There is an evident shift in fraud typologies away from traditional real world frauds, such as card skimming, fraudulent documents, social engineering, etc., toward cyber frauds, such as cyber intrusion, phone cloning, malware and fake apps (mal-apps).
While these two realms don’t exist in isolation and many fraud typologies span both dimensions, the trajectory is continuously heading towards the cyber realm.
In the Asia Pacific region alone, financial losses from cyber fraud came to $81.3 billion in 2015 and exceeded losses in North America and the EU by about $20 billion. Asia accounted for more than a quarter of the $315 billion cost of attacks globally during this period. Reportedly, 90 percent of Asia-Pacific companies have been hit by some form of cyber-fraud last year.
Even frauds that have traditionally been real world in nature (such as collusion, mail theft, etc.), are adapting to the expansion of the cyber realm. As an example, internal fraud historically sits in the real world and is reported to cost on average approximately 5 percent of an average organization’s revenue. However, of late, it is adapting to leverage possible cyber vulnerabilities.
This was demonstrated in the case of Morgan Stanley, where an employee was accused of stealing customer information with the intent to sell to cyber criminals. Whether employees steal customer information or intellectual property, the need to protect your data not just from external threats, but the insider threat, has never been greater.
In this ever-changing environment, organizations need to ensure they are not only protecting themselves against real world frauds, but also against growing cyber fraud.
Traditional fraud detection, such as internal controls, red flag monitoring and internal audit, is still capable of protecting organizations against real world frauds; however, as fraudsters move into the cyber realm, fraud detection methods needs to follow.
The basis of cyber fraud revolves around an organization’s data and a criminal’s ability to manipulate, access or steal that data. Whether this occurs through malware, intrusion or phishing, the result is nearly always, but not limited to, financial loss to the organization. Therefore, the key to better protecting your organization against fraud is to have fraud detection methods that span the real world and the cyber realm.
For example, predictive analytics, statistical analysis and machine learning can enable organizations to defend themselves in a more effective manner. In its Report to the Nations (2016), the Association of Certified Fraud Examiners identified that organizations with proactive data-led fraud detection, were able to reduce their median fraud loss for an organization by up to 54%.
Data-led solutions, which leverage the power of the data that the criminals are so desperate to steal, provide a bright light at the end of the fraud detection tunnel. As fraud moves towards the cyber realm, it is imperative that organizations follow and arm themselves with the right tools to better protect their organizations so they aren’t bringing a knife to a gun fight.
Allanna Skeels is the regional lead for data analytics in Asia Pacific for Control Risks. She specializes in providing data-led proactive solutions to reduce fraud and financial crime exposure, fusing intelligence techniques and data analytics to enhance investigative methodologies and providing insightful analysis and forecasts to reduce risk exposure. Allanna is based in Sydney.