The smarter criminal
We are all aware of the great technological strides made in recent years and how this has affected the way we do business. This is particularly relevant in the financial services arena, where we have all benefited from the ease in which we now move money around and conduct a whole array of transactions which, in the past, would have involved a lot more hassle.
Obviously, with these advances, we have also been faced with many challenges, the most daunting of which being how criminals have adapted to this new environment in plying their trade.
The issue at hand
There are always stories in the press on high profile hacking crimes, from Electronic Funds Transfer (EFT) theft and fraud, to credit card scanning, but how bad is it really? From our perspective, as a specialist commercial crime underwriter, the current issues are not different to the traditional ones and include the ubiquitous stock theft, payroll fraud by means of ghost employees and rolling of cash receipts (robbing Peter to pay Paul). All of these are easily avoided by implementing a few, very basic, controls.
Do background checks
What has been astonishing in recent times, however, is the number of companies employing people in influential and sensitive positions of trust without doing any background checks on them.
We have experienced three such incidents in the first quarter of this year alone where the culprits involved in frauds were employed despite their criminal records.
The first involved a Sales Manager at a motor dealership with five outstanding warrants and who was on a most-wanted list, then there was a bookkeeper with two previous fraud convictions and, lastly, an employee dealing with pension fund surpluses who had a theft conviction in his past.
If you consider that there are policies in the industry that includes a facility where insurers arrange screening of policyholder’s employees for criminal records, credit record
and fraud register, there is no reason that all three of these frauds could easily have
been avoided with very little effort and no expense.
Going hi-tech
From a technological perspective, cheque fraud has been replaced by EFT fraud but, in our experience, the risk in this regard has probably improved. Cheque fraud had become extremely sophisticated and increasingly difficult to prevent, whereas EFT transactions are relatively simple to protect, by implementing some very basic controls.
These include maintaining proper password protocols and ensuring basic segregation of duties so that a single staff member will be unable to load beneficiary details as well as process payments. The payments should then be authorised by a further two pre-approved signatories. A very common type of claim experienced by us is where employees have replaced a creditor’s banking details with their own and they then have management authorise transfers into their own accounts on the back of legitimate invoices.
Going back to basics
Probably the most common losses experienced currently is where crime syndicates pretend to be suppliers or creditors, and advise companies that their bank details have changed.
All too often, the validity of the relevant communication, and the new banking details, is not checked, and very soon large amounts of money are lost to the fraudsters. These losses are not covered by commercial crime policies but are easily avoided by requesting a cancelled cheque or letter from the relevant bank validating the information. I would suggest that a further check with the supplier be conducted in addition to the bank check, using existing contact details and not those on the bogus letterhead, often a cell phone number which should send alarm bells ringing.
In conclusion, commercial crime insurers are not necessarily being adversely affected by advances in information technology at this point. Hhowever, we do expect this to become more of an issue in the near future as criminals sharpen their skills in this area.
