Why organisations need an effective counter fraud strategy

Why organisations need an effective counter fraud strategy
Dec 12, 2022
Co-written by former City of London Police Commissioner and counter fraud expert Ian Dyson QPM, we explore the rise of fraud and the importance of proactive counter fraud operations.

Accessible to anybody and affecting everybody, fraud now dominates crime types.

Advances in digital technology have enabled us to better detect fraud and protect against it. But technology has also made the crime type more accessible and easier to commit. 

While traditional types of crime such as burglary and theft have fallen dramatically within the last two decades, fraud and cybercrime have bucked trends, accounting for 40% of crime in the UK, according to the Police Foundation.

Taking place every minute of every day, fraud doesn’t often make headlines, but it is far from a victimless crime – the impact can be devastating on individuals, businesses, and society at large.

Dedicated to combatting this crime is a growing counter fraud community. Not limited to law enforcement, more organisations in the public and private sectors are investing in specialist counter fraud functions in efforts to better protect individuals and organisations from this crime.

Co-written with Ian Dyson QPM, former City of London Police Commissioner and counter fraud expert, we explore different types of fraud, its rise as an economic crime type, and the importance of proactive counter fraud operations.

What is fraud?

Fraud is the deliberate misrepresentation of facts, either by supplying false statements or withholding information, to gain something from another illegally or unethically by deceit. 

Fraud is often based on a misbalance of information, where the perpetrator is aware of information that the victim is not.

Given this broad interpretation, fraud can apply to an extensive variety of criminal activity. Often perceived as a ‘white collar’ crime carried out by individuals with professional financial and accounting knowledge, it’s now widespread and multifarious, affecting ordinary people daily.

That there are so many types of fraud is a challenge itself in detection, investigation and prevention, requiring different methods of discovery.

Types of fraud

Common fraud types which can affect both individuals and organisations according to Cifas definitions, include:

Identity fraud – Today, this often follows phishing campaigns which use email and social media to harvest personal information.

The pandemic and rising costs of living have shown how readily fraudsters will exploit economic strain and health concerns. Tailored messages relating to public health campaigns, energy bills, government support, mobile phone contract deals, or debt collection are just some examples of how fraudsters target vulnerable individuals.

Social engineering attacks targeting business meanwhile involve fraudsters adopting the identity of someone within an organisation, such as a CEO, using publicly available information to manipulate employees into releasing sensitive information or funds.

Misuse of facility – Criminals are increasingly leveraging the popularity of social media platforms to offer ‘make money quick’ and work from home schemes. These are forms of a money laundering process where the fraudster will pay an individual to keep money in their account and then transfer it elsewhere.

Criminals are now looking to exploit vulnerabilities among new companies entering the rising Buy Now Pay Later space.

Insider threat – Inside an organisation, insider threats can include anything from a staff member over-claiming expenses to a member of the finance department or senior management circumventing a company’s security mechanisms to transfer money to a controlled account.

Insider threat types could also extend to individuals withholding adverse credit or employment history from an employer with the intent to secure a position.

Why is fraud on the rise?

The rise in fraud is closely tied to ongoing digitalisation. The internet has enabled criminals to commit fraud at an industrial scale. As more of our daily activities go online – including work, shopping, and entertainment – and consumers increasingly expect instant gratification, there are more opportunities for criminals to exploit, and many more approaches and toolsets available for them to use.

Social-engineering methods such as phishing messages and fake social media accounts are easy and effective avenues for scaled attacks. More advanced and resourced criminals can access and deploy malware to harvest personal data.

“There is a growing societal trend around instant gratification without due diligence which is driving the risk of fraud. We now expect to buy goods, receive them next day and pay later, and to tap our debit card on the reader to open the barrier at the train station – this ‘I want it now’ mentality is creating greater opportunities for fraudsters to exploit.”

– Ian Dyson QPM

According to analysis by the Police Foundation, more than two-thirds (69%) of fraud cases investigated by the police as far back as 2016/17 included at least one element of cybercrime.

Fraud rates were catalysed by the COVID-19 pandemic, with fraudsters exploiting disruption at a societal scale, as well as the sudden reliance on digital to continue business operations and everyday life.

Between 2021 and 2022, at the height of the pandemic, more than two-thirds of senior risk executives said their companies had been exposed to external fraud according to KPMG, while 42% experiencing some degree of monetary loss.

As well as having a low barrier to entry, fraud is increasingly carried out with impunity when compared to traditional crime types. Just one charge was brought for every 166 offences recorded by Action Fraud, Cifas and UK Finance in the UK in 2021, as compared to one in every 69 in 2015. That’s a conviction rate of just 0.6% for the small amount of fraud cases that are reported to authorities.

Clue helps law enforcement agencies, corporations and public sector organisations, and other organisations detect and prevent economic crime. Learn more about Clue for economic crime and enquire about a demo today. 

What is the impact of fraud?

Despite accounting for a large and growing portion of crime, fraud is still treated as a low priority by law enforcement. This is compounded by a disparity between the amount of work fraud creates and resources available to be given to it.

For both law enforcement and fraudsters themselves, fraud is often perceived as a non-serious crime – a financial inconvenience to individuals or businesses that can be solved by contacting a bank or insurer. 

Sadly, this is far from the reality. Often, fraud victims are unable to claim full losses back, regardless of their personal circumstances. Public bodies generally lose between 0.5% and 5% of their spending to fraud each year, according to the International Public Sector Fraud Forum, representing a significant diversion of valuable resources away from public services.

In short, the impact of fraud can be devastating, and the damage caused isn’t just financial. Here are some examples of how fraud can affect individuals, organisations and society.

How fraud impacts individuals

Damage from fraud on individuals can be financial, physical or mental. Too often, it is vulnerable individuals already facing daily challenges in their lives who are susceptible to falling victim to fraudulent activity.

Monetary loss is the most obvious impact of fraud against individuals. This can come with physical, psychological and emotional impact, including stress, anxiety, depression, anger, embarrassment, shame, and distress.

Social problems can arise from loss of reputation, and feelings of vulnerability, exposure and isolation. The process of dealing with fraud, such as contacting banks and utilities companies, can bring added costs and trauma.

Fraud against public services can indirectly divert resources away from individuals who rely on them and lead to lost opportunities for members of society. As a result, individuals may lose trust in public service providers and feel unsupported and isolated.

“The domestic abuse, rape, knife crime that takes place is always going to get headlines and be the priority of police resource. But what masks is that, in the experience of the City of London Police, people have committed suicide because of significant loss from fraud. 

People are traumatised and some never recover. People feel shame – there is a full range of emotions that affects the individual, which are devastating and arguably are as significant as any other crime that a person could be victim to.”

– Ian Dyson QPM

How fraud impacts public sector organisations

As already mentioned, fraud against public sector bodies can result in the diversion of finite resources away from public services. This can lead to the cessation of services or programs altogether – or can hamper the quality of outcomes and customer experience.

The way a public sector organisation handles being victim to fraud may affect the confidence of their own citizens and employees, and that of organisations they work with. This can contribute to a wider loss of trust and confidence in government cyber readiness, security and competence.

How fraud impacts private sector businesses

Effects of fraud on a business, whether that derives from an external source manipulating the business or an internal one ‘cooking’ the books, can be far-reaching. Not least potentially huge monetary impact. For smaller businesses especially, this can result in bankruptcy.

Financial damage can derive from the fraud itself and associated legal fees, potential fines from the ICO (Information Commissioner s Office), a lack of new and repeat business because of affected reputation, and the cost of implementing new talent, security measures or processes to safeguard the business from future attacks.

Morale in a company may be affected by a significant fraud event, with employees feeling guilt or distraction from their work. If the fraud was committed internally, there may be a sense of distrust towards management. Ultimately, an organisation may lose employees as a result and struggle to attract future talent.

How fraud impacts society

The collective impact of fraud on society could lead to a lack of trust in government to safeguard taxpayer’s money and protect public services. For particularly vulnerable societal groups who depend heavily on support, welfare could worsen as fraud increases without the matched resources to detect and prevent it.

As fraud targeting individuals and businesses becomes ever more prevalent, there is an increasing likelihood that the crime becomes inadvertently tolerated in society, making it more viable for a wider range of criminals to enter and exploit. As fraud increasingly gains perception as a normal part of society – part of our increasingly digital lives – the longer-lasting damage it will cause to its victims.

 

What is counter fraud?

Counter fraud refers to the activities, resources, and capabilities that are applied by organisations to detect, prevent or disrupt the challenge of fraud.

An organisation’s counter fraud capabilities may be an extension of one or several departments, such as compliance, legal and IT security, or it may belong to a designated team responsible for protecting the organisation, its customers and resources from internal and external fraud threats.

While many counter fraud teams may consist of just one or several individuals, certain organisations have expansive teams. The NHS Counter Fraud Authority (NHSCFA) uses Clue to serve 400+ organisations, 200+ counter fraud champions and 254 local counter fraud specialists within the NHS counter fraud community across England and Wales.

In terms of individual skillsets, a counter fraud function may include a variety of specialisms, including investigations and interviewing, intelligence gathering, data science and analytics, asset recovery, fraud measurement, and risk assessment.

“Fraud was once considered a specialist white-collar crime committed by experienced, clever and persuasive individuals. The online world gives today’s fraudster the opportunity to do some simple things – and it’s becoming a myth that fraud is sophisticated and complex. Some is, of course, but there’s a hell of a lot of fraud which is really simple.”

– Ian Dyson QPM

Given the rising fraud risk and growing volumes of data, counter fraud teams are increasingly reliant on technology to support more effective and efficient prevention, detection and investigation.

Counter fraud programs are most often found in policing, government and public sector, healthcare and financial services, but are becoming increasingly common across a wider variety of organisations as the threat grows.

Elements of counter fraud strategy can include:

Intelligence: Counter fraud strategies include assessment of data collected by an organisation, how it’s stored, and how it can be protected. It also includes analysing data to determine what intelligence can be drawn from it in relation to fraudulent activity, and how intelligence gathering can be improved overall to support fraud detection and prevention.

A counter fraud strategy will include consideration to how data and intelligence can be securely shared and accessed between organisations, such as partners or law enforcement.

Prevention: As fraud attempts rise rapidly, preventing it from happening successfully is a significant focus of counter fraud strategy. While monitoring ongoing activity, counter fraud specialists can analyse past intelligence to detect trends and patterns leading up to successful fraud attempts.

Counter fraud teams can also examine shared data and wider market intelligence, including open datasets such as those led by National Fraud Initiative and non-profits such as Cifas to determine the approaches fraudsters are using against similar organisations.

Driven by intelligence, preventative counter fraud strategies can encompass disrupting fraud attempts before they take place, implementing process improvements to better safeguard the organisation and its customers, and internal awareness campaigns to ensure staff and customers are wary of common approaches by criminals.

Investigation: If fraudulent activity has been detected or successfully carried out, a counter fraud team may handle an investigation with the aim of formally identifying and confirming criminal activity and the perpetrator behind it. A thorough investigation may also help to surface related or historic cases of fraud which were previously missed or considered in isolation. Correctly carried out, an investigation will supply crucial evidence for law enforcement and prosecution.

Enforcement: An effective counter fraud strategy will include the necessary policy and procedure to be followed in the case of fraudulent activity being discovered, or if intelligence has been gathered that could lead to an investigation and potential prosecution. This would, for example, include how law enforcement would be informed and how data would be shared with them.

How can fraud be detected?

For many organisations, especially law enforcement, the imbalance between resources available for counter fraud and the volume of fraud taking place has meant the prevailing approach for fraud detection consists of receiving circumstantial evidence or whistleblower reports.

Anonymous tip lines have long been relied upon to surface instances of fraud and have historically accounted for nearly half of fraud detected. Meanwhile, internal or external audits will look to determine whether financial misstatements are errors or indicate the presence of fraud in organisations.

While these are effective means of detecting fraud, they rely upon individuals becoming aware of it taking place and choosing to report a suspect, or an audit being undertaken.

As fraud becomes a greater challenge in a digital age, fraud detection strategies are now increasingly reliant on data analytics, which can enable earlier detection of fraud by showing repeat patterns and anomalies.

“It seems to me that the most effective counter fraud strategies will involve strong data analytics capabilities to identify anomalies and unusual patterns from massive data sets. 

These will be backed by clear prevention educational messages to the public, that will pick up a lot of the fraud that is not sophisticated and are not dependent on large investments into technology by the fraudster.”

– Ian Dyson QPM

By data matching or identifying abnormalities or missing data by comparing two datasets, investigations can be conducted to identify whether fraud is taking place and prevent further occurrences or reduce the associated loss. Data mining can also be used to cluster and segment data to find patterns that correspond to fraud.

How can fraud be prevented?

Detecting fraud is vital to mitigating losses and bringing perpetrators to account but preventing it from happening in the first place is the most effective way of protecting individuals and businesses, and disincentivizing criminals.

Awareness campaigns – Awareness is a the most vital tool in deterring would-be criminals from committing fraud and ensuring that would-be victims are aware of fraud risks and warning signs.

To mitigate the risk of internal fraud, businesses can make employees aware of their fraud risk policy and significant consequences of committing it. Meanwhile, awareness campaigns inside an organisation or in the public eye can help to educate individuals about the most common forms of attack and indicators of fraud taking place, which can help prevent fraud and encourage reporting.

“Up until the pandemic and the clear-cut messaging of ‘hands, face, space’, we really hadn’t seen a large-scale public information campaigns since those of seatbelts and the dangers of drink-driving in the 60s and 70s. 

There is an opportunity for the government to make a significant impact against the scale of fraud in the UK by leading a campaign that takes the best of what banks are doing.”

– Ian Dyson QPM

Internal controls – These are the plans or programmes an organisation has in place to protect its assets, including ensuring the integrity of its accounting records and making fraud more difficult to carry out.

Internal controls might include thorough documentation of all transactions, limiting access to accounts and credit cards, segregating responsibilities when it comes to various stages of accounting and finance to help ensure discrepancies are found, and requiring authorisation from more than one individual for transactions valued over a certain amount.

Organisations can also control and monitor user access, ensuring everyone in the business has a unique username and password which should be changed regularly.

Clue helps law enforcement agencies, corporations and public sector organisations, and other organisations detect and prevent economic crime. Learn more about Clue for economic crime and enquire about a demo today. 

What are the biggest opportunities in counter fraud?

Despite the rise in fraud, as awareness of the scale and cost of the problem grows across organisations and industries, counter fraud operations are evolving quickly to make fraud harder to commit and to hold more perpetrators to account.

As uncovered by Clue’s own research into challenges faced by counter fraud teams across the public sector and government published in our report Counter Fraud in 2022: Navigating the Path to Prevention, there are significant opportunities that can be leveraged using innovative approaches to technology, upskilling and collaboration.

Data sharing and interoperability – Aside from access to open data programmes such as those led by National Fraud Initiative and non-profits such as Cifas, there is an increasing demand for shared intelligence eased by better interoperability between both internal systems and other organisations.

APIs can help secure interoperability between systems and organisations. However, implementing data sharing agreements between departments, agencies and organisations is a necessary point of focus in overcoming issues of compliance more seamlessly.

By enabling multiple systems to ‘talk’, investigators across the public and private sector can make decisions led by real-time data, providing them a better chance of keeping pace with newly emerging threats that could otherwise fall under the radar.

“Fundamentally, I think where data sharing initiatives have fallen short is by not having a clear purpose behind the sharing. If you have a clear purpose – such as being able to better find vulnerabilities in our systems that are enabling fraudsters to extract money.

While this approach may narrow the scope of the date sharing and place some constraints around it, there will be a better and more quantifiable outcome.”

– Ian Dyson QPM

Intelligence and case management technology – Data may have previously been managed with spreadsheets, but as reliance on data and data volumes increase, traditional methods of data management are prone to error, difficult to scale and can lack security.

Intelligence and case management technology can provide secure and unified project access and management combined with powerful analytics and search capabilities. These systems can present data in ways that aren’t possible using spreadsheets, surfacing trends and links that may otherwise be overlooked.

Automation technology – Automation has potential to lift manual work away from counter fraud teams, enabling more resource to be devoted to preventative approaches. Automation can be applied to data processing, for example, so less time is spent by counter fraud professional on data cleaning activities, while entities from documents or notes can be automatically indexed and cross-checked across a ‘watchlist’.

It’s important to note, however, that automation technology should supplement a counter fraud team’s work, rather than lead it. Given the serious repercussions to suspected perpetrators and victims, the decisions made by technology must be transparent, justifiable and explainable by human decision-makers.

Upskilling and talent sourcing – As counter fraud operations grow, so does the need for an in-flow of specialists. Many counter fraud professionals derive from backgrounds in law enforcement, given their relevant legal and investigative skillsets.

However, digitally enabled fraud and data-heavy counter fraud operations now require specialists with digital skillsets. Organisations can promote purposeful work and develop training plans for a wider pool of candidates, who can bring important skills such as data science and analytics to counter fraud functions.

“From time immemorial, criminals have looked to exploit opportunities. If a criminal is walking down the street and they see an open door, they will walk in. If you shut your front door and put a lock on it, that reduces the opportunity.

If you translate that quite simple analogy to any aspect of life, it’s clear that there are vulnerabilities that criminals will exploit. If there is a proper will and investment to find and tackle these vulnerabilities, we will go a long way to tackling fraud.”

– Ian Dyson QPM

Attracting investment – As fraud increases and its forms evolve, counter fraud strategies will continue to play greater roles in protecting individuals and businesses. But for that to happen effectively, teams will need greater resources. Generating awareness around the seriousness of fraud and the implication to perpetrators is not only crucial for detection and prevention, but also important to attract investment needed to bolster and develop counter fraud functions.

Counter fraud teams can build awareness about their importance by sharing regular reports to stakeholders presenting a clear view of their impact to the organisation and actual or projected costs saved as a result.

Clue helps law enforcement agencies, corporations and public sector organisations, and other organisations detect and prevent economic crime. Learn more about Clue for economic crime and enquire about a demo today. 

Book a demo

Book a demo

Find out how Clue can help your organisation.