiny on financial crime, businesses found cutting corners will be exposed and be subject to potential fines. For small to medium organisations, the associated reputational damage may undermine their very ability to exist in the future. Find out what it takes to develop effective fraud management to help identify suspicious transactions and networks before the money leaves your premises.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.