Get in the fraudster’s mind: the way to fraud mitigation

An estimated $67 billion was lost to banking fraud in 2014, with nearly 75 % of it being internal. Most alarming, the majority of this fraud remains undetected.

Trying to fight fraud by screening transactions is a losing battle. It’s already happened. A better place to start is with an understanding of who is committing these crimes. This understanding gives organizations the opportunity to implement fraud mitigation strategies that follow fraud patterns to spot red flags and potentially catch thieves in the act.

Most internal fraudsters are in fact just ordinary people. While warning signs are often seen in their behavior, such as living beyond their means or schmoozing too much with vendors or customers, these are often only understood in retrospect. According to Donald Cressey’s fraud triangle, three factors come together to incite ordinary people to commit fraud: pressure, opportunity and rationalization. This triad provides a good place to take a peek inside the fraudster’s mind.

Pressure/incentive
Typically, a fraudster finds themselves in the face of an out-of-the ordinary situation that causes a serious pressure. Common examples include:
•    An inability to pay the bills
•    An addiction such as drugs, gambling, etc.
•    A need to meet earnings to sustain investor confidence
•    Need to meet productivity targets
•    A desire for status symbols such as a bigger house, a new car, etc.

Opportunity
Circumstances often make fraud surprisingly – and unfortunately – easy. For example:
•    Absence of or inefficient internal controls
•    A position of trust that can be abused
•    Means to conceal the crime
•    Perceived opportunity for high profits
•    Perceived low risk of getting caught

Rationalization
An ordinary person committing fraud has to be able to rationalize their crime, making it seem logical, acceptable or justifiable. This isn’t about making excuses once they are caught. Most of us don’t wish to think of ourselves as criminals, and the internal fraudster – who is, remember, ordinary like you and me – can justify their crime to themselves. Some rationalizations include:
•    “I am only borrowing the money”
•    “I was entitled to the money”
•    “I had to do it to provide for my family”
•    “I was underpaid, I deserved more”
•    “My employer is dishonest and deserves to be fleeced”
•    “It’s just a drop in the bucket anyway, it’s nothing to them”

What can be done about it?
The points at which you can intercept fraud can be viewed as six stages – 6 C’s3 – in the process of the crime.   

  1. Case: As the plot is being built (making inquiries, small-scale run-throughs, etc.)
  2. Commit: Red-handed as the crime is being committed
  3. Conceal: As the fraudster conceals their crime
  4. Convert: As the fraudster converts the crime to the usable benefit (withdrawing money by cheque or ATM, etc.)
  5. Catch: As the institution performs appropriate investigative and evidence gathering
  6. Control: After the act as the institution implements internal control measures to prevent future events

In the usual scenario, the tools used by financial institutions enable them to see fraud only at the last two stages – catch and control! Clearly, this isn’t good enough.

The key to not only catching more fraud acts but also to being able to do something about it is to understand what is going on in a fraudster’s mind. With this knowledge converted into policy rules and predictive analytics, smart behavioral analysis technology can be used to correlate actions from across the systems. Tracking and alerts to unusual behavior, at anytime, anywhere within the system, enable organizations to step in at any of the six stages to mitigate or even prevent fraud.

Joël Winteregg, NetGuardians CEO & Co-Founder

1)    Association of Certified Fraud Examiners: Report to the nations on occupational fraud and abuse: 2014 global fraud study
2)    Donald R. Cressey, Other People's Money (Montclair: Patterson Smith, 1973)
3)    Adapted from: Everett Colby, CFE, FCGA: Fraud and internal controls, Part 3: Internal fraud schemes. CGA Professional Development Network

This article first appeared on the Temenos blog.