However, from a broad perspective, there are a few basic steps that all security leaders should employ: First, and foremost, have a basic understanding of accounting principles. Assist in the implementation and utilization of sound accounting practices from a risk management perspective you should trust but verify accounting controls. Second, make sure that you are aware of the legal regulations that govern your field. Third, one simple guideline:communication. Effective communication plays a strong part in acquiring desired results. And fourth, implementation of an effective investigation processes; to include interviewing of witnesses, documentation, and analysis tools.
What kind of fraud scenarios do you typically investigate in the financial services industry? Fraud is constantly evolving as perpetrators co-opt the technological advances that are meant to assist us. Fraudsters are creating more diverse and complex schemes. That has required us to be more sophisticated in our approach to prevent attacks. (See also: Telltale signs of ATM skimming)
External fraud that we investigate is often check fraud, our biggest category and exposure. That's true across financial services.
Despite the continued growth of online payment systems, check fraud cases have continued to grow in both number of cases and total exposure amounts.
Today, fraud risk associated with the check fraud category is generally derived from organized counterfeit check ring activity. The majority of check fraud cases originate from foreign lottery scams, check overpayment scams, Internet auction scams, and work from home scams. Investigation of these incidents are a challenge as the individual that negotiates the fraudulent item is an unwitting participant in the criminal enterprise and the mastermind behind these schemes is usually located outside of the US. Institutions are also experiencing a significant increase in internet and cyber-based crime.
Other external fraud includes wire fraud, ACH fraud, AML issues debit card fraud as a result of skimming devices, external loan fraud, identity theft, fraudulent accounts with fraudulent identities, online customer credential theft and hijacked accounts.
Internal fraud is globally on the rise. It is an ongoing challenge to our industry. I foresee a continued increase as fraudsters continue to take advantage of the relative anonymity that's provided by new technologies and the internet.
Criminals are energized by the current market for information. At one time, internal fraud simply meant a theft of cash. We now see that criminal activity from an internal perspective includes the theft of data. That is where a huge risk lies; particularly as related to customer data. Reputational risk, financial risk, and regulatory risk surround theft of data.