New technologies: new fraud?

The digital revolution has transformed the corporate landscape and accelerated the process of globalisation; linking businesses and individuals irrespective of time and location. However, the virtues of this enabling technology also present new opportunities for criminals.

Personal information is collected in abundance by a range of organisations and the value of such data is rising. In the wrong hands, this data can be used to defraud individuals and companies, which is why digital security systems are constantly under threat from hackers. Moreover, fraud is a risk likely to increase as machines become more connected, according to Marsh SAS directeur adjoint FINPRO & risques spéciaux Luc Vignancour.

Speaking before the conference Vingacour said: “Everyone is vulnerable to fraud because personal data is being collected everywhere.”

“From supermarkets to online shops, customer data is being stored and monetised. Businesses are collecting anything from basic information, such as first and second names, email addresses and gender; to the finer details of spending habits.”

Furthermore, people are volunteering information about themselves on the internet through social media sites, such as LinkedIn, Facebook and Twitter. Vingancour says that this and an expected rise in popularity for the internet of things (IoT), or machine-to-machine technologies, will significantly increase the risk of fraud in the coming years.

“We’ve seen fraud increase with wi-fi connectivity making the exchange of data incredibly easy and as more IoT products come on the market, more and more data will be exchanged without users being aware of it,” says Vingancour.

With the value of data rising, cyber criminals have become more sophisticated and professional to ensure maximum returns from their exploits. Vingancour says modern hackers employ many techniques and methods for obtaining valuable data. One such strategy, for example, has seen fraudsters target senior corporate executives on business trips.

“Malicious attackers are spending huge amounts of time analysing data from company websites, emails, LinkedIn and other social media outlet to find information on, for example, the financial director,” Vingancour says.

“If, in their search, the perpetrator discovers that the financial director is going on a business trip aboard. The criminal, with all the other information they have collected, could pose as the financial director while they are away and request for a bank transfer to be made.”

Arguably, this meticulous approach taken by hackers, means that firms of all sizes are vulnerable. Global corporates retain swathes of data about their clients or customers making them ideal targets for hackers and many multinationals have featured in the headlines for this reason in the past five years.

From a strategic risk management perspective, Vingancour says businesses must accept they will be targeted by fraudsters; their security will be breached and firms should take mitigating action from that point.

“The best thing risk managers can do in terms of preventing the risk is to believe they will suffer from fraud. Once in this mindset, it would then be useful to consider software and other tools to detect cases of fraud,” says Vingancour.

“Encryption tools are also useful and should be invested in. But it is also important businesses use a variety of security tools. Passwords are not enough and firms should consider finger print scans as an additional option.”

An industrial attitude towards obtaining data and defrauding organisations and individuals has arguably increased the risk to corporates. Vingancour says risk transfer solutions are sensible but risk managers should consider their particular exposures with a broker before buying a policy.

“Risk managers should consider what their company’s risks are and then approach a broker rather than consider what type of insurance they need. By taking this approach, a risk manager can get the best possible advice from their broker or insurer.”

Although the market offers standalone fraud and crime cover, these policies may not include all types of fraud, says Vingancour. In this scenario, he says liability contracts may be better suited to cover the firm’s exposures.

The risk of fraud is not new for corporates, however, the digital revolution and subsequent data boom has facilitated an industrial approach for capable perpetrators. Not only is the value of data rising, data is being produced exponentially and this means fraudsters have more to target.

As a result, coprorates and employees face a rising level of fraud risk, leaving risk managers with plenty of decisions to make to mitigate the risk, says Vingancour. 

“It isn’t possible to provide 100% protection for your business when it comes to fraud and/or cyber attacks. So the best approach is for businesses to believe that an attack is imminent and take the necessary steps to prevent it.”