How Are Organisations Vulnerable to Fraud?

Posted by Kelvin Chandran on 11/13/18 11:20 AM
Kelvin Chandran
Find me on:

How Are Organisations Vulnerable to Fraud?

Even though consumer fraud remains a large issue for millions to billions of people annually, many tend to forget about the significance of business fraud.

According to The 2018 Global Fraud and Identity Report, 45% of business executives were significantly more concerned about how the risk of fraud will impact their companies in 2018. Moreover, this same report (released in January 2018) showed that 63% of businesses had experienced the same amount of fraud or more in the past twelve months.

With these concerning stats, it’s essential to be aware of the various types of ways in which an organisation could be vulnerable to fraud. In this article we examine a few of these examples, as well as explain which organisations and industries are particularly prone to fraud. Finally, we outline the important role that blockchain can play in reducing the risk of fraud.

Cyber Attacks and Security Vulnerabilities

Protecting data is becoming more expensive and more difficult to achieve in recent years. This is largely due to new types of attacks that most organisations are not prepared enough for to stop. Here are just two examples of these emerging threats.

Some attacks are quite simple and can be mitigated through basic education like telling employees not to click on a link to an unknown site within a suspicious email. Others are more advanced. For example, in early 2018, a new type of phishing called conversation-hijacking attacks quickly became a popular choice for cybercriminals. These attacks occur “when hackers manage to infiltrate legitimate email threads between people, and use highly-customised phishing techniques to make it look as if the victim is the one sending messages back and forth.”

Additionally, new types of cybercriminal activities are putting business efficiency at risk. Throughout Q1 and Q2 2018, cryptojacking emerged seemingly out of nowhere to displace ransomware as the most popular cyberthreat. In August 2018, one in three organisations reported that they had been affected by mining malware that uses computing power to illegally mine cryptocurrency. As a result, this activity significantly reduced the capabilities of devices to perform normal operations.

Application Fraud and Synthetic Identities

Businesses want to make the customer onboarding process as simple as possible, while also still complying with various regulations and keeping information secure. The main issue is that current systems used for important processes like KYC and identity checks are oftentimes unable to detect cases of application fraud. As a result, businesses that require these processes waste capital, human resources, and time. Meanwhile, long processes can serve as significant barriers that drive legitimate customers away.

Application fraud is often caused by synthetic identity schemes (SIFs). The Wall Street Journal listed SIF as one of the top three risks facing the banking industry in 2016. Since that time, this issue has only continued to grow. On the dark web, criminals are capable of finding sensitive financial information belonging to real people. With this info, they can make partial or complete identities. These scammers are able to pass existing KYC checks by creating a variety of fake documents that expand far beyond basic financial and identification information. For example, SIF criminals can falsify payment statements and even entire businesses.

Reusing Passwords Across Multiple Websites and Applications

While using the same password for multiple accounts seems like a rather obvious bad choice, you might be surprised just how many people actually still do this today. According to a May 2018 survey from LastPass, 91% of survey respondents knew that using one password was a security risk. However, 59% of those surveyed admitted to being mostly guilty or always guilty of using the same password. An even worse result is the fact that 55% of respondents said they wouldn’t update their password if that account had been hacked.

It’s easy to imagine what sort of negative implications this could have on businesses of any size or industry. Think of how one account being hacked could easily lead to every account being hacked. By not focusing on password security, an organisation account hack could affect everyone within an organisation as well as negatively influence customer opinions, which could impact customer retention and/or long-term profitability.

Changing a password after a hack occurs or using different passwords across various accounts certainly isn’t a guarantee to preventing all security issues within an organisation. However, it’s a useful (and simple) method that too many companies simply ignore.

Which Industries Are the Most Vulnerable to Business Fraud?

In the early days of the internet and data storage, the answer to this question might have been limited to only a couple of industries. Today, this answer is much different. When examining the three examples listed above, any organisation could be a victim of these types of fraud. A number of businesses, especially those that are responsible for storing and processing sensitive financial and identity information, are highly vulnerable to a wide range of fraud types.

Traditional financial institutions (i.e. banks) are probably the most likely target since they provide the most direct way for cybercriminals to steal funds. However, the targets of large-scale data breaches in recent years have become more diverse, spanning across a number of industries. These have included e-commerce websites, brick-and-mortar shops and restaurants, social media platforms, traditional consumer credit agencies, and other businesses.

If you’re concerned that your own organisation might be prone to fraud, what are some effective prevention strategies? Besides being knowledgeable about the various types of fraud mentioned above, leaders within organisations can implement innovative technologies that have proven to reduce fraud risk.

Blockchain for Fraud Prevention and ID Management

As demonstrated in this article, modern businesses have to be better prepared to prevent various types of fraud from an array of sources. While there are a few fraud prevention methods that are simple for companies to implement, some vulnerabilities are too difficult to solve with traditional fraud detection technologies.

Blockchain technology can help any organisation enhance data security. Blockchain can help organisations (and individuals) prevent malicious cyber attacks and application/synthetic identity fraud. It can even improve login and access management across many websites and mobile applications.

If you’re interested in learning how exactly blockchain can empower more efficient, cost-effective KYC/AML compliance, identity checks, and risk scoring, read our detailed guide on blockchain for ID management.

Read about blockchain for ID management

Topics: Fraud prevention

Recent Posts

Subscribe here