KEIL HUBERT Why a healthy respect for cyber-criminals is crucial
BLOCKCHAIN How the technology behind Bitcoin is shaping the future
MANAGING YOUR ONLINE REPUTATION Read our expert tips on how to stop people impersonating you online
Page 2
Page 6
Page 7
AWARD-WINNING BUSINESS JOURNALISM • JULY 2016
Papering over the cracks
FRAUD SPECIAL: THE PANAMA PAPERS Post-Panama, Joanne Frearson investigates the arguments for reform in offshore banking INSIDE: Inspector Dogberry sniffs out some of the greatest frauds and fraudsters in history DISTRIBUTED WITHIN THE SUNDAY TELEGRAPH, PRODUCED AND PUBLISHED BY LYONSDOWN WHICH TAKES SOLE RESPONSIBILITY FOR THE CONTENTS
BUSINESS-REPORTER.CO.UK
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
2
business-reporter.co.uk
Business Reporter UK
@biznessreporter
A security practitioner who only studies technology is like a pilot who only studies aerospace manufacturing OPENING SHOTS KEIL HUBERT
I
HAPPILY GAVE a con artist five dollars a few months ago. This man hesitantly approached me while I was fuelling my car and said that he’d been robbed and didn’t have enough petrol to get home. I knew that he was lying because I’ve heard the routine before, but I cheerfully paid him because this fellow’s performance was spectacular. Unlike most of the grifters who’ve tried this approach on me, this crook was clearly invested in his craft. His story was airtight. He convincingly portrayed embarrassment, desperation and vulnerability like a professional actor. I got to experience a great show, the performer got some cash, and we both left the encounter happy. My wife thought I was crazy to waste a
fiver this way. I argued that it wasn’t a waste; it was useful research. Working in the cyber-security field requires understanding and respecting your adversaries. A security practitioner who only studies technology is like a pilot who only studies aerospace manufacturing. A good cybersecurity tech has to invest time considering psychology, culture, law, criminology and human behaviour. The technologies that we install and manage are only part of a comprehensive defensive posture. The other aspects of effective cyber-defence all involve understanding people. This broader approach to proficiency naturally inspires some empathy and respect for our adversaries. It’s about appreciating an adversary’s tactics, techniques and motivations. Just like in poker, you “read” your opponents and play against the people, not just the cards. That’s why we pore over the post-event analysis every time a baddie attempts (or pulls off!) a major crime, because we want to know not just what they did, but
“We pore over the post-event analysis every time a baddie pulls off a major crime because we want to know not just what they did, but why and how they did it”
how and why they did it. The more that we know about the other side, the better we can detect their presence in our own environment and deploy effective countermeasures against them. Take the recent hack against Bangladesh’s central bank, for example. This was one of the biggest cyber-heists of all time, a daring attempt to steal over $950million by subverting the inter-bank transfer system and compromising a weakly defended part of the global banking network. The crooks got away with over $81million. They might have got a lot more, but a sharp-eyed employee at Deutsche Bank spotted a typo in one of the fraudulent messages and sounded the alarm. Thanks to human intervention, more than 90 per cent of the theft attempt was thwarted. This is a fantastic story and also a great teaching tool. Human attentiveness and insight are often the most important tools that we have for fighting modern fraud. Whistleblowers, auditors and network engineers are definitely
important, but everyday employees are every bit as crucial. Fraud detection isn’t a function best left to the specialist staff; everyone in an organisation has the potential to meaningfully contribute. In order to help turn every worker into an early warning sensor, we need to inculcate into our employees a healthy respect for the baddies. We don’t need to make cyber-criminals out to be twelvefoot tall titans with genius-level intellects. These are real people, not cartoon villains. Instead, we need to make teach our employees that the most dangerous baddies are skilled, practised and highly motivated craftsmen. They’re rational adults who take their jobs every bit as seriously as we take our own. In order to defeat them, we need to study them: we need to understand what they want, how they operate and how to recognise their shtick. There’s no place for arrogant contempt when millions of pounds and the company’s continued existence are at stake. Respect the other fellow, or get played for a fool.
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
facebook.com/biznessreporter
3
info@lyonsdown.co.uk
Study reveals £193billion fraud bill for UK in 2016 JOANNE FREARSON
T
HE ANNUAL cost of fraud in the UK could be as high as £193billion per year, nearly quadruple the previous estimates produced by the UK government, which put the figure at £52billion in 2013, according to the Annual Fraud Indicator 2016 report. The report, overseen by the UK Fraud Costs Measurement Committee (UKFCMC) and supported by Experian and PKF Littlejohn, is based on research by the University of Portsmouth’s Centre for Counter Fraud Studies. It renews the research previously undertaken by the UK government in 2013. The private sector suffered the biggest losses from fraudsters, with both SMEs and large enterprises losing an estimated total of £144billion a year. By far the biggest source of fraud for these businesses relates to procurement – an enormous £127billion. Procurement fraud included crimes such as the submission of false invoices or the awarding of contracts in exchange for bribes. The report highlighted that procurement is so vulnerable because of the sheer size of expenditure which it accounts for, as well as the high-volume, low-value nature of transactions and the breadth of fraudulent activity it is susceptible to. In other areas, payroll fraud accou nted for losses of £12billion per year, while the charity sector was hit with fraud costs of nearly £2billion per year. Mortgage lending suffered losses equivalent to £1.3billion annually, with 84 applications
JULY 2016 Publisher Bradley Scheffer Editor Georges Banna Production editor Dan Geary Client manager Michele Taylor: production@business-reporter.co.uk Project manager Justin Payne Contact us: info@lyonsdown.co.uk
out of every 10,000 suspected to be fraudulent, while insurance sector fraud cost £1.3billion a year. The research found fraud also has an impact on every individual in the UK. Although 95 per cent of the fraud taking place is not a direct-to-endconsumer cost, those lost funds were passed on to individuals in the form of higher costs on products and services. Elsewhere, fraud in the public sector came to about £37.5 billion and was equivalent to 5.5 per cent of the £694billion spent annually. Central government bore the majority of this cost at around £30billion per year, with tax fraud costing
£15.4billion every year, equal to 3 per cent of the total tax revenue. The study also revealed the cost of fraud carried out directly against individuals was now £9.7billion per year, with identity fraud being the single largest contributor at almost £5.4billion. Jim Gee, chair of the UK Fraud Cost Measurement Committee and head of Forensic Counter Fraud Services at PKF Littlejohn, says: “Fraud has a pernicious social and economic impact on the UK. Private sector companies are less financially stable and healthy than they would otherwise be; public sector organisations cannot
THE INNER GEEK
provide the quality of public services that we pay our taxes to get; and even charities are deprived of the full value of the donations which we make. “It is best seen as similar to a clinical virus – something which continually mutates and changes as fraudsters seek the greatest benefits for the least risks. The best way to reduce its extent and cost is to make sure our organisations are fraudresilient and able to protect themselves against a continually evolving threat. “This report continues the government’s work producing an Annual Fraud Indicator to provide a view of its total cost across the UK. It reflects a
MOZ & BRADDERS
g row i ng u nder st a nd i ng that unless we understand the nature and scale of fraud we cannot apply the right solution to diminish it.”
Staff fraud awareness crucial, says report
M
ORE THAN £45million has been lost by business in the City of London to online crime in the past year, according figures from Action Fraud and Get Safe Online. From these latest figures, Action Fraud is urging businesses to do more to ensure staff have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure. The report showed hacking is perhaps one of the main issues facing businesses, with 1,314 reported cases over the past 12 months. Tony Neate, CEO of Get Safe Online, says: “These latest figures show the enormous and frankly daunting impact online crime can have on a business, its reputation, its employees and even its continued operation. “It also highlights the abundance of ways a business can be targeted, both externally and from within. Businesses need to review their skills and knowledge, determine if they need outside help, and then create measures to prevent, detect and respond to potential security threats. It’s all about education, and staff must be aware and trained where necessary.”
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
4
business-reporter.co.uk
Business Reporter UK
@biznessreporter
The Cyber-Breach Workshop Are you adequately prepared to respond effectively to a cyber-breach?
Join our cyber-breach response full-day workshop taking place on July 5 in London, where cyber-security personality of the year 2015 Phil Cracknell will be building and using an incident response plan. Learn how to… • Protect your company reputation/brand in the media • Protect your financial and operational assets • Preserve your customer base • And, most importantly, experience a dry-run of a cyber-breach during a two-hour simulation For more information or for registration enquiries, visit www.teiss.eu/workshop, call Tracey Meaneaux on 020 8349 6475 or email tracey.m@business-reporter.co.uk
USING IDENTITY INTELLIGENTLY
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
facebook.com/biznessreporter
5
info@lyonsdown.co.uk
Papering over the cracks: how the Panama leaks exposed the offshore sector’s vulnerability to fraud In the aftermath of the huge leak of confidential papers from Mossack Fonseca, Joanne Frearson looks at the implications for the offshore banking industry – and how it needs to be reformed
T
HE PANAMA Papers leaked by the International Consortium of Investigative Journalists exposed the dark side of the offshore banking industry and how it can be used to funnel money from fraudsters, criminals and tax dodgers. The leaked data, constituting 11.5 million records, showed how a global industry of law firms and big banks sells financial secrecy to politicians, fraudsters and drug traffickers, as well as billionaires, celebrities and sports stars. The prime minister of Icela nd, Sig mu ndu r Dav íð Gunnlaugsson, resigned after it was discovered that he and his wife held millions of dollars in Icelandic bank bonds during the country’s financial crisis through offshore funds. UK prime minister David Cameron was also forced to issue a statement about his family’s dealings in Panama. Although there is no suggestion that either Gunnlaugsson’s activities in Panama, or those of Cameron’s family, were in themselves illegal, the discovery opens up the sector to accusations that it uses offshore vehicles to hide money gained from corrupt purposes. The list included at least 33 people and companies blacklisted by the US government because of their involvement in business with Mexican drug lords, terrorist organisations such as Hezbollah, or rogue nations such as North Korea and Iran. They also revealed major details about high-profile scandals, ranging from the
The Panama Papers: how big was the leak?
Wikileaks (2010)
1.7GB
The Panama Papers (2016)
2.6TB
HSBC files (2015)
3.3GB
Luxembourg tax files (2014)
4.4GB
Offshore secrets (2013)
260GB
SOURCE: ICIJ; WIKILEAKS
Panama-based law firm Mossack Fonseca was the source of the leaks
infamous 1983 Brinks-Mat gold heist to the bribery allegations convulsing FIFA, international football’s governing body. Porter McConnell, director of the Financial Transparency Coalition (FTC), told Business Reporter: “The Panama Papers are key because they are revealing who is behind the curtain. For us it is shining a light on the problem. “The problems we are dealing with now in the world are crime, inequality and violence. Many of these are aided by, and may be the inevitable result of, this extreme financial secrecy. When you hear about these practices, ordinary people realise they have been paying the price. “This extreme financial secrecy is really pernicious and if we can figure out a way to fix this problem we stop contributing to the burden of crime, inequality and violence around the world inadvertently.” The leaked records came from Panama-based law firm, Mossack Fonseca. Since the story erupted the firm has claimed it operates under high standards and regrets any misuse of its services, stating that it actively taking steps to prevent it. Although most of the services the offshore sector provides are legal if used by law-abiding citizens, there are offshore structures such as shell companies that can make it difficult to know who is behind the account. In a shell company, the name or number on the structure is not linked back to the person benefitting from the account, making it
“The funds go where the secrecy is. If you do not have a global solution, you are just going to be creating a loophole” – Porter McConnell, FTC
Porter McConnell, director of the Financial Transparency Coalition
difficult for the authorities to find the true beneficiary of it. “A large part of it is the temptation of secrecy,” McConnell says. “The result of this secrecy is that the public can’t have a conversat ion about whet her your behaviour is considered legal or illegal, because they do not know about it. It has a different set of rules, a different cost of entry and it creates temptation for some behaviour that, if it was held up to public scrutiny, might not be something that we would all sanction. “For example, criminal activities, things like corruption to wildlife poaching, human traff ick ing, ta x evasion or ta x avoidance. The ability to access a way to hide your money is such a temptation to a host of different actors that it is not so healthy for the financial system.” Hiding money through these offshore structures has been a huge cost to society. The FTC, which was set up in 2009 to take action against these illicit financial flows, has estimated that $1.1trillion leaves developing countries illicitly each year and that money lost from these flows accounts for 4 per cent of global GDP. The FTC is currently advocating to improve transparency in financial systems. “The best way to fight financial secrecy is through transparency,” says McConnell. She explains there are a number of measures that governments can take to make it harder to hide such assets, and put an end to anonymous shell companies. The FTC has
made some progress in this area by urging governments to share information through a public registry, and so far around 12 countries have committed to it in the past six months, but more needs to be done, she says. “We are happy to see that, but honestly over a dozen countries that is not enough,” McConnell continues. “This is not a global solution. We are not going to get anywhere because the whole nature of this problem is the funds go where the secrecy is, and if you do not have a global solution you are just going to be creating a loophole.” What McConnell believes could be helpful is to have the people behind these structures prove a case for secrecy, instead of it being an automatic right. “Financial information should be accessible for the public unless you can prove there is a compelling interest that it should not be. That is kind of a sea change in the way that we think about financial secrecy – the onus needs to be on someone to make a legitimate purpose for hiding the funds. They need to make that case and not the other way around.” People also need to be better educated about the potential harm a lack of transparency can cause. McConnell says: “We wait for the leaks to reveal that there is a problem – people do not have any idea of the scale of the problem. We are talking about more than a trillion dollars leaving developing countries alone every year.”
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
6
business-reporter.co.uk
Business Reporter UK
@biznessreporter
How blockchain technology is changing the way we do business The technology that ensures the security of cryptocurrencies can also be turned towards other uses when it comes to recording and keeping information safe
MATT SMITH
B
LOCKCH A IN TECHNOLOGY may have been developed by mysterious Bitcoin creator Satoshi Nakamoto, but its potential uses span far beyond his original cryptocurrency. Simply put, the system serves as a digital ledger. Records of transactions – “blocks” – are added to a central list of all transactions – the “chain”. Complex algorithms and encryption are applied, and copies of the blockchain are kept in many places. Forged entries will not match up with the other versions and therefore will not be accepted by the system. While until now it has primarily been used to process Bitcoin transactions, in future experts say blockchain could be used by banks and for recording trades of physical goods. “It proposes to be a platform of truth and trust which could replace the systems that exist today, which provide a similar trust across banking transactions,” says Rahul Singh, president of financial services at HCL Technologies. “It is potentially a platform that can provide some kind of system of recording trust in transactions across enterprises.” One of the advantages of blockchain is that it cuts out the middle man. While a traditional banking transaction involves a series of smaller transactions between various parties,
blockchain provides a way for buyers and sellers to do business directly. “The banks and the financial institutions or the intermediaries in the middle have to undergo costs to move these transactions through,” Singh says. “And that’s what they provide – they provide the system of trust between you and the seller. Now the trust can be replicated almost entirely through alternative mechanisms which the blockchain provides.” W h i l e b l o c k c h a i n ’s m o s t f a m o u s application is as the system behind Bitcoin, Singh explains that it also has the potential to be used for the trade of real-world goods – essentially anywhere a reliable and secure record of transactions between parties is needed. “People hypothetically say that it could also be used for keeping records of other kinds of assets,” he says. “The commonly cited examples are of transactions involving physical assets, like, for example, a land record… Whether it’s transferring money, whether it’s transferring trade documents, whether it’s keeping land registry records – these are all potential applications where blockchain could be used in future.” At present, banks incur costs during their confirmation and settlement processes when processing deals like foreign exchange trades, but blockchain technology could allow them to simplify this process and complete deals more quickly. “Evidence of that [transaction] can be stored on the blockchain,” Singh says. “It tends to
reduce the risks involved in that transaction. So the transaction between traditional institutions goes to the blockchain, thereby reducing time and reducing cost settlement risk.” Although the technology has great potential, financial institutions are still working out exactly how it could be used and addressing issues surrounding security and regulation. Despite moves towards payment trials, Singh says there are two main issues that need
“The blockchain will perhaps revolutionise the existing business process in financial services. It will be almost synonymous with what the internet has done in terms of democratising information” – Rahul Singh, HCL Technologies
to be tackled before the use of blockchain for transactions outside of Bitcoin becomes widespread. “Traditional banking transactions have always had institutional governance,” Singh says. “Now blockchain, at this point in time, tends to be less governed, and therefore there’s a whole issue around security and governance – and until people get more comfortable with the security and governance aspects of blockchain it will take time.” “The second is in terms of standard protocol. There are multiple practices on how the protocol can happen in blockchain and again, until there is a standard understanding of what protocols they’ve got, it will take time.” Singh adds that the parties involved also need to better understand the risks associated with blockchain before they will buy in and begin to use it, but he believes that eventually the technology will have a huge effect on the way we buy and sell. “The blockchain will perhaps revolutionise the existing business processes in financial services,” he says. “It will be almost synonymous to what the internet has done in terms of democratising information – it will be almost similar to that. “So it can have a large impact. The adoption of that and the understanding of that will be subject to a certain amount of time and governance and risk management that has to happen, but the concept itself is very strong. This is why we are finding a lot of financial institutions are starting pilots and coming together to see how it can be brought into use.”
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
facebook.com/biznessreporter
7
info@lyonsdown.co.uk
Online reputation management: the basics Managing your online identity is important, but it can also be a tricky and perilous business. Here, digital strategist and consultant Jeremy Swinfen-Green gives you five top tips to keep your reputation clean and credible
I
HAVE NEVER met you. So if I want to find out anything about you I am probably going to look online. And the things I find will come from two sources: things you have written about yourself (your digital “footprint”). And things that other people have written about you. These combine to create a detailed picture of you. A picture that may or may not be accurate, but is undoubtedly important as other people will place a lot of trust in it. Everyone needs to maintain a good reputation – otherwise work and friends can be difficult to come by. This is especially true for people who are prominent within an organisation. A prominent person with a bad online reputation can damage the reputation of their organisation, so managing your online reputation is important. And the most important part is preventing things from going wrong in the first place…
Be careful what you post It sounds obvious. But the internet is full of things that people regret posting. Things that will probably never disappear completely (even if they were posted on Snapchat). Things that, despite being on social media, have a legal status and might even land you in jail. It’s perfectly easy to libel someone on Facebook. And remember, that joke you think is so funny may not amuse the recipient, especially when
It is particularly dangerous for people who work in regulated industries to identify their employer. If you do this then you may well find that some of your innocent private posts fail to c omply w it h s t r ic t i ndu s t r y regulations.
Make it hard for people to impersonate you
it is read out of context and with no body language to add meaning. The rule here is simple: never post anything you wouldn’t want your Mum (or your boss) to read.
Be careful who you post as Most people are not authorised to speak to the press or the public on behalf of their employer. And if you are not then you should be very careful about whether you identify your employer in your social media profiles. For instance, if you are critical of a competitor or client in a social media account where you identify your self as being an employee of a particular organisation then you may well get your employer, and yourself into trouble.
If I want to create a fake social media profile that pretends to be about you, then you won’t be able to stop me. But if you have created your own social media profiles first then people will have more of a reason to question whether my fake profile of you is genuine. So make sure you have social media profiles in all the main sites, even if you don’t use them regularly. You probably won’t have time to create profiles for every single platform,
so focus on the most important – perhaps Facebook, Twitter, Google+, LinkedIn, Instagram and Pinterest. Plus any that are particularly relevant to your industry or social grouping. It is also sensible to register accounts with the main communications apps: Gmail, Outlook, Yahoo, Sky pe, WhatsApp and Snapchat. And another thing… you should consider registering any available URLs that could be used to impersonate you.
Make it hard for people to hijack your profiles It’s simple. Make sure your password is reasonably secure. Passwords such as “123456” and “password” are still horribly common. Those using dictionary words or common names (especially the names of your children or pets if you have ever mentioned these on social media) are easy to break. So create a secure password by using letters from a phrase that you can remember easily. For instance, “I love using Amazon to go shopping for books on Saturday” could be used to remember the password “IluA2gs4boS”.
Don’t give people permission to use your profiles Don’t share your passwords with friends or family. Your profile should be your profile as an individual. You may love your children (or significant other) dearly but that that won’t necessarily prevent them from posting inappropriate content about you on your social media profiles if you let them! Organisations that need to give several people access to their corporate social media accounts can find this hard to manage. However there are a number of solutions such as “single sign on” technology that enables access to company social media profiles to be restricted and an audit trail taken of who is posting what.
A word of warning You can make it hard for people to create fake identities in the most obvious places. And you can make it hard for people to hijack your identity. But you can’t stop them posting unpleasant things about you. We will cover what to do about that in a future article. For more tips and tricks from Business Reporter on how to stay safe online, see http://bit.ly/29kC8QM
01
Consumers have lost their trust in the financial services industry •
57 per cent don’t believe that regulatory reforms will prevent another financial crisis
•
58 per cent believe that their mobile phone insurance adds more value to their lives than the security provided by life insurance 58 per cent say their decision to use the services of a bank is not influenced by whether it operates in wholesale markets as well as in the retail sector 30 per cent believe that their current account does not offer good value, yet only 11 per cent have changed banks in the last 12 months
•
•
02
Four financial services trends you need to keep an eye on 1. DATA INTEGRATION IS CRITICAL Digital channels and data sources such as web analytics and social media continue to grow at an explosive rate 2. MARKETING ANALYTICS IS HOT Turning data into actionable insights is increasingly essential – and increasingly difficult 3. MOBILE BANKING CONTINUES TO EXPLODE The growth in capable smartphones has made banking on the go a reality for many more people 4. PRIVACY WARS RAGE ON For financial institutions, customer privacy remains a major point of contention
03
THE £6.6BILLION BONANZA London is now the financial technology capital of Europe Rise in technologydriven investments 22 per cent of wealthy Americans are thinking of using a robo-adviser • 30 per cent of wealthy Americans are already using one • $18trillion held by traditional wealth advisers • $5trillion in the robo-adviser market •
• There has been a six-fold increase in investment in fintech companies over the past three years • The total amount invested in fintech companies in the UK was more than £647million in 2014 • British finance technology generated £6.6billion of revenue in 2015 • 18 per cent of the world’s top 100 fintech innovators are from the UK
$3.7 04
THE TRUE COST OF TRILLION GLOBAL FRAUD The five main factors prompting consumers to use technology providers for services that they would usually use their bank for are: • A more secure service • A lower cost service • A more convenient service • A quicker service • Better customer service
The amount being lost by corporations on fraud now totals approximately $3.7trillion of global GDP. Fraudsters have become more sophisticated. They are no longer looking at small opportunistic crimes, but are working together to hoodwink big firms out of millions. On average, fraud carried out by an individual tends to be about $80,000, but fraud carried out by four or more parties tends to be more than $500,000. One Middle Eastern bank lost $47million over a weekend because of debit card fraud. Two thirds of companies still have no analytical capabilities to detect potentially suspicious transactions in their business, and companies who put in place fraud detection capabilities saw 50 per cent fewer losses.
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
10
business-reporter.co.uk
Business Reporter UK
@biznessreporter
Balancing fraud and happy shoppers 8.2% The increase in online sales during the last Christmas period (overall spending was down by 1 per cent)
F
IERCE COMPETITION in the retail industry means the margins for both profit and error are wafer thin, but fine-tuning a mass market can add up to significant returns. So improvements in fraud prevention can improve the customer experience while boosting the retailer’s bottom line. The retail industry is tough at the best of times, with tight margins and endless disruptive influences. The Office for National Statistics (ONS) reported that Christmas, the retailer’s most critical period, saw overall retail spending down by 1 per cent in 2014, but the value of online sales increase by 8.2 per cent. The speed and efficiency of payments, under these circumstances, becomes a major differentiator. However, the scale of the retail industry makes its online sector very attractive for fraudsters, who attack both retailers and online shoppers with a volume and variety of methods. Small businesses are the target of seven million attacks a year, according to a study by
The Federation of Small Businesses (FSB). So efforts to improve customer experiences must be tempered by the need for caution and vigilance. Most payment service providers offer basic easy-to-use fraud tools based on both the user’s address and the card they are using. The speed at which the address verification systems (AVSs) can unobtrusively carry out their checks is critical. Customers are blissfully unaware that their card’s registered billing address and their home address are being checked. The process does not affect their shopping experience. The three- or four-digit Card Verification
Code and 3D Secure (a chip-and-PIN style system of verification which employs a user-generated password) also help to instantly authenticate the cardholder at the time of the transaction. Our annual Payments Landscape Report says these electronic security keys have improved conversion rates by an average 78 per cent for more than a third of companies that adopted them. The system works fast because it bypasses the need to transmit card details by using a one-time, random digital code during transactions. More than a quarter of businesses that use tokenised payments have saved between
£5,000 and £10,000, on average, suggests the report. Surveys show that a third of the world’s internet users are hesitant to shop online because they don’t trust online payments. The latest figures from Financial Fraud Action UK show that fraud losses on UK cards stood at £567.5million in 2015, up 18 per cent on the previous year. Perhaps surprisingly, our research found that 32 per cent of businesses don’t spend anything on fraud prevention and rely on the free tools that come with their payment gateway. More than half (55 per cent) of consumers told us security is their highest priority when making payments, so there are obvious areas for improvement. The figures suggest increasing consumer confidence could significantly boost online trade. The most immediate returns would come from investing in stronger, faster security. The best security systems are the ones you and your customers don’t notice. Until, that is, you read the bottom line and see how much your sales have increased. INDUSTRY VIEW
Seamus Smith (far left) is CEO of Sage Pay 0845 421 2570 www.sagepay.co.uk
How to catch a liar
W
E ALL lie. Mostly we do it to spare each others’ feelings. We allow ourselves to be lied to because we are being told what we want to hear. Most lies are inconsequential but there are times when you need to know the truth. So, how can you spot lies and elicit the truth with some consistency and certainty and without having to become an expert in reading micro-expressions and body language or having to resort to waterboarding? The answer is simpler than you might expect. Begin by looking at things from the perspective of the liar. For him, the truth is inconvenient. He needs to find ways to answer the questions he is posed without relying on the salient facts. Furthermore, telling an outright lie is not a very good option. The liar knows that fact-checking will soon lead to his lies being exposed; even in a quick-fire environment, follow-up questions could cause visible discomfort and in some situations, the act of telling a lie could have serious consequences, such as penalties for perjury or permanent damage to reputation. So the liar must rely on other tactics but his options are more limited than he initially realises. When push comes to shove he is left with evasion and influence. And their repeated use in lieu of the calm delivery of facts becomes a clear indication of deception.
“If you want to learn the truth, be cool and listen carefully”
So here is the key. Look and listen for indications that your interviewee is sensing danger when you ask him questions. If he is, he will freeze, fawn, fly or fight. These instinctive reactions to danger will be evident when fact is not his friend. Their repeated appearance is your wake-up call that the guy is lying. To magnify and isolate his deceptive answers it is extremely important that the questioner remains calm, unaccusatory and non-judgmental. If the interviewer becomes argumentative the liar wins. If the truth is convenient and a question asked appropriately then we would expect an honest interviewee to respond in a calm, clear and concise way. When its not, you will repeatedly see and hear the freeze, fawn, flight and fight responses. If you want to know the truth, be cool and listen carefully. A deceptive person will freeze if he is not expecting the question and needs time to think. He will pause too long before responding or ramble nonsensically. He will repeat the question or ask you to repeat, feigning misunderstanding or sudden deafness. If surprised, he will often fail to issue an immediate, explicit and simple denial. He will fawn by being overly polite and kind, by complimenting you on the question, by offering gratuitous information. He will try
to convince you that he wouldn’t do what he did; that he has an impeccable reputation; that he loves you. He will tell you that it is illogical that he would have done what he did. Fleeing is seen through the use of distancing language. He will try to block and delay. He may say that he doesn’t remember or caveat his comments with phrases such as “what I think” or “that’s what I was told”. He will refer you to previous answers, or try to confuse you with long-winded statements, much of which will be true, but irrelevant. If all that fails to put you off the scent, he will have to fight. He will belittle the question, give a false laugh, be quick to become indignant or argumentative. He will become emotional and begin to attack you, the process
and third parties. When the truth is not convenient for him, you will see repeated instances of these behaviours. Deal with all this by sticking to your guns but remaining calm, unaccusatory and non-judgmental. Don’t be pushed on to a different issue. Stay on the point but remain non-confrontational by being empathetic and by asking a variance of the same question. He will soon realise that his cover-up and decoration is not working and, bit by bit, the truth will out. INDUSTRY VIEW
Nick Day is a private detective at Diligence Nday@diligence.com www.diligence.com
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
facebook.com/biznessreporter
Inspector The inspector has been delving into his kennel archives to take a look back at some of the biggest fraudsters in history… Kweku Adoboli, ex UBS trader was convicted of causing the biggest unauthorised trade loss in UK history, which cost the bank £1.3billion. He was convicted of fraud on 20 November 2012 and was sentenced to seven years in prison. Adoboli was released early in June 2015, but as he is a Ghanaian and not British citizen he was served with a deportation order last July. In the US, Bernie Madoff’s infamous Ponzi scheme is considered one of the largest financial frauds in the country’s history. The aptly named Madoff defrauded thousands of investors of billions of dollars, and was sentenced to 150 years in prison in June, 2009. Frank Abagnale (inset, interviewed in this publication last September), who in a classic poacher-turned-gamekeeper move, is now a respected fraud consultant, , once cashed $2.5million worth of bad cheques while jetting around the world impersonating a Pan-Am pilot. His life story was the inspiration behind the Hollywood movie Catch
11
info@lyonsdown.co.uk
BY MATT SMITH, ONLINE EDITOR
Dogberry
Experian Identity and Fraud www.experian.co.uk/blogs/ latest-thinking/category/ identity-and-fraud
Identity and Fraud aims to inform readers about the risk of identity fraud through the internet, as well its growing financial cost to the UK. It is run by Experian, the information services group.
Jonathan James Mathew, 35, Alex Pabon, 37, Jay Vijay Merchant, 45, and Peter Johnson, 61, were found guilty of rigging LIBOR rates while at Barclays Me If You Can, directed by Steven Spielberg and starring Leonardo DiCaprio and Tom Hanks. Nick Leeson, the original rogue trader whose unchecked risk-taking saw him run up losses of some £862million which led to the eventual collapse of Barings Bank, is also a past interviewee of Business Reporter. He was sentenced to six-and-a-half years in a gang-ridden Singaporean jail, but is now a reformed character, having reinvented himself as a conference and after-dinner speaker, telling risk management and financial services professionals of the lessons he learned in the 1990s. Here endeth the lesson… A study by Finextra and AdviceRobo found that 83 per cent of lenders see advice robos that apply machine
learning-based scoring a major help in credit risk assessments. Diederick van Thiel, founder and CEO of AdviceRobo, says: “This Finextra research shows that the industry itself indeed sees the opportunity of robo advisors for credit and credit scoring. I strongly believe that the use of new technologies creates great opportunities for lenders and underserved people. I would invite lenders to be brave and start using this new technology to experience the huge benefits instead of being constrained by hurdles.” The Barclays LIBOR-rigging trial came to its grimy conclusion recently as three former employees were convicted by a jury at Southwark Crown Court of conspiracy to defraud in connection with a Serious Fraud Office (SFO) investigation. Jonathan James Mathew, Jay Vijay Merchant and Alex Julian Pabon were convicted after an 11-week trial. The jury could not reach verdicts for two of
their co-defendants, Stylianos Contogoulas and Ryan Michael Reich. A sixth individual, Peter Charles Johnson, a senior submitter and head US Dollar cash trader, pleaded guilty to conspiracy to defraud in October 2014. The convicted defendants dishonestly submitted rates specifically intended to advantage Barclays and themselves financially and to defraud those with whom they were trading. David Green, director of the SFO, had blunt words: “The key issue in this case was dishonesty,” he said. That’s one way of putting it.
protect your business. It’s not afraid to question the legality of activities of household names and provides coverage of the latest changes in guidelines for fraud.
Sage Blog http://blog.sage.co.uk
Serious Fraud & Business Crime www.stephensons.co.uk/site/ blog/fraud-blog
Fraud and serious crime experts bring you breaking news and legal advice to
If you’re looking to improve productivity and expand your business through technology then Sage offers great tips on how to do this in the financial industry. Sage has recently worked with Google Apps APIs to launch a feature that exports data from Sage Intelligence to create an updated company spreadsheet, including charts and analysis.
Disruptive Finance www.disruptivefinance.co.uk
MinFraud (free trial – iOS, Android) screens
online transactions for potential fraud, holding any suspicious orders for further review before they are processed.
Acorns (Free – iOS) Save and invest leftover
change from your daily purchases to build up your stocks and bonds over time with this handy portfolio app.
Follow the latest trends in finance technology, including the use of apps and social media, with the Disruptive Finance blog. Articles are written exclusively by Huy Nguyen Trieu, MD at Citi and a member of the Fintech Advisory Group.
The EFT threat: how businesses can freeze out fraud
B Ruth McCarthy is CEO, FEXCO Corporate Payments
RITISH BUSINESSES that buy or sell goods overseas are flagbearers for UK Plc. Their entrepreneurial spirit can earn them healthy profits, but it may also expose them to the risk of international payment fraud. A recent survey by FEXCO Corporate Payments found that a quarter of companies trading internationally rated electronic money transfer as their greatest fraud risk. But, by adopting some common-sense practices, businesses will be able to keep even the most sophisticated fraudsters at bay:
•K now your suppliers: Get familiar with your suppliers and be vigilant for fraudsters who may impersonate them. •U se secure encrypted services: Make sure your bank or payment service provider has secure encryption. • Learn to spot phishing: watch out for phishing scams that gather your personal or banking information (such as your username or PIN) using pop-ups, web pages, emails or phone calls. • Keep IT systems patched: Keep your operating systems up to date, update frequently used
programs and delete applications you no longer use. The FEXCO Corporate Payments online system has a number of features that help protect customers from fraud: •S ecurity: FEXCO uses 256-bit encryption and secure password protocols. •T wo-factor authentication: customers use a password and an additional security code in order to make their payments – this helps protect them from identity theft.
• Access controls: businesses can decide what level of information access to give their staff on the FEXCO online platform. • Approval controls: The FEXCO system is configured to match the business’s financial controls (such as a requirement for large transactions to be signed off by management).
INDUSTRY VIEW
For a more secure and efficient payments experience for your business, call us today on: (UK) 0800 840 2887 (Ireland) 1800 246 800 Or you can register online without an obligation to trade at www.fexcoonline.com
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
12
Business Zone
Four pages of analysis and expert comment
business-reporter.co.uk
Business Reporter UK
@biznessreporter
Helping institutions to monitor their fraud and drive significant results
P
OWERCARD RISK & Fraud module provides a full preventing and monitoring of the issuing and acquiring activities (real-time, near real-time, and non real-time). It is a rule-based module that automatically generates an action, such as card blocking, alerting customers, informing merchants, and creates a case to be followed up by a fraud officer when a transaction is matched with all the criteria of a given rule. The “simulation” feature helps the institution to focus on real fraud cases by helping it to tune its fraud rules to eliminate a predefined percentage of the transactions that are not actually real fraud cases. PowerCARD Risk & Fraud module is highly parametric, and can be implemented as a standalone solution. Thanks to its open architecture, it can be integrated easily with other systems – CMS, switches, payment gateways, SMS and so on – to be positioned as a central risk and fraud monitoring system. One of our key success stories was that of an issuer looking for implementing a robust fraud monitoring tool consolidating all the existing tools in one (supporting all channels), detecting fraud 24/7 on all channels in real-time/near real-time and non real-time. After implementing PowerCARD Risk & Fraud, the bank noticed the following results: • TCO (Total Cost of Ownership) for fraud systems optimisation (one system now) • Fraud rate was at 0.007 per cent in year two, representing a 70 per cent decrease compared with year one, where overall activity has increased by 15 per cent over the same period. At the same time, both globally and domestically, the rate of fraud has increased.
70% The rate of decrease in fraud experienced by one customer after implementing PowerCARD Risk & Fraud
• A lert rules number optimisation (slightly above 10 today compared to more than 100 in the past) • No chargeback for ecommerce and online banking activities in year two • A n increase in customer satisfaction (95 per cent in year two compared with 87 per cent in year one) • More trusted relationships, with the customer open to usage of new channels This solution was named Best Anti-Fraud Initiative in Singapore in 2014. HPS is a leading payment software company providing electronic payment solutions for financial
institutions, processors and national switches worldwide. Through the PowerCARD platform, used by more than 350 issuers, acquirers and national switches, we process any card type (credit, debit, prepaid, loyalty, corporate and fuel) via any channel (ATM, POS, internet and mobile) for any kind of merchant. HPS operates in more than 85 countries and counts among its clients several top 100 financial institutions worldwide. INDUSTRY VIEW
communication@hps-worldwide.com www.hps-worldwide.com
82 per cent of merchants support mobile – but are they guarding against mobile fraud?
T
HERE ARE 33 million mobile commerce consumers in the UK. That is over half the total population of the country. And Kount knows the risks, as well as the rewards, of m-commerce. Since 2012 we have carried out an annual survey of merchants, acquirers, issuers and others involved in payments and we have seen a continued pattern of growth of the mobile channel. More than 82 per cent of merchants actively support the mobile channel today, up from 54 per
cent at the time of the inaugural survey. Mobile commerce is more vulnerable to fraud than any other channel. Yet our research shows a worrying trend where merchants are not prioritising mobile security. Fewer than half the merchants we speak to know what fraud comes from mobile. And fewer merchants think it is important to detect mobile transactions or that there should be specialist tools to detect m-commerce fraud. These trends are concerning precisely because they
Changing trends in mobile fraud protection 2015
2016
Change
Merchants aware of share of total fraud coming from mobile channel
40%
43%
+ 7.5%
Merchants who consider it very important to detect mobile transactions
46%
42%
- 8.5%
Merchants who believe that existing e-commerce fraud prevention tools are suitable for m-commerce
28.5%
36%
+ 25%
SOURCE: KOUNT
represent falsehoods. Knowing which channel a transaction comes from is critical to detecting fraud and m-commerce fraud needs m-commerce fraud fighting tools.
Kount’s all-in-one solution simplifies fraud management and maximises effectiveness by providing: • Real-time mobile device detection
• Additional real-time data elements on risk inquiry call • Two-factor authentication through SMS or Voice PIN • Rules engine mobile device capability • Mobile reporting and search • Mobile SDK for easy development If your business prioritises mobile, it should prioritise mobile security too. INDUSTRY VIEW
Brad Wiskirchen is CEO of Kount bjw@kount.com www.kount.com
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
facebook.com/biznessreporter
13
info@lyonsdown.co.uk
Video campaigns from Fraud prevention
FRAUD PREVENTION
SPOTLIGHT ON… • Payment fraud • Regulatory compliance
Cyber-enabled fraud? Business risk as usual, actually 43
%
The percentage of fraud that is cyber-enabled Source: Implications of Economic Cybercrime for Policing – Oct 2015
Y
OU CAN see them everywhere these days: business leaders losing their jobs for “IT” problems. The chairman of Bangladesh Bank, Atiur Rahman, resigned in March after a breach that led to $81million being transferred out of the bank’s reserves. In late May, the CEO of Austrian aerospace manufacturer FACC lost his job after $47million of company money was transferred to crooks impersonating him over email. The inclination is to treat these stories as evidence of a new, seemingly insurmountable business threat. But while the tools and tactics may have changed, these criminal schemes are just a new way to execute what businesses and banks have been tackling for years: fraud.
Fraud, cyber-attack, or a bit of both? These are not IT issues. This is fraud enabled by information technology. The group that attacked Bangladesh Bank used sophisticated malware to try to cover their tracks – but it’s become apparent that they stole genuine login credentials to transfer the money, akin to swiping the keys from the bank manager’s desk while his attention was elsewhere. One thing is clear: company boards are adept at understanding risk, and in banking and business, one of those risks is fraud. The crime is nothing new – however, the way the thief breaks in to commit the crime using a cyber-attack, is. While some thefts are built on advanced cyber-attacks or complex frauds, many rely on the sort of social trickery that would be familiar to a con artist pulling tricks a century or two ago: for example, “whaling” – the email scam that FACC fell for. This relies on the fraudster using social engineering to impersonate a senior executive, the chief finance officer for example, and then
ordering the transfer of funds to their own account.
• Anti-money laundering • Invoicing fraud
Cloud
CLOUD
Time to fight back First, businesses must educate their employees to spot fraud attempts, such as suspicious emails, and instil a culture of guarding company assets as closely as they would their own. Ensuring businesses of all sizes have policies that are established and adhered to could have a massive effect on reducing fraud losses. Any business, but particularly banks and insurers, also needs to balance good customer experience with fraud prevention. Advanced social network analytics is one method to quickly identify risky relationships and activities among seemingly normal customers and applicants. This allows investigators to be more efficient, and genuine customers to enjoy a better customer experience. Last, but by no means least: businesses can benefit from examining company-wide processes for gathering and sharing data and intelligence, especially for counter-fraud and cyber-security teams. Rather than isolating teams with their own specialisms, they can work in concert to remove potential threats and minimise losses, should a risk be identified – or an attack take place. Every company and every senior executive is familiar with fraud. Cyberattacks have simply introduced a new dimension. The right people, processes and technology can defeat fraud, cyber-enabled or not. It’s simply a matter of the right preparation. INDUSTRY VIEW
Steve Clark is senior product manager, financial crime at BAE Systems learn@baesystems.com
SPOTLIGHT ON… • Hybrid cloud • Cloud security
• Emerging markets • Digital transformation
Digital transformation
DIGITAL TRANSFORMATION
SPOTLIGHT ON… • Customer experience • Digital strategy
• Data management • Communication strategy
Performance improvement
PERFORMANCE IMPROVEMENT
SPOTLIGHT ON… • Strategy and execution • Digital transformation
• Customer loyalty • Leadership
For more, see business-reporter.co.uk/category/video
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
14
business-reporter.co.uk
Business Reporter UK
Introducing the world’s largest trust-based tech event
Monitoring your employees through artificial intelligence 62% Data breaches this year accountable to human error Source: ICO
W
HEN IT comes to artificial intelligence and its relation with the study of human behaviour, people tend to imagine apocalyptic scenarios. Luckily, StatusToday is working on flipping this perception on its head and changing the way we think about security and operations visibility with its revolutionary, patent-pending solution. While modern-day solutions rely mainly on arsenals comprising of tools hardly more sophisticated than a door lock, this cloudbased AI focuses on human behaviour and understands the importance of keeping your company’s data private.
Fast growing UK start-up The brainchild of ex-Microsoft (Ankur Modi) and ex-Just Eat (Mircea Danila Dumitrescu) entrepreneurs, founded through the Entrepreneur First incubator, StatusToday’s credentials already bring promise. Since conception of the idea, the founders have managed to create an international team of veteran industry advisors and employees, each dedicated to its
T
cause. The need for human-centric technology has been understood, especially as operational visibility and security take centre stage in the workplace. Its intuitive, user-friendly dashboard easily highlights potential problems, and with human error accounting for 62 per cent of data breaches this year (source: ICO), this solution could be a game-changer.
Humans are the key Computers do not make mistakes; people do. Human errors are the central component of every complication that a company can encounter, in any department or field. StatusToday’s devised solution is thus based on studying behavioural patterns and creating models based on organisational psychology. The product is able to detect simple, as well as complex changes in typical employee activity, which means that usage possibilities are almost limitless.
Multi-purpose AI solution Whether you work in operations, human resources or cyber-security, such an AI-driven
visibility can be the answer to all your prayers. Even when people compartmentalise problems to a team, a department or a division, and fail to share crucial information between each other, StatusToday is able to make the necessary links and notice when a human issue arises. From insider threat to understanding top performers, this artificial intelligence solution can study and internalise employee routine. You will be able to effectively visualise the daily work processes of your employees and how efficient they are, and – most particularly – detect any abnormal activities. From sophisticated external attacks to employee burn out, this solution has the ability to detect a variety of scenarios and, by doing that, will help you take your organisation to the next level when it comes to data security. INDUSTRY VIEW
Ankur Modi is CEO of StatusToday; Melanie Brouste is e-business manager info@statustoday.com www.statustoday.com
Fraud: a many-faced enemy that requires multiple strategies
C
ARD FRAUD comes in many different varieties, and each requires a different tactic to combat. Many technologies exist to detect and prevent fraud, but the most important element in winning the fight is often human judgement and intervention. The much-feared data breach can expose sensitive customer card data to fraudsters. It is possible to completely outsource all of your card processes to PCI-compliant providers who have many layers of security to protect this valuable data. So if you are maintaining control over the payment process, then make sure that you have assigned responsibility for keeping shopping cart software up to
@biznessreporter
date, ensuring the latest security standards are in place, and working with a Qualified Security Assessor (QSA) to scan your webfacing servers for vulnerabilities. Once stolen data is in fraudsters’ hands, it will be used online to order
products that have resale value. Get familiar with the fraud detection features offered by your payment processor and third parties, and learn how to use them. These technologies will alert you when cards match blacklists, are being used outside
their country, or are being used on a device that has been used for fraud in the past. All of these technologies help measure the likelihood that a transaction is fraudulent, and they work best when human judgement is applied to transactions which are identified as high risk. When a transaction is called into doubt, human intervention is required. This is where your employees come in – they can help identify and prevent fraud by requesting further information to keep the good orders and weed out the bad. INDUSTRY VIEW
+353 61 714360 www.pacnetservices.com
RUSTECH INCORPORATING Cartes is the largest international event dedicated to trust-based technologies with unprecedented networking opportunities and not-to-be-missed keynote speakers. As announced in 2015, Cartes events have become Trustech – Pay, Identify, Connect and Secure. Secure payment, identification and connections are the buzzwords for a three-day event offering unrivalled networking opportunities and keynote speakers. At Trustech 2016, industry experts will speak on the most current trending topics: blockchain, fintech, data management, and e-ID and e-government. Cannes and its famous Palais des Festivals has been hand-picked as the new venue for the event. For three days, Trustech incorporating Cartes will be taking over a town that attracts more than 300,000 attendees per year, making it France’s number two destination for business tourism. What’s more, the venue is tailor-made for entertaining, networking and after-hours relaxation. Trustech will include, among other things, a selection of start-ups and fintechs showcasing their latest innovations for the payment and identification industries. Trustech incorporating Cartes gathers in Cannes on the French Riviera, featuring 18,000-plus attendees from more than 130 countries, 1,800-plus CEOs, 400-plus exhibitors and sponsors, and more than 250 speakers. INDUSTRY VIEW
To register for a conference pass, a free visitor pass or to exhibit, consult www.trustech-event.com
July 2016
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
facebook.com/biznessreporter
15
info@lyonsdown.co.uk
The debate What is the most effective weapon in the fight against fraud?
Steve Clark
Seamus Smith
James Blake
Justin Payne
T
S
N
T
INDUSTRY VIEW
INDUSTRY VIEW
james@hellosoda.com www.hellosoda.com
j.payne@business-reporter.co.uk
Senior product manager BAE Systems O BE blunt, there isn’t one. In the fight against fraud, it takes a layered defence to identify and halt criminality. Think of it like the defences of a castle: A moat will put off stealthy intruders, and a drawbridge will stop people entering when it’s closed. But neither will deter a wellequipped, knowledgeable attacker. At that point, high turrets with armed men and curtain walls will start to come into their own. In the same way, a defence against application fraud won’t necessarily deter third-party account takeover, and an online authentication solution won’t stop hackers from using stolen credentials to empty personal or corporate bank accounts. Businesses have – or should have – advanced fraud strategies in place, and share intelligence across channels and departments, including emerging cyber-threats that may pre-empt a fraud event. One final thing: Concentrate on the people, then the process, and then the technology, and don’t expect a single defence to protect against every attacker.
CEO Sage Pay
ECURITY UNDERPINS the confidence and growth of any market, so it follows that investment in fraud prevention can bring immediate returns. Online crime rose by nearly a quarter in the year ending March 2016, costing British businesses at least £1billion, according to fraud awareness body Get Safe Online. Pre-emptive defence instills confidence and creates the right conditions for growth. The discipline provided by fraud prevention systems can provide the right foundation, but we must establish good habits too. Analysing customer purchasing behaviour and other intelligence can save time and money by preventing problems before they get a chance to develop. Any anomalies in quantity, value and overall customer behaviour should become red flags in your transactional soundness dashboards. Geolocation technology, for example, can forewarn of the exposure involved when orders come from high-risk countries. Customer intelligence management, supplemented with a fraud engine, will help businesses remain alert to the dangers and plan their responses effectively.
INDUSTRY VIEW
learn@baesystems.com baesystems.com/financialcrime
INDUSTRY VIEW
0845 421 2570 www.sagepay.co.uk
CEO Hello Soda
OWADAYS IT is standard behaviour for us to log details of our lives on social media, meaning that there is a pool of online data which is growing exponentially. The increased importance and regulation of Know Your Customer (KYC) – that is, knowing who you are doing business with – can be addressed by leveraging this social data with the aid of advanced big-data analytics to fight fraud and corroborate identity in banking, insurance, and telecoms sectors. The consumer digital footprint is a new area for consideration when it comes to identity verification and fraud detection. Cutting-edge analytics tools enable businesses to gain access to, and use, thousands of data points in real-time. This can provide confidence that the account is genuine, the person is who they say they are, and identifies inconsistencies indicating potential fraud, highlighting a need for further verification processes such as in-branch verification or Knowledge Based Authentication (KBA).
Campaign director Business Reporter O BE able to combat a threat, you must first understand what the threat is. The most effective weapon in the fight against fraud is therefore having a strong awareness of all that threatens you. This isn’t easy – and with the UK reportedly losing £193billion a year to fraud, it is pretty safe to say that new types of fraud are constantly emerging. One in four small businesses in the UK fall victim to fraud every year with financial losses of £18.9billion. To protect yourself from being hit by fraud, you should make sure you know where your main vulnerabilities lie. Your customers, your employees and your suppliers should all be high priorities, as they have direct access to the more intimate elements of your businesses where fraud can occur. Then you have the unknown element of today’s cyber-criminal, accounting for 70 per cent of all fraud. To help us all have a strong awareness of fraud, report any fraudulent activity to Action Fraud.