The most recent Global Fraud Study released by the Association of Certified Fraud Examiners determined businesses can lose on average 5 percent of revenue each year to fraud, which amounts to nearly $3.7 trillion across the globe. Massive data breaches have caused serious damage, including a $146 million loss for Target and an estimated $200 million for Sony. Although high-profile technology breaches of consumer data dominate the news, your company's financial data and assets could also be at risk. The recent climate begs the question, what can we expect in 2015?
The cat and mouse game will continue. As technology becomes more advanced, fraudulent schemes will become more complex, while more sophisticated fraud solutions will be developed to combat hackers' best efforts. As the landscape of fraud continues to shift, business leaders must be aware of trends and predictions that will allow them to implement internal/external controls and systems to help reduce the risk of fraud and keep them from becoming another statistic.
The double-edged sword of technology gets sharper
It has been estimated that nine out of 10 breaches can be described by nine basic patterns. However, as technology advances, we are seeing a distinct proliferation of more complex fraud schemes. At the same time, we are seeing more breakthroughs in the use of technology to detect fraud. Strategies that we've used in just the past few years will become completely outdated, as a fresh set of tactics will debut.
As money becomes more digital, there is increasing concern surrounding the vulnerability of cloud-based applications. The cloud is not going to stop growing. It is going to continue to evolve and become the norm because the business and personal benefits are far too strong. Any centralization of data without the right protocols can become a target, but banks and credit cards are even bigger targets, and they've been around for a while.
Improving information security will be a major priority
The recent data breaches in large corporations have exposed vulnerabilities in the way personal information is maintained and stored. Because of this, we are expecting more massive data breaches throughout 2015, which makes improving information security a top priority. We will likely see more IP addresses, bigger sites getting better at the game, and Payment Card Industry Data Security Standard (PCI DSS) compliance across the board.
Employee theft and fraud will continue to be a serious threat
According to the U.S. Chamber of Commerce, 75 percent of all employees steal at least once, and half of these individuals steal repeatedly. Even the most trustworthy employees will go to desperate measures, giving way to employee theft and fraud. Even the most steadfast employees, who would normally never think of committing fraud against their employers, are more willing to take unlawful risks in order to have some extra money in their pockets.
Most organizations place their anti-fraud emphasis on external fraud and security. Ironically, somewhere between 50 percent and 75 percent of the financial losses due to computer incidents result from inside threats, according to the FBI and Computer Security Institute. Combating fraud requires businesses to place equal value on the detection of internal and external fraud, developing necessary strategies to address both.
What can companies do?
To minimize the potential damage of fraud, companies need to invest not just in more advanced technology but in people and policies for detecting attacks as quickly as possible. While the networks are just too large to prevent every attack from occurring, detection is crucial. Most companies do not have adequate protocols and staff in place to deal with incidents of fraud. While advanced technology serves as a great tool to combat fraud, the issue should be viewed as more than just an IT problem and looked at as a business problem. Here are some steps to take:
- Put a clear focus on segregation of duties (spread and rotate financial responsibilities, control who views sensitive documents)
- Offer internal and external audits (monthly profit and loss reviews, monthly balance sheet reviews)
- Develop protocols for electronic banking transactions (e.g., limiting access, verbally confirming requests, two-step authentication process, safeguard data)
By taking these actions, companies can begin building a culture of system-wide accountability rooted in honesty, integrity, and transparency. Remember, the cost of trying to prevent fraud is far less expensive to a business than the cost of fraud committed on a business.