As fraud continues to become a larger threat to companies across all industries, Boards of Directors must stay on top of trends and ensure C-level executives implement effective measures to prevent and detect it.
The first step is for both the Board and the C-Suite to educate themselves on the magnitude of fraud. A 2015 study by the Association of Certified Fraud Examiners found that companies lose an estimated 5 percent of revenue each year as a result of fraud.
Fraud also affects a company’s reputation. Customers whose identities get stolen write reviews and share this with others. Once this information becomes available to the public, it can attract the attention of regulators who will scrutinize the organization’s fraud prevention methods.
Before Boards of Directors can effectively lead the C-Suite to better fraud prevention and detection practices, they need to clarify which individual bears the responsibility of running the fraud program. This role varies from Chief Operating Officer to Chief Security Officer, and Boards must make sure these people do not work independently of one another to the extent they’re offsetting each other’s efforts. We’re starting to see these various roles come together to employ advanced measures to effectively manage fraud.
The Board of Directors must hold the C-Suite accountable for the fraud that goes on in the organization. It should be an area measured in the business dashboard, along with revenue, margins and other key performance indicators. Fraud will not always be examined on the same level as revenue and other KPIs that directly impact executive pay and bonuses, but it needs to be tracked to effectively measure the health of the company.
Boards also should encourage the executive team to set realistic goals. Companies shouldn’t aim to stop 100 percent of fraud, as this is impossible and would harm the experience of legitimate customers. Aiming to stop all fraud will result in high abandonment rates and harm to revenue. Instead, they should aim to find the mix that works best for their operations.
Networks – Fraudsters’ Nemeses
You’ll be hard pressed to find a security professional who questions the efficacy of the network sharing of information as it relates to fraud. When organizations join consortiums – whether industry-specific or general business – to inform one another about attempted fraud, they greatly improve their chances of recognizing fraudsters before they succeed.
Companies also need to become more aware of internal fraud. If a fraud ring infiltrates a large organization’s vendor, the fraudsters then have access to the entire company’s system. This type of fraud will often be the first to hit a company and should not be overshadowed by external fraud in the eyes of the C-Suite.
Don’t Damage Your Device Reputation
Once only used for application data, the network-sharing approach is now extending to devices. Each device used for online transactions carries a unique profile, and we can use this information to track fraudulent behavior.
If someone uses a certain iPad to attempt fraud and this information is shared within the consortium, when a person uses the same device to attempt fraud at another company, the device will be flagged and the transaction will undergo more rigorous examination. In the opposite scenario, a device that’s built up a good reputation for performing legitimate transactions will pass through fraud barriers more easily.
Unfriending Fraud
Analysis of social media behavior provides additional data points to companies as they search for fraud, greatly improving their ability to combat it. Fraud detection systems can study information from an identity’s social media accounts to string together a history of the identity. Some of the most potent data points include the length of time the account has been active and the number of social media platforms on which the identity is active.
A fraudster cannot go back in time to create a Facebook account, and most fraudsters are not dedicated enough to plan their actions years in advance. So far, no one has successfully created an identity and made it look completely real on social media by consistently posting everything from the same place over a substantial period of time.
When social media data combines with information obtained from other sources that may not be public information, the strongest image of an identity comes into view. The more angles we can use to scrutinize an identity, the more likely we are to accurately assess its validity.
By tracking where customers come from, the channels they use, their personal data and their social media and device information and then sharing it within networks, companies will start to see patterns within their application data. These patterns are the strongest weapons organizations have against fraud, and if Boards of Directors ensure their C-level decision makers value fraud prevention and detection efforts, they will be more apt to succeed in stopping fraudsters.