What other internal fraud do we investigate? Really any internal theft. It could be falsification of an application. Manipulation of data. Theft from customer accounts. Customer data theft, where customer information is converted for fraudulent personal use or the stolen data is sold to organized criminal groups.
Why do you think global fraud is on the rise? Is it a by-product of the economy or do you think it's that technology enables it more now? I think it's really based on the technology. Although we have controls in place to assist in addressing vulnerabilities, fraudsters co-opt the technology and utilize it to create more diverse schemes. It is an ongoing battle as we attempt to stay one step ahead of the bad guys.
What's the most challenging aspect of fraud investigation? To me internal fraud is the most challenging, due to the time it takes for an internal fraud to be detected. Because of the time lag that is typically experienced between the initiation of the fraudulent activity and its detection, it's difficult for a financial institution to recover funds. That is one of the jobs of Corporate Investigations. It's our job to stop the bleeding and recover any funds available.
Historically, most fraud was reported via a tip; suspicions aroused from within an internal business unit, discrepancies noted by customers, etc. Today, it is important that companies implement data analysis in an effort to take a proactive stance against fraud.
At face value, data analysis is a fraud detection tool. When a fraudulent scheme is detected, an organization can take the necessary steps to prevent additional loss. Fraud detection begets fraud prevention. Strong data that is analyzed in tandem with knowledge of potential criminal schemes can effectively allow an organization to mitigate their potential fraud risk. Data analysis can assist an organization in the identification of counterfeit check activity, compromised accounts, potential insider issues and detection of potential regulatory issues.
Fraud detection / prevention systems that are used to identify potentially suspicious behavior should be flexible since they must account for the fluid nature of fraud schemes. A fraud analyst can determine if the flagged activity is an actual fraud or an anomaly. If the activity is confirmed as fraud, the issue should be escalated via the investigation process.
With data theft, it's really difficult to detect what data has been stolen and to what parties it's been transferred to. It is a long, arduous process that often requires a lot of forensic investigation on computers/systems that the individual might have accessed. It often takes a lot of law enforcement cooperation as well.