How to stop fraud

The Madoff and Stanford cases may grab the headlines, but the temptation of fraud appears at every corporate level

Bernard Madoff, Allen Stanford and California money manager Danny Pang may be the latest examples of outrageous fraud. But what about the little guys? The administrator, middle manager or call-center rep?

It doesn't take a high-profile, multibillion-dollar scandal to rock an enterprise. These days, when employers are cutting salaries, staff and bonuses--and staff is uncertain about the next round of layoffs--more employees are committing fraud, according to a study by the Association of Certified Fraud Examiners. More than half of fraud examiners surveyed said that the level of fraud has slightly or significantly increased in the previous 12 months compared to the level of fraud they investigated or observed in years prior.

U.S. organizations lost 7 percent of their annual revenues to fraud between 2006 and 2008 for an estimated total cost of $994 billion in losses, according to the ACFE. That's a slight uptick from the 5 percent loss reported for the two-year period ending in 2006.

What's more, about half cited increased financial pressure as the biggest factor contributing to the increase in fraud, compared to increased opportunity (27 percent) and increased rationalization (24 percent).

Fraud can include minor things like expensing personal items or major, fraudulent billing schemes carried out over months or years. "They're using the corporate credit cards for expenses that are really tying back to people in the accounting department to fill their own needs," says Adam Safir, COO of security consulting firm Safir Rosetti in New York. "We've had clients where individuals have racked up $500,000 worth of transfer payments to various parties that were done piecemeal through small [charges]" over several months.

Making matters worse, layoffs are affecting organizations' internal control systems, according to the ACFE study. Nearly 60 percent of companies say they had experienced layoffs during the past year. Among those who had experienced layoffs, more than a third said their company had eliminated some controls for preventing fraud.

Warning Signs of Fraud

- Excessive or inappropriate contact with a particular vendor, or a familial relationship between an employee and vendor, can lead to fraud. Sloppy record-keeping can also mask illicit activity.

- An employee who is living beyond his or her means or is known to be having financial difficulty may become desperate enough to commit fraud.

- "We've seen people withdrawn or becoming very hostile," who were committing fraud, says Adam Safir, COO of Safir Rosetti. There are also cases where employees maintain a low profile and "fly under the radar" while keeping a fraud scheme going for months.

- "Keep your ear to the ground," Lisa Sotto, a partner at Hunton & Williams adds. Sometimes rogue employees can't keep their mouth shut, she says, so listen to what employees are chatting about at the water cooler.

"I don't think this is anything new, but with the economy down and people getting desperate, this is a methodology that they use that takes advantage of a typical weakness," such as poor oversight or holes in security procedures, Safir says.

Fraud examiners expect that number to rise during the next 12 months, especially embezzlement cases and an increase in Ponzi schemes investigated by the SEC, says Bruce Dorris, ACFE program director. "The credit market is drying up and there's not as much capital to raise for those types of frauds, so you're going to see a lot more reporting" as investors realize they've been defrauded.

In these tough economic times, CSOs need to harden their defenses against fraud.

Join the CSO newsletter!

Error: Please check your email address.

Tags fraud

More about SEC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stacy Collett

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place