Fraud Management

Fraud, by its text book definition, is an intentional deceitful act made for financial gain or to malign other individuals / companies good will and is considered to be a criminal activity. With the rapid rise in technology, frauds are a significant threat to any type of business and cause both financial as well as reputational losses. Fraudulent activities are on rise and surprisingly many of those come from internal sources and not from external sources. Hence the organizations are facing hard time detecting and preventing the frauds. Despite major advances in fraud detection and prevention technologies it is difficult to entirely eliminate fraud since the fraudsters are often the smart and white collar people who know in and out of the system and the business. Hence the need arises to put controls in place which can ensure that frauds can be nipped in the bud and any malpractice should be able to send out early warning signals to the business. However technology being a double edged sword this is sometimes easier said than done.

That being said fraud prevention / detection does not have to be rocket science. Even basic due diligence, ideas like maker checker concept can do a long way in helping companies protecting their assets and reputation and here are some of them

• A periodic review of information security management controls on the IT systems, network and data security services is essential. This may get viewed as a huge investment but need not be so. Even simple steps can go a long way in protecting company sensitive data. For example

1. Have a well defined user access management policy for granting / modifications of access
2. Having a strong physical environment policy
3. Restricting uploading of files to external sites
4. Restriction on attachment sizes for emails
5. Scanning of emails being sent to external and personal accounts
6. Restriction on USB ports and printers

• Sensitive information should be discarded in such a manner that it does not remain available to anyone. Fraudsters can retrieve sensitive information from “disposed off storage devices”, for their benefits. In financial institutions a person’s name, address, DOB are valuable and fraudsters can use this information to manipulate someone’s identity and commit fraud under someone’s else name. This is where again technology can work for or against you. Data disposal techniques can help companies erase sensitive data completely so that even if someone does lay their hands on the device information cannot be obtained.
• Another emerging trend which can also be categorized under the same bracket is “Industrial espionage”. One important thing to be considered to prevent this from happening is conducting a background check before hiring employees. By performing background checks companies can get to know about the past records, or any other fraudulent activities if any.
• With so much of company data being available online(especially for public listed companies) businesses should secure their websites by adding the security services of SSL/TLS to standard HTTP communications which will indicate to it users / customers that the website is secure. This should be done especially by the banking institutions and ecommerce websites since transactions happen over such websites and users share their credit card details. Such websites should also be compliant to Payment Card Industry Data Security Standard (PCI DSS) standards. This increases user confidence in conducting transactions over the website and enhances the company reputation.

With all the fraud prevention mechanisms being put in place the truth is that it is not technology that commits a fraud. It is technology in the wrong hands that causes a problem. Hence it is very important to tackle this aspect of fraud preventions. All users must be educated on the company policy do and don’t. The company should have a zero tolerance policy towards any fraudulent activity that has been committed. Users should be encouraged to come forward and report and wrong doing that they suspect. This can be encouraged by helping them do this anonymously. Organizations need to understand that technology, only with the right human support, can help in preventing frauds and that it cannot be the other way around. 

With Manage IT as your IT solution provider, with its ITIL based Manage Security Module it helps you enhance IT Security efficiently.

Click here to know more about our ManageIT Services

About Author:

Dimpy Thurakhia is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at dimpy.t@spluspl.com