Fraud Detection

Fraud detection should form part of an organisation’s overall anti-fraud strategy to identify and stop new or historical fraud at the earliest opportunity. Effective fraud detection saves money and protects businesses and their employees, shareholders and customers.


What is Fraud detection?

Fraud detection is the identification of actual or potential fraud within an organisation. It relies upon the implementation of appropriate systems and processes to spot the early warning signs of fraud.

Key elements of a robust fraud detection strategy include:
Ongoing risk assessments
Staff training and awareness
Fraud reporting mechanisms
Data-mining and analysis
Manual checks and balances
Systems, processes and control reviews

Even the most comprehensive fraud prevention controls can be circumvented by a determined and skilled fraudster. Fraud detection techniques can help to uncover new fraud in action as well as historical frauds.

The benefits of effective fraud detection:
· Saves money and protects businesses and their employees, shareholders and customers.
· Reduced exposure to fraudulent activity
· Identification of vulnerable employees at risk of fraud
· Reduced costs associated with fraud
· Refined organisational controls
· Improved financial and operational results
· Improved shareholder confidence and market position

The hallmarks of effective fraud detection:
1. Have a fraud detection strategy in place
2. Introduce a robust system of internal control for the detection of fraud
3. Establish a credible mechanism for staff to report suspicions of fraud
4. Ensure that your organisations exposure to fraud is considered when introducing new, or when amending existing systems and processes
5. Keep your risk register up-to-date
6. Implement systems and processes to detect the early warning signs of fraud.
7. Be alert to possible collusion between staff and third parties
8. Ensure regular evaluation and monitoring of fraud detection controls
9. Review your ant-fraud strategy on a regular, preferably annual basis
10. Take account of changes in business activities and/or control procedures that may open up new potential fraud risks.
11. Undertake pre-employment screening of prospective staff
12. Consider conduction ongoing periodic checks for staff in high risk areas
13. Ensure regular monitoring of compliance with fraud prevention and detection policies, processes and controls
14. Introduce a fraud response plan to deal with any frauds that come to light.

Things not to do
1. Adopt a generic control procedures and policies across the business where the risk of fraud varies by business area
2. Ignore ‘red flags’. Certain industries and/or activities are exposed to specific fraud risks
3. Rely on fraud to be detected by luck or good fortune
4. Sweep reports of fraud under the carpet

sourced from Fraudadvisorypanel.org

Cybercrime - Don't be fooled

Cybercrime

Most people now use the internet as part of everyday life – to shop, manage personal finances, conduct business and to socialise. But its rise in popularity has meant that it has become a lucrative and anonymous way for fraudsters to prey upon victims.

The term ‘cybercrime’ is often used to describe frauds that are attempted or committed using a computer and/or the internet. It covers a range of activities, including computer hacking, virus attacks (such as ‘botnets’, ‘malware’ and ‘adware’), fake websites, cyber-stalking, email scams, and cyber-extortion, to name a few.

In most cases these activities are designed to steal a victim’s personal, bank account or credit card details for use in fraudulent activities, or to use their computer in an attack on someone else.

Some common types of internet and email scams include:

• Advance fee frauds (sometimes called ‘West African 419’ frauds): you receive an unsolicited email from a person who claims to have access to a large amount of money and needs your assistance (and your bank account) to move it in return for a percentage of the cash.

• Lottery scams: you receive an unsolicited email advising that you have won the lottery, a yacht, a holiday or some other prize – despite never entering a lottery or prize draw. You will be asked to pay a small administration fee to receive the prize (which never arrives). Many of these scams originate overseas.

• Work from home scams (sometimes called ‘money mule’ or ‘money transfer agent’ scams): you receive an unsolicited email from a person you don’t know who wishes to use your bank account to receive funds. You will then be asked to make a payment to another person or organisation after deducting a percentage as your commission or fee. Victims are sometimes lured through fake job advertisements.

• Phishing or vishing scams: you receive an email purportedly from your bank, HMRC, or other legitimate online business such as a shop or auction website. The email will contain a link to a fake but credible-looking website or ask you to call a specified number, where you are asked to update your personal and/or account information. Note: banks and other legitimate online businesses will not do this!

• Scareware: you access a website and receive a ‘pop-up’ telling you that you have some or all of the following – spyware, malware, virus, a Trojan, or pornography downloaded onto your computer. This may be accompanied by a barrage of other pop-ups. You are then offered a programme to purchase which can remove all of the above.

• Game cheat and file sharing websites: your computer is infected by malware when you download a game cheat, or share files online.

• Social networking: you post personal information on your profile page or disclose it on ‘live chat’ facilities which is then used by cyber-criminals to commit identity fraud.

• SMS phishing scams (sometimes called SMiShing): You receive an SMS text to your mobile phone confirming you’ve signed up for a service you know nothing about and will be charged a daily fee unless you cancel the order by visiting a specified website. The website then downloads a trojan onto your computer which enables it to be remotely accessed and used by cyber-criminals to attack other servers.

Source: Fraud Advisory Panel

See our earlier post on how to protect yourself from identity theft.

Avoid on line Rip-off's

Don't let fraudsters get away with it

Online shopping and banking is safe and secure if you follow a few simple guidelines and use your common sense.

If you’re shopping online, look for clear signs that you are buying from a reputable company:
• Do they have a real-world presence? Can you see their address and phone number?
• Is their website secure? Look for ‘https://’ and the padlock that should be present on the page you are using when you are giving any payment details (credit card), or personal information
• Do they have clear privacy and returns policies?
• If you’re not convinced, search for the company on the internet and check their reputation. Call them. Trust your common sense and if necessary buy elsewhere.

If you’re using an online auction site, such as eBay, a few simple steps can make things safer:
• Before you start, understand the auction process, the site rules and the auction company’s own safety advice.
• Get to know the buyer or seller. Ask questions. Check their feedback.
• Learn to pick good sellers. Their items have clear descriptions and they will answer your questions.
• Don’t give away your password or personal details.

When it comes to handing over your money, choose a safe way to pay such as PayPal or a credit/debit card.

Conmen are very good at persuading you to do what they want. Learn to spot the telltale signs of social engineers:
• They will promise huge rewards: lottery wins, lost inheritances etc.
• A false sense of urgency.
• Odd, superfluous details.
• Requests for upfront payments or private information.

Keep your guard up and use your common sense. It’s your money so if you get a bad vibe, walk away. Don’t be rushed into anything. Talk to someone you trust before making any big decisions. Remember, if it looks too good to be true, it probably is.

Source; Action Fraud

Bluemoon In Irish Independent 3 March 2011

Please see article below which was published in The Irish Independent

Anglo insider 'tipped Drumm off' about debt investigators
By Shane Phelan Investigative Correspondent
Thursday March 03 2011

AN Anglo Irish Bank official leaked sensitive information to its former chief executive David Drumm in the months after he resigned, the Irish Independent has learned.
Ken Drumm (42), a brother of the former Anglo boss, claimed in a sworn affidavit that his sibling was tipped off about contact between the bank and a firm of private detectives.
The detective agency, Bluemoon Investigations, offered Anglo its services in tracking down absconding debtors.
The disclosure -- contained in papers lodged with the High Court -- suggests at least one Anglo figure loyal to David Drumm was leaking information that allowed him to stay one step ahead of the bank's new management team.
Anglo has been trying to hold the former chief executive to account for a series of disastrous decisions and force him to repay borrowings of over €8m.
According to Ken Drumm, his brother was told the detective agency made contact with Anglo around May 2009 -- six months after he quit the bank and moved to the US.
At the time, David Drumm was not making repayments on over €8m from Anglo. He would later file for bankruptcy.
Deception
Anglo did not take up the services of the private detectives, but an internal unit was tasked with investigating actions David Drumm (44) took at the bank's helm.
This action culminated in the announcement, last month, that the bank intended to sue him for misconduct and deception.
Ken Drumm, a builder and nightclub boss, made the tip-off claims in papers filed as part of a dispute with a finance firm.
He is being sued over alleged debts by Dun Laoghaire-based Celtic Invoice Discounting (CID), which has the same owners as the Bluemoon Investigations agency.
In an affidavit, seen by the Irish Independent, Ken Drumm said his brother David was told by a person within the bank that the private investigators had offered their services.
Ken Drumm also stated that he was contacted with other information around the same time by a "senior manager" at the bank.
He did not name the officials who contacted him and his brother, but stated he intended to refer to their claims in defence of the CID lawsuit.
Anglo declined to comment on his claims last night.
The dispute between Ken Drumm and CID centres on an alleged debt of around €60,000, which CID claims is owed from a debt purchase agreement.
It says Mr Drumm was advanced funds for the running of Okohaus Superstructures, a construction company he ran that was involved in building schools for the Department of Education. The firm went into receivership in December 2008 and the debt has not been repaid, CID claims.
Mr Drumm has denied money is owed to CID and claims his reputation was adversely affected by comments allegedly made by CID's managing director Peter Kerrigan in a phone call to an Anglo official.
Bluemoon Investigations confirmed it wrote to Anglo chief executive Mike Aynsley in relation to its services, but said it was "mystified as to why anyone in Anglo would make David Drumm aware of this".
- Shane Phelan Investigative Correspondent

Practical steps to protect your business against Bribery and Corruption

Policies

Develop policies to provide practical guidance for all employees on acceptable business practices covering:
• Business ethics – to create a culture of ‘doing the right thing’.
• Conduct and how to deal with conflicts of interest.
• Gifts and hospitality

Processes

Ensure that policies are embedded into normal business practices:
• Undertake independent due diligence of all third-party agents and others who are in a position to pay bribes business.
• Ensure that all third-party agents and intermediaries comply with your organisation’s business policies and procedures.
• Review the management of indirect sales channels (eg, agents, advisors, consultants and distributors).
• Include in your terms and conditions of trade the standards of ethical behaviour that you expect of joint venture and other business partners.
• Maintain accurate and timely records of all transactions related to third parties especially in the sales and procurement areas of the organisation.
• Establish mechanisms to enable significant issues to be escalated within the organisation.
• Undertake regular reviews and conduct appropriate audit of relevant business processes to ensure that they remain up to date and corruption risk is identified.


People

The commitment of staff is crucial to the success of your business policies and processes. To this end:
• Set the ‘tone from the top’ as one of zero tolerance towards bribery, corruption and other related crimes.
• Assign specific responsibilities to the board and senior management. Ensure appropriate oversight and adherence to policies and processes.
• Introduce and maintain a credible mechanism for employees to report concerns.


Communication

Ensure that staff and third parties (including customers and suppliers) are fully aware of company policy:
• Communicate clear simple messages across cultures and languages.
• Introduce full disclosure on policy, process and breaches in all reports.
• Ensure disciplinary policy on breaches is communicated and enforced.
• Implement appropriate and ongoing training and education programmes.


Sourced from Fraud Advisory Bureau

Identity Fraud

The term ‘identity fraud’ is commonly used to describe the impersonation of another person for
financial gain. Fraudsters steal your personal identity and/or financial information and use it to
purchase goods and services or to access facilities in your name.

What is identity fraud?

Fraud occurs ‘when a false identity or someone else’s identity details are used to support unlawful activity, or when someone avoids obligation/liability by falsely claiming that he/she was the victim of identity fraud’.

Common types of identity fraud

Application fraud/account takeover:

A fraudster applies for financial services (eg, a new credit card or opens a new bank account) in your name or changes your postal address.


Impersonation of the deceased:

A fraudster uses the identity of a deceased person to obtain goods and/or services.


Phishing:

A fraudster sends you an email claiming to be from your bank or other legitimate online business (eg, a shop or auction website) asking you to confirm or update your personal information such as passwords and account details via a link in the email.


Present (current) address fraud:

A fraudster living at your address (eg. the same block of flats) or nearby uses your name to purchase goods and/or services and intercepts the mail when it arrives.


How does the fraud work?

A fraudster steals or acquires information about you. This may include:
· Your name
· Your current or previous address
· Your date of birth
· Your bank account or credit/debit card details
· Any other personal or financial information about you
· This information is then used to:
· Acquire new debit, credit or store cards Open bank or mobile phone accounts Obtain new passports or driving licences
· Apply for benefits
· Take out loans
All in your name. You may not realise that you have been a victim of identity fraud for some time. This is because the fraudster may intercept deliveries or redirect your mail without your knowledge or consent.

The Identity Fraudster
1. Steals/acquires personal/financial information about you
2. Uses this information to obtain finance/goods/services in your name
3. Intercepts/redirects goods/services
4. You stop receiving mail or receive mail about goods/services you know nothing about


What happens if you become a victim?

Generally you will not be liable for all of the debt incurred by the fraudster in your name. However you will need to rectify the damage caused by the fraudster (particularly. to your credit rating) and this can take time. 5 steps that you should take:
1. Report the matter to the relevant organisation(s) immediately. Follow their advice.
2. Obtain a copy of your credit report (available from credit reference agencies).Check for discrepancies. Go back to step 1.
3. Keep a record of all correspondence you make or receive in respect of the identity fraud.
4. Consider ‘protective registration’. A small annual fee is charged for this service.
5. Reassess your personal security strategies in respect of your personal and financial information. (Ask yourself ‘how well do I protect it and can I do anything differently?’)

In most cases it will be at the discretion of the organisation which supplied the goods and services to the fraudster to decide whether or not to prosecute. This is because the organisation supplying the goods or services is considered the victim in law – not you.


How to protect yourself

Be aware of the risk from identity fraud and safeguard your personal and financial information.

DO:
· Securely destroy all documents containing personal information before disposing of them.
· Remove your name from unnecessary or unwanted mailing lists.
· Arrange for your mail to be redirected if you move house and notify relevant organisations.
· If you don’t receive any mail, check with Royal Mail that a redirection hasn’t been set up in your name without your knowledge.
· Monitor your bank accounts regularly for any unusual transactions and close any banks accounts you no longer need.
· Review your credit report on a regular basis.
· Report lost or stolen personal documents and/or credit/debit cards.
· Limit the number of personal documents you carry to those that you need – leave the rest at home in a secure place.
· Use secure passwords and PINs – a combination of numbers and letters is best. Shield the display when entering your PIN into a cash machine or mobile terminal.
· Install anti-virus software and firewalls on your computer and keep them up to date.
· Limit the amount of information stored on mobile devices such as phones, PDAs and hand-held computers.

DO NOT:
· Disclose personal information over the telephone (especially a mobile phone), on the internet, by mail or in person to people you don’t know.
· Respond to unsolicited emails.
· Disclose your passwords and PINs to other people, even to family members.
· Use obvious passwords or PINs or the same password for different accounts.
· Let your debit or credit card out of your sight in restaurants and shops.
· Disclose personal information on websites that are not secure.


Source: Fraud Advisory Panel

Fraud hotspots in smaller businesses

Small and medium-sized businesses (SMEs) are particularly vulnerable to fraud in times of economic downturn; many lack the controls found in larger organisations and do not necessarily have the resources to combat certain types of fraud. This factsheet highlights some of the key areas of fraud risk.

Areas of fraud risk

All types and sizes of businesses are vulnerable to fraud. Smaller businesses can be susceptible to a very broad range of fraud risks and a small workforce can mean that it is difficult to segregate duties. Fraud can be committed by employees (sometimes called ‘internal fraud’ or ‘employee fraud’), third parties (such as suppliers and customers) and even by business owners themselves. Some of the most common fraud ‘hotspots’ are summarised below.

Customers

Card fraud: A fraudster pretends to be a legitimate customer and purchases goods using a stolen credit or debit card.

Non-deliveries: Customers falsely claim that goods dispatched from an online retailer have not been received.

Refunds: Customers steal goods from a retail outlet and then return the goods for a cash refund.

Employees

False or inflated supplier invoices:
Employees authorise payments for overpriced and/or non-existent goods or services and receive a ‘kickback’ (such as a cash payment) in return from the supplier. This is particularly noticeable in the property management sector where service charges are calculated on a cost plus percentage mark-up basis.

Fictitious refunds or returns:
Employees generate false refunds and either steal the cash value from the till or arrange for the amounts to be refunded directly to their personal credit card or bank account. Retailers are particularly susceptible to this type of fraud.

Ghost employees or contractors:
Fictitious employees and/or contractors are added to the business’ payroll and are paid wages and/or expenses.

Misappropriation of assets:
Employees help themselves to cash, stock, IT equipment such as laptops, and stationery or submit false expense claims.

Theft or supply of confidential information:
Employees steal confidential customer and/or client information and use it for fraudulent purposes.

Suppliers

False or inflated invoices: Suppliers invoice for more goods or services than were delivered or supplied, or invoice at a higher price than originally quoted. This may involve collusion with an employee to ensure that payments are authorised.

Long firm fraud: A business is set up with the purpose to defraud other legitimate businesses.

Property management: Over-charging by management companies using fictitious time records.

Other third parties

Corporate identity fraud:

A fraudster sets up a false company to trade or steals an organisation’s identity and/or financial information and uses it to purchase goods and services, obtain information or to access facilities in that organisation’s name.

Online banking fraud:

A fraudster gains access to the business’ online bank account and manipulates funds such as setting up standing order payments to his/her own bank account. Businesses that do not have adequate firewall protection are particularly vulnerable to this type of fraud.

Fraud warning signs

There are a number of warning signs that can indicate that fraud may be occurring within your business. These include:
• Changes in employee behaviour
• Changes in cash flow
• Stock shrinkage
• Customer complaints
• High turnover of staff
• Computer and network problems

Managing the risk of fraud

Your business can take a number of steps to reduce the risk of becoming a victim of fraud. The key elements of fraud risk management are:

Prevention

• Establish an ethical business culture. Develop an anti-fraud policy that clearly sets out the minimum standards of
behaviour expected of employees (acceptance of gifts, use of assets, response to theft etc) and lead by example.
• Minimise the opportunities for fraud to occur within your business. Review your business activities; identify the areas most at risk to fraud and introduce controls to prevent it. These might include segregating finance duties, implementing authorisation thresholds, conducting reference checks on new employees and introducing IT systems access controls. Controls do not need to be complicated or expensive.

Detection

• Be aware of the indicators of fraud. Introduce procedures to detect the early warning signs that fraud is taking place. These might include educating staff to spot common frauds and scams, introducing a reporting hotline, conducting spot audits (of stock, sales and purchase ledgers etc) and reviewing profit and loss accounts on a regular basis.

Investigation

• Make sure you are prepared to respond to a fraud being discovered within your business. Smaller businesses should consider a policy that independent professional advice will be sought at the outset of any fraud investigation. Larger organisations should include fraud as part of their disaster recovery plan. This should cover the investigation process (who, when and how), legal or ethical duties to report (to your shareholders, customers, bank, insurance company and/or regulator(s)) and public relations.
• It is important to remember that there are different standards of proof that need to be met according to the type of action you wish to take against the fraudster – disciplinary, regulatory, civil or criminal.

Insurance

• Consider the need for fidelity or crime protection and/or directors’ and officers’ liability insurance.

Review

• Business practices and activities change over time. Regularly review the systems, processes and controls you have in place to manage the risk of fraud to ensure that they remain current, relevant and appropriate for your business’ needs.

Indicators of fraud checklist

There are a number of behavioural and financial warning signs that can indicate that there may be a problem within your business. These should not be taken as definitive proof that there is a fraud; some employees will display one or more of these characteristics and be completely honest and trustworthy; others may display none but may be dishonest.

Employee behaviour:

• Increased levels of stress without a high workload
• Lifestyle not commensurate with salary
• Reluctant to take annual holidays
• Personal financial problems
• Tends to bend/break the rules
• Tends to be subject to complaints
• Works late or unusual hours
• Is unwilling to delegate
• Refuses promotion
• Cosy relationship with contractors and/or suppliers
• New staff resign quickly

Financial:

• Cash only transactions
• Large variation in expenses between offices/outlets
• Poorly reconciled cash expenses
• Poorly reconciled customer accounts
• Customer complaints
• Rising costs with no explanation or that are not commensurate with an increase in revenue
• Large volume of refunds to customers
• Unusually large inventories

What to do if your business suffers a fraud

Three steps that you should take are:

1. Report the matter to the gardai and other relevant organisation immediately. Depending upon the type of fraud this could include your bank, insurance company, suppliers and/or customers.
2. Consider seeking specialist professional advice.
3. Reassess the way your organization conducts and manages its business to ensure it is adequately protected against this type of fraud occurring in future.