Any time, any place, anywhere

Published: Thursday November 13, 2014

He twirls it in the air to show it's empty. He puts it on the table before him. He turns it over and lays a handkerchief over it. The drum rolls, the audience leans forward and - ta daah! The magician produces a rabbit from the hat.

It was the handkerchief business, right? That was when the rabbit went in.

Except no, it wasn't. The rabbit went in when the magician turned the hat over - he had it behind the table, obscured from view and in a cloth bag.

This is the kind of fraud to which no one objects, because it's entertaining. We don't mind that we looked in the wrong place and were fooled. But when it's monetary fraud, when it's business, we mind a lot, and looking in the wrong place is no minor matter.

Fraud leading to loss can occur at any stage in a process. It's not just at registration or the initial transaction phase.

It can occur with any group of people too. It isn't just new customers. It could be an existing customer, who has taken time to establish a credible transaction history and has built a decent credit threshold with you before he suddenly begins to behave in very strange ways - showing purchase and behaviour trends that simply don't look "normal." Knowing how to determine whether that behaviour, while strange, is perfectly legitimate - or, alternatively, is a definite sign of account takeover - can set a business apart.  

But the fraudster doesn't always sit outside the business. In a 2011 Ipsos MORI survey, 50 corporate executives were asked which groups or activities were most likely to mount targeted cyber-attacks against the organisation. Topping the list, no surprise, was concern about organised fraud rings and professional fraudsters (58%). But 56% of respondents said they were almost as concerned about their own employees.*

In short, fraud can take place any time, any place, anywhere - and be committed by just about anybody. Fraudsters seek out weakness in processes. They look for flaws and inconsistencies, and exploit them. That's why removing slow, inaccurate and error-prone manual processes and replacing them with sound systems based on robust data is a pretty good idea. There are so many indicators to potential fraud - you have to be mindful of all of them, at all times - and automating your approach to fraud detection can really help. It means you're engaging in risk management, minimising the chances of fraud happening in the first place.

Complacency is dangerous and expensive. The stats prove it.** An incident of fraud costs a company a median figure of $145,000. But that's a median: the longer a fraud lasts before it's detected, the more the organisation loses. If it's caught inside seven months, the typical figure is $50,000 - but if it's allowed to continue for two years that number rises to $150,000, and if it's four years it's $363,000. That's why proactivity is so much better than reactivity: it costs less.

Fraud detection and prevention needs to be not a process, not a task to be assigned or a buck to be passed, but to become part of a culture that is embedded at every level of the organisation.

For more points of view on fraud and to find out about our approach to fraud management, visit 

* From SAS Conclusions Paper: 'A Layered Approach to Fraud Detection and Prevention' 2012
** Data from the ACFE's 2014 Global Fraud Study, 'Report to the Nations on Occupational Fraud and Abuse' 

.red { fill: #b0013a; }