Ana-global.net

‘on-line fraud, behind enemy lines’ by Ian Ross

Online and corporate fraud remains a serious concern for global Business. But
this paper argues that part of the problem in tackling the ever evolving nature of
fraud comes from the very techniques and approaches used to prevent it. The global market research and survey company „Frost & Sullivan‟ estimate that there are 2.28 million information security professionals worldwide. This figure is expected to increase to nearly 4.2 million by 2015. Naturally security compliance is a must for all companies, companies that form an IT backbone. Consequently, the Information Security industry is going through an exponential growth rate. Current worldwide growth rate is billed at 21%. The information security industry is currently over $100 B ($60 B in US, $ 20B UK, $4.5 B Japan, over $1.5 in India). So acknowledgement and „credit‟ where it is due, must go the financial institutions for the marked increase in fraud prevention controls over the past 3 years, especially formulated to grow with the surge in popularity of social media, e-commerce, and mobile services. E-finance is proof of the benefits consumers are enjoying from information and communication technologies. But there is also the creation of a worthless fraud prevention sub-market of its own; the creature of „solutions‟ based IT resources being a means of leeching off the need for security and fraud prevention; namely a fixation on selling as opposed to securing – an entity which has been proved in the security industry generally over the past ten years (in fact “yes” there is a CCTV camera near you, you need this to make you secure and it does ever such wonderful things by the way….) These same technologies can create harm, when personal consumer information is stolen by way of fraud and identity theft. Or is it purely down to the „technologies”? Studies show that information systems workers, as expert as they in matters technical and analytical, lack basic security knowledge. Proof? Since 2005, an estimated 543 million records have been lost globally from over 2,800 data breaches, and identity theft caused $13.3 billion in consumer financial loss in 2011 (BJS, 2011). Thus it is a major challenge for policy makers whose job is to keep on the right side of the law while trying not to lose the business, by balancing ex-ante regulation with ex-post litigation to protect both consumer and commercial interests. Furthermore, a survey among lawyers in the USA, UK and Europe shows a serious concern about Cloud Computing Services (using software as a service, users rent use of servers. Cloud providers manage the infrastructure and platforms on which the applications run). Lawyers clearly state that data in cloud is a „business risk‟. Yes that it so, but when we look beyond the business risk, there emanates a conflict, which in turn equals risk of loss to fraud and puts companies at risk of massive penalties because of „naturally occurring‟ data protection transgressions. Legal experts contacted by ‘Future Intelligence’ (independent IT expert analysts) say that in its current state, the cloud technology system worth £14.4 billion globally to the technology companies promoting it, puts companies trusting personal data in breach of data protection legislation. But the legal experts have also uncovered the potential for corporate fraud. The natural cross-over opens the can of worms which squirms off in different directions: data fraud, breaches of auditing standards (which could constitute an offence in its own right of fraud by failing to disclose information if cover-up attempts were made) financial statement fraud, „skimming‟ or understated sales or debtor payments……… IT security is great, but is a mere sticking plaster. Therefore, getting behind enemy lines, as opposed to following never ending sales-lines may warrant some thought. The battle-plans drawn up by fraudsters vary as much as the countries in which they operate, some with single-cause fraud motives, or those who attack with a scatter of scams, cyber-attacks and multi-layered and organised and systemically networked financial crime activity. On-line fraud will come into play at either one or at all of the stages of the activity, especially when extensive money laundering is concerned. For example, one downtown multi-national office you are gazing in awe at, could be better named as „Crime Inc‟ (we wish) but more pertinently, the operation will be high-tech, security will be very good, and the employees who stampede out at the end of the day will be very well looked after. What is the crux of the matter is the side-line involvement with worldwide business pursuits, such as betting (on-line fraud certainly included) gambling, sports (complete with match-fixing) over to car dealerships, real estate et al. One hub feeds out to many lines and outlets of money laundering or specific fraud or corruption. This is not a conveniently conjured up example, it is one proven case of one organisation. Other organisations as we know run their money laundering and fraud as an ingredient through their own business lines; subtly disguised and „tweaked‟ to suit them and resist investigation. By some estimates, the war on drugs just in the USA has cost close to a trillion dollars. What has that vast expenditure bought? Very little. According to the government‟s latest “Survey on Drug Use and Health,” more than 22 million Americans – nearly 9 % the U.S. population used illegal drugs in 2010. Is there an inescapable link to fraud in order to fund drug habits? Afraid so. Many criminals have gone beyond shoplifting to do this and say “ID theft is the way to go”. And laundering drug money is often done on-line and by social networks. Hence, the amounts of money involved are de-facto immeasurable, staggering figures (that fraud institutions and the „big 4 auditors‟ are reluctant to admit to). So where are the systems and „controls‟ etc etc which control this? Answer 1: the financial institutions cannot even agree on what fraud is half the time. The whole concept of fraud falls down when it gets to the measurement of fraud, with private sector regulators insisting upon creating their own definitions and wildly inconsistent financial fraud measurement parameters. Answer 2: we are spending far too long „developing‟ and indulging the same recycled and lame initiatives. Yes we have the Financial Action Task Force (FATF) which rolls out it‟s „priorities‟ it‟s „initiatives‟ and its „recommendations‟; example - the G20 summit talks whereby the participatory agenda is thick with tactics from all parties. Sorry, but there isn‟t much looking beyond the obvious. Academic research, deeply involved as they are, but with no up-take on converting such projects into workable fraud-fighting resources, structured by perception and ability, as opposed to their formation, their training, their efficiency, being akin to producing an instruction sheet about assembling a piece of flat-pack furniture. A massive void from the woolly strategic to the operational - and not helped by a lack of data sharing and lack of co-operation with external enforcement resources, of which the banks are notoriously guilty of. And - demonising certain nations as being „rife‟ with fraud and corruption, following dubious statistics and dealing in nationalistic stereotyping has led to a certain way of thinking. That is not to say that massive corruption does not go on in African countries for example, but commensurate levels of corruption also exist in countries that have a benevolent image (i.e. the UK – and I don‟t even mention the rate fixing fraud in the banks…) Our anti-fraud institutions still insist working on repetitious and tired partnering initiatives with dated approaches to engaging stakeholders who carry with them their own political, legal and cultural baggage. This continues locally and globally and forever keeps us behind the times and behind the criminals (if this is not true than why has global fraud reached unprecedented levels?). Ironically also, and not just the FATF, but they provide an example when in June 2012, the FATF Plenary issued a statement (concerning Turkey), which reviewed the „voluntary‟ tax compliance programmes (tax fraud to you and me) in Curaçao, Spain and Pakistan and issued three new reports to outline new trends in money laundering and terrorist financing. Wonderful! Hence there is no real „diversion‟ in dealing with our money launders, or corruption hyenas, so what we are doing in reality is following a „labelling theory‟ which drives the anti-fraud initiatives down an aimless avenue, with all the verve and purpose of a bureaucrat driving a steam-roller – one which is stuck in first gear and has no steering wheel. More enemies behind the lines or those „within‟ are presented by recent cases involving for instance GlaxoSmithKline, fined $3 billion for promoting the popular anti-depressants Paxil and Wellbutrin for unapproved uses. The fraud implicit within this case is hidden to most, yet creates another example of fraud slithering around between different types of crimes and other crime becoming a vehicle for fraud. Oxford University‟s academic publishing arm, Oxford University Press (OUP) was ordered by the UK High Court to pay a fine of almost £1.9 million, following the discovery that two of its African subsidiaries had been involved in corruption activity. “We don‟t tolerate such behaviour” thundered the Chief Executive, with all the tacky rhetoric one can summon, and sudden strategically bought integrity by donating a couple of million to buy books for „deprived regions‟ in Africa (and why was the investigation confined to Africa one asks?). But one STUDENT Jack Ramsden commented that it was “refreshing to see a company committed to openly rooting out its corrupt elements”, but interestingly added, “I do wonder how OUP‟s board can have failed to be aware of its subsidiaries‟ practices, and why it took an external authority to compel the central board to monitor its fringes”. It goes back to our earlier points here; by showing the disconnection between those in senior influential positions, who take fraud „oh so seriously‟, by reading from the manual of decorous but sham responses when caught committing fraud) to a student who made more fraud related inputs then any of those who have corporate governance responsibility for preventing it. Away from specific „offenders‟, one colleague in South Africa called for the need to get back to some sound box-standard investigation approaches to fraud. He argues that we have gone too far in relying on technology (and he is the owner of a company that fights cyber-crime by the way!). „Micro Finance‟ in the un-banked sector of the population means those people that least can afford it being forced to pay large sums of money in interest. This is resulting in the poverty gap increasing. Certain countries such as South Africa have a legislated a system to control Micro-loan companies. This caps the costs; however the rates are still extremely high. But it doesn‟t end there …… Facts of such practices, involving extortion („agents‟ in the workplace), fraud, forgery, corruption, that if taken in isolation the full facts and caustic aggravating features of these serious cases would not be captured, offenders would get off very lightly. So would it not be expedient for cameras to be installed in all legitimate Micro-Loan Lenders premises and pictures taken of each person given a loan to be attached to their application? However this may be considered an infringement on the person‟s right to privacy! In the USA, seemingly genuine religious organisations, who are really acting on behalf of criminal groups often deposit cash „donations‟ in their bank accounts, alleging the funds are given by worshipers. In another scheme, debit and prepaid cards help money launderers move enormous sums, broken into countless small amounts and of course across international borders without triggering financial controls that monitor larger transactions. A good reason why we should get „behind enemy lines‟. In Japan, the „Yakuza‟ are of course a well-known criminal organisation with a history going back to the 1600s, whose activities do not involve „street‟ crime, as this is undignified. No, today they are behind the vast cyber-fraud and create more fictitious investment scams than any other country and control 30% of Japan‟s international financial transactional operations. Lest we forget those who are meant to be the most assiduous of all - but are not! Police corruption, yielded by fraud and corruption, such as taking bribes, investigative malpractice, and yes everyone, UK tax revenue IS actually someone else‟s money and not a slush fund for fiddling overtime. And in Mexico we have a landmark example of how this is a recognised problem that at last seems to be being taken seriously? The new President elect Peña Nieto insists he will keep to his mandate of dismantling the 'Ministerial Federal Police as it became in 2009 (that is until the allegations of buying votes are resolved) as the Federal Investigations Agency was restructured and renamed by the Attorney General's Office, who reported that one-fifth of its officers were under investigation for criminal activity. Watch this space! We could go on globally; the Russian FSB (which replaced the KGB) is of a construct that enjoys expanded „responsibilities‟ but yet has immunity from parliamentary control. Its budgets are never published. So the thousands on the streets of Moscow were not exactly demonstrating just about high taxes! In fighting fraud, we have more facts to contend with than many prefer not to acknowledge. No-one denies that the human element needs to be controlled by an amount of automation, but when it is taken away we see this building of total reliance on what is but one means of preventing fraud (and yes fraud does go on outside those walls). In reality, the sheer myriad of fraud schemes and corrupt players creates not just an „us and them‟ situation, we have „us and them and them‟! Relying on preventive controls is not enough!

Source: http://ana-global.net/pdf/1372335727.pdf