‘on-line fraud, behind enemy lines’ by Ian Ross
Online and corporate fraud remains a serious concern for global Business. But
this paper argues that part of the problem in tackling the ever evolving nature of
fraud comes from the very techniques and approaches used to prevent it. The global market research and survey company „Frost & Sullivan‟ estimate that there are 2.28 million information security professionals worldwide. This figure is
expected to increase to nearly 4.2 million by 2015. Naturally security compliance is a must for all companies, companies that form an IT backbone. Consequently, the Information Security industry is going through an exponential growth rate. Current worldwide growth rate is billed at 21%. The information security industry is currently over $100 B ($60 B in US, $ 20B UK, $4.5 B Japan,
over $1.5 in India). So acknowledgement and „credit‟ where it is due, must go the financial
institutions for the marked increase in fraud prevention controls over the past 3 years, especially formulated to grow with the surge in popularity of social media,
e-commerce, and mobile services. E-finance is proof of the benefits consumers are enjoying from information and communication technologies. But there is also the creation of a worthless fraud prevention sub-market of its own; the creature
of „solutions‟ based IT resources being a means of leeching off the need for security and fraud prevention; namely a fixation on selling as opposed to securing – an entity which has been proved in the security industry generally over the past
ten years (in fact “yes” there is a CCTV camera near you, you need this
to make you secure and it does ever such wonderful things by the way….) These same technologies can create harm, when personal consumer information is stolen by way of fraud and identity theft. Or is it purely down to the „technologies”? Studies show that information systems workers, as expert as
they in matters technical and analytical, lack basic security knowledge. Proof? Since 2005, an estimated 543 million records have been lost globally from over
2,800 data breaches, and identity theft caused $13.3 billion in consumer financial loss in 2011 (BJS, 2011). Thus it is a major challenge for policy makers whose job is to keep on the right side of the law while trying not to lose the business, by balancing ex-ante regulation with ex-post litigation to protect both consumer and commercial
interests. Furthermore, a survey among lawyers in the USA, UK and Europe shows a serious
concern about Cloud Computing Services (using software as a service, users rent use of servers. Cloud providers manage the infrastructure and platforms on
which the applications run). Lawyers clearly state that data in cloud is a „business risk‟. Yes that it so, but when we look beyond the business risk, there emanates a conflict, which in turn equals risk of loss to fraud and puts companies
at risk of massive penalties because of „naturally occurring‟ data protection transgressions. Legal experts contacted by ‘Future Intelligence’
(independent IT expert analysts) say that in its current state, the cloud technology system worth
£14.4 billion globally to the technology companies promoting it, puts companies trusting personal data in breach of data protection legislation.
But the legal experts have also uncovered the potential for corporate fraud. The natural cross-over opens the can of worms which squirms off in different
directions: data fraud, breaches of auditing standards (which could constitute an offence in its own right of fraud by failing to disclose information if cover-up
attempts were made) financial statement fraud, „skimming‟ or understated sales or debtor payments……… IT security is great, but is a mere sticking plaster. Therefore, getting behind enemy lines, as opposed to following never ending sales-lines may warrant some thought. The battle-plans drawn up by fraudsters
vary as much as the countries in which they operate, some with single-cause fraud motives, or those who attack with a scatter of scams, cyber-attacks and multi-layered and organised and systemically networked financial crime activity.
On-line fraud will come into play at either one or at all of the stages of the activity, especially when extensive money laundering is concerned. For example, one downtown multi-national office you are gazing in awe at, could be better
named as „Crime Inc‟ (we wish) but more pertinently, the operation will be high-tech, security will be very good, and the employees who stampede out at the end of the day will be very well looked after. What is the crux of the matter is the
side-line involvement with worldwide business pursuits, such as betting (on-line fraud certainly included) gambling, sports (complete with match-fixing) over to
car dealerships, real estate et al
. One hub feeds out to many lines and outlets of money laundering or specific fraud or corruption. This is not a conveniently conjured up example, it is one proven case of one organisation. Other
organisations as we know run their money laundering and fraud as an ingredient through their own business lines; subtly disguised and „tweaked‟ to suit them and resist investigation.
By some estimates, the war on drugs just in the USA has cost close to a trillion dollars. What has that vast expenditure bought? Very little. According to the government‟s latest “Survey on Drug Use and Health,” more than 22 million
Americans – nearly 9 % the U.S. population used illegal drugs in 2010. Is there an inescapable link to fraud in order to fund drug habits? Afraid so. Many
criminals have gone beyond shoplifting to do this and say “ID theft is the way to go”. And laundering drug money is often done on-line and by social networks. Hence, the amounts of money involved are de-facto immeasurable, staggering figures (that fraud institutions and the „big 4 auditors‟ are reluctant to admit to). So where are the systems and „controls‟ etc etc which control this? Answer 1: the
financial institutions cannot even agree on what fraud is half the time. The whole concept of fraud falls down when it gets to the measurement of fraud, with private sector regulators insisting upon creating their own definitions and wildly
inconsistent financial fraud measurement parameters. Answer 2: we are spending far too long „developing‟ and indulging the same recycled and lame
initiatives. Yes we have the Financial Action Task Force (FATF) which rolls out it‟s „priorities‟ it‟s „initiatives‟ and its „recommendations‟; example - the G20 summit talks whereby the participatory agenda is thick with tactics from all parties.
Sorry, but there isn‟t much looking beyond the obvious. Academic research, deeply involved as they are, but with no up-take on converting such projects into workable fraud-fighting resources, structured by perception and ability, as
opposed to their formation, their training, their efficiency, being akin to
producing an instruction sheet about assembling a piece of flat-pack furniture. A massive void from the woolly strategic to the operational - and not helped by a
lack of data sharing and lack of co-operation with external enforcement resources, of which the banks are notoriously guilty of.
And - demonising certain nations as being „rife‟ with fraud and corruption, following dubious statistics and dealing in nationalistic stereotyping has led to a
certain way of thinking. That is not to say that massive corruption does not go on in African countries for example, but commensurate levels of corruption also exist
in countries that have a benevolent image (i.e. the UK – and I don‟t even mention the rate fixing fraud in the banks…) Our anti-fraud institutions still insist working on repetitious and tired partnering initiatives with dated approaches to engaging
stakeholders who carry with them their own political, legal and cultural baggage. This continues locally and globally and forever keeps us behind the times and
behind the criminals (if this is not true than why has global fraud reached unprecedented levels?). Ironically also, and not just the FATF, but they provide an example when in June 2012, the FATF Plenary issued a statement (concerning
Turkey), which reviewed the „voluntary‟ tax compliance programmes (tax fraud to you and me) in Curaçao, Spain and Pakistan and issued three new reports to outline new trends in money laundering and terrorist financing. Wonderful!
Hence there is no real „diversion‟ in dealing with our money launders, or corruption hyenas, so what we are doing in reality is following a „labelling theory‟
which drives the anti-fraud initiatives down an aimless avenue, with all the verve and purpose of a bureaucrat driving a steam-roller – one which is stuck in first
gear and has no steering wheel. More enemies behind the lines or those „within‟ are presented by recent cases
involving for instance GlaxoSmithKline, fined $3 billion for promoting the popular anti-depressants Paxil and Wellbutrin for unapproved uses. The fraud implicit within this case is hidden to most, yet creates another example of fraud slithering
around between different types of crimes and other crime becoming a vehicle for fraud. Oxford University‟s academic publishing arm, Oxford University Press (OUP) was ordered by the UK High Court to pay a fine of almost £1.9 million, following the discovery that two of its African subsidiaries had been involved in corruption
activity. “We don‟t tolerate such behaviour” thundered the Chief Executive, with all the tacky rhetoric one can summon, and sudden strategically bought integrity
by donating a couple of million to buy books for „deprived regions‟ in Africa (and why was the investigation confined to Africa one asks?). But one STUDENT Jack Ramsden commented that it was “refreshing to see a company committed to
openly rooting out its corrupt elements”, but interestingly added, “I do wonder how OUP‟s board can have failed to be aware of its subsidiaries‟ practices, and why it took an external authority to compel the central board to monitor its
fringes”. It goes back to our earlier points here; by showing the disconnection between those in senior influential positions, who take fraud „oh so seriously‟, by reading from the manual of decorous but sham responses when caught
committing fraud) to a student who made more fraud related inputs then any of those who have corporate governance responsibility for preventing it.
Away from specific „offenders‟, one colleague in South Africa called for the need to get back to some sound box-standard investigation approaches to fraud. He
argues that we have gone too far in relying on technology (and he is the owner of a company that fights cyber-crime by the way!). „Micro Finance‟ in the un-banked sector of the population means those people that least can afford it being
forced to pay large sums of money in interest. This is resulting in the poverty gap increasing. Certain countries such as South Africa have a legislated a system to control Micro-loan companies. This caps the costs; however the rates are still
extremely high. But it doesn‟t end there …… Facts of such practices, involving extortion („agents‟ in the workplace), fraud, forgery, corruption, that if taken in isolation the full facts and caustic aggravating features of these serious cases would not be captured, offenders would get off
very lightly. So would it not be expedient for cameras to be installed in all legitimate Micro-Loan Lenders premises and pictures taken of each person given
a loan to be attached to their application? However this may be considered an infringement on the person‟s right to privacy! In the USA, seemingly genuine religious organisations, who are really acting on behalf of criminal groups often deposit cash „donations‟ in their bank accounts,
alleging the funds are given by worshipers. In another scheme, debit and prepaid cards help money launderers move enormous sums, broken into countless small amounts and of course across international borders without triggering financial
controls that monitor larger transactions. A good reason why we should get „behind enemy lines‟. In Japan, the „Yakuza‟ are of course a well-known criminal organisation with a history going back to the 1600s, whose activities do not involve „street‟ crime, as this is undignified. No, today they are behind the vast cyber-fraud and create
more fictitious investment scams than any other country and control 30% of Japan‟s international financial transactional operations.
Lest we forget those who are meant to be the most assiduous of all - but are not! Police corruption, yielded by fraud and corruption, such as taking bribes,
investigative malpractice, and yes everyone, UK tax revenue IS actually someone else‟s money and not a slush fund for fiddling overtime. And in Mexico we have a landmark example of how this is a recognised problem that at last seems to be
being taken seriously? The new President elect Peña Nieto insists he will keep to his mandate of dismantling the 'Ministerial Federal Police as it became in 2009 (that is until the allegations of buying votes are resolved) as the Federal
Investigations Agency was restructured and renamed by the Attorney General's Office, who reported that one-fifth of its officers were under investigation for criminal activity. Watch this space!
We could go on globally; the Russian FSB (which replaced the KGB) is of a
construct that enjoys expanded „responsibilities‟ but yet has immunity from parliamentary control. Its budgets are never published. So the thousands on the streets of Moscow were not exactly demonstrating just about high taxes!
In fighting fraud, we have more facts to contend with than many prefer not to acknowledge. No-one denies that the human element needs to be controlled by
an amount of automation, but when it is taken away we see this building of total reliance on what is but one means of preventing fraud (and yes fraud does go on outside those walls). In reality, the sheer myriad of fraud schemes and corrupt
players creates not just an „us and them‟ situation, we have „us and them and them‟! Relying on preventive controls is not enough!
Mahboob Nemati Educational Background: Pharm. D: 1997, from Tehran University of Medical Sciences, Tehran, Iran Research Fellow: 2003, in Food Chemistry and Medical Hydrology, from Kyoto University, Kyoto, Japan PhD: 2003, in Food Chemistry and Medical Hydrology, from Tehran University of Medical Sciences, Tehran, Iran Food analysis & Control (Nutritional value, additives, contamina
Piyarat Govitraponga,U, Jaturaporn Chagkutipa, Wanpena Neuro-Beha ¨ ioural Biology Center, Institute of Science and Technology for Research and De ¨ elopment, Mahidol Uni ¨ ersity, Salaya, Nakornpathom 73170, Thailand b Department of Psychiatry, Faculty of Medicine, Srinakarinwirot Uni ¨ ersity, Bangkok, Thailand c Department of Physiology, Faculty of Medicine, Chulalongkorn Uni ¨ er