Authored by Helen Langton, CEO, APAC and Middle East, International Compliance Association
Crises rarely announce themselves in advance, and the COVID-19 pandemic is no exception. It has been the great disruptor of the last 12 months, affecting the public and private lives of millions worldwide.
Criminals, always unscrupulous, have seized the opportunity presented to them by the pandemic to exploit new technologies and existing products and services to carry out their illicit activities.
For counter-fraud professionals, such threats are nothing new. The spread of the coronavirus has merely elevated the visibility of fraud for the general public and exposed to senior business management the seriousness of the consequences of underestimating the fraud threat.
In Southeast Asia, home to nearly 670 million people and one of the fastest growing regions in the world, business email compromise, e-commerce data interception, phishing, ransomware, cyber scams and crypto jacking were among the more prominent cyberthreats in 2020, according to Interpol.
With its burgeoning digital economy and cybersecurity infrastructures that are in varying stages of development across member nations, Southeast Asia has become a highly lucrative target for international criminal networks.
The increase in remote work arrangements, and the certainty of ongoing criminal activity, mean the challenges we face during this current crisis will persist beyond COVID-19. The following are among the key questions that will need to be answered if we are to be prepared for the new normal.
1. How do I keep up with changing fraud typologies?
Criminals have responded with characteristic ruthlessness and speed to exploit COVID-19. The Interpol report, which gathered data from the cybersecurity desks of local law enforcement groups and private researchers across Southeast Asia, revealed that cyber-scams and fraud incidence rose sharply during the pandemic.
In the first half of 2020, the Singapore Police Force reported it handled more than 4,200 cases of fraud, a 140 per cent increase compared to the same period in 2019, resulting in about SG$82million dollars of losses by victims.
E-commerce scams were also commonly reported and took place on digital platforms like Carousell, Facebook, Shopee and Lazada, and mostly involved gaming equipment and medical supplies like face masks and hand sanitiser.
The four most common types of cyber-crime in Singapore were e-commerce fraud, social media impersonation ploys, loan and banking-related phishing scams. Investment, internet romance deceptions and fraudsters impersonating government officials were also rampant.
Malaysia and Indonesia also saw spikes in cases. Malaysia reported a 22 per cent increase in fraud cases in the first eight months of 2020, compared to the same period the year before. In Indonesia, fraud constituted the second largest category of cases filed in the first eight months.
The risk surrounding new products and services, always susceptible to fraud, must also be borne in mind during these unprecedented times. Connected cards – a card given by one self-isolating to a trusted friend or relative – have been set up by the UK’s Starling Bank, for example. The risk of fraud has been mitigated by limiting purchases to in-store only, setting a £200 spend limit and the use of a PIN. These practical steps may not prevent fraud entirely, but significantly narrow the window of opportunity for criminals.
Knowledge of new products and services, including their potential flaws and loopholes, is a vital defensive tool in any anti-fraud department.
2. Criminals are flexible – How do I adapt and respond?
Criminals are without qualms when it comes to exploiting others for their own gain. For their illegal schemes to work, criminals ensure that they are flexible and act quickly as situations unfold. Counter-fraud professionals can, paradoxically, learn something from a criminal’s spontaneity. Though their methods change, their embrace of innovation tells us a much about how criminals work; recognising this helps anticipate and nullify new threats.
Equally, unsuccessful criminal activity is often hugely informative in exposing the methods and techniques that criminals adopt. Learning how criminals behave, and how they think, is crucial for counter fraud professionals. Only by studying the behaviour of criminals can their ways of operating be understood and, ultimately, identified and prevented.
3. How do I get staff to engage with counter-fraud controls?
Embedding a zero-tolerance approach to fraud is perhaps a counter-fraud professional’s number one priority within a firm. However, an anti-fraud culture is more than just signing up to certain well-meaning mantras – it must be a thorough, practical and easy to comprehend framework instilled across all levels of a firm.
To achieve this end, an anti-fraud culture should be part of the wider culture of the firm. Positioning fraud beneath this wider umbrella underlines the danger it poses to everyone within a firm. After a data breach last year, Capital One’s stock dropped 5%, and the bank explained it expected recovery costs to be more than $100 million. Clearly this fraud affected the whole business, and by disseminating such examples to staff, the threat of fraud becomes far more vivid; the damage fraud can do to a firm’s profit margins is an excellent way of passing on your message.
With many people now working from home, less obvious cases may need a little more reinforcement. Take using a company laptop for personal use, or vice versa, which is fraught with risk. IT controls that are standard in an office environment need to be implemented domestically, including ensuring ID&V during onboarding is performed as robustly as it would have been in the firm’s office. Awareness of the challenges around onboarding must be circulated whilst staff adjust to off-site work.
Employees should be reminded that fraudsters will try to exploit any slackening of security bought on by a lowering of IT standards.
4. How do I get senior management to recognise the threat posed by fraud?
The COVID-19 pandemic has demonstrated how those most vulnerable amongst us can quickly find themselves dangerously exposed when society is convulsed by unexpected events. For senior management, the reputational risk of leaving vulnerable customers exposed is a potent one, and something about which a well-informed and savvy general public are increasingly intolerant.
If counter-fraud professionals can highlight this risk – and tie it to concrete numbers that show that the amount that would have been lost had anti-fraud measures not been taken – then senior management are far more likely to recognise fraud as just as damaging a threat as money laundering and sanctions exposure (remember that real-life case studies are of inestimable value in demonstrating this danger). Making fraud part of the bigger risk agenda solidifies its importance.
A holistic approach is key here: fraud must be brought under the financial crime compliance canopy, instead of just credit risk. Experts suggest that investment in advanced security systems in the financial industry can prevent billions in unauthorised fraud, Details such as this can help drive home the message to senior management, and secure support for counter-fraud professionals.
Fundamental to overcoming the issues that confront counter-fraud professionals is learning and education; without it, none of the questions above can begin to be addressed. This can be as simple as setting up email alerts or taking part in LinkedIn discussions with other professionals (from whom much insight can always be obtained) to the more thorough-going experience of virtual classrooms and hot topic events – such as those offered by ICA – or absorbing the latest reports and publications.
Senior management need to be informed of the substantial threat fraud poses, and the surest way of engaging them is for counter-fraud professionals to arm themselves with the facts on fraud, as well as the answers on how to mitigate the threat. Such learning must be continual; criminals are unceasing and persistent in their efforts, and counter-fraud professionals must be unceasing and persistent in turn, making us better equipped to navigate an ever-changing landscape.