The literature is replete with various definitions of fraud. Generally, fraud is regarded as any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.The Oxford dictionary defines fraud as a wrongful or criminal deception intended to result in financial or personal gain. According to the International Standards on Auditing (ISA 240), fraud is a deliberate act by single or more persons amongst organization, those charged with authority, staffs or third parties including the use of dishonesty to get on unfair or unlawful benefit.
Summatively, fraud can be said to be a deliberate misrepresentation by single or more persons amongst administration and employees with an intention to gain illegitimate advantage. It commonly includes activities such as theft, corruption, conspiracy, embezzlement, money laundering, bribery and extortion.
Different types of fraud have been identified. Among them are the following:
Employee fraud against employers (e.g. payroll fraud;falsifying expense claims;thefts of cash; assets or intellectual property;false accounting, etc.).
Crimes by businesses against investors, consumers and employees (e.g. financial statement fraud; selling counterfeit goods as genuine ones; not paying tax or contributions paid by staff, etc.)
Crimes against financial institutions (e.g. using lost and stolen credit cards;cheque frauds;tax evasion, etc.)
American criminologist Donald Cressey developed a framework that has come to be known as the Fraud Triangle to explain the factors that leads to fraud and other unethical behavior.
According to Donald Cressey, the three factors that make up the fraud triangle are a) pressure, b), opportunity, and c) rationalization. Sometimes, it is represented as opportunity, motive and rationalization.Cressey argues that most individuals require some form of pressure to commit a criminal act. Pressures can include money problems, gambling debts, alcohol or drug addiction, overwhelming medical bills.
And an opportunity to commit the act must be present. A temporary situation may arise where there is a chance to commit the act without a high chance of being caught. Fraud is more likely in organizations wherethere is a weak internal control system; poor security over the organization’s property; little fear of exposure and likelihood of detection; and unclear policies with regard to acceptable behaviour.
Cresseyargues thatthe mindset of a person about to commit an unethical act is one of rationalization. This is where the individual manages to justify what he or she is about to do. Some may think they are just going to borrow the stolen goods, or that they need the money more than the “big” company they are stealing from.
Today, more and more people are choosing to shop online for things that traditionally would have been bought in store. This has changed the speed, intensity and sophistication of committing fraud, a movement from traditional to cyber fraud. A recent report by Cybersecurity Ventures predicts cyber fraud will cost the world $6 trillion annually by 2021. It has become one of the biggest challenges that humanity will face in the next two decades, according to Steven Morgan, editor for the cybersecurity research firm.
New digital payments are redefining trends in fraud. For example, online wallets and cryptocurrencies continue to gain ground over traditional banking institutions. And most digital natives use digital wallets such as Apple Pay, Venmo or Google Pay. These sources present a prime target for fraudsters as they don’t even need to have the real card, they only need the card details which can be stored digitally.
‘Friendly fraud’ happens when a real customer does receive the goods they ordered, but claims not to have received the goods and goes on to file a chargeback through their bank instead of requesting a refund from the seller.
Others use sophisticated heavy-duty software like Anti-Detect and Kameleo to avoid browser IDs. This software enables fraudsters to create multiple instances of virtual machines in browser windows.
Location spoofing is another strategy used by hackers to commit online fraud. This applies in situations where hackers buy a bunch of compromised card details, and quickly detect where the card they are using is registered to, and then spoof the location to create an impression that they are in that location.
The dark web is a corner of the Internet where criminals and hackers can interact without being traced. This is where fraudsters buy and sell card details, personal information, credentials, credit card numbers, and share information about how to go about committing fraud, what tools to use etc.
The need to combat online or cyber fraud has become necessary to help protect organizational reputation, promote transparency in business operations, to limit liability and to mitigate business risk. Thus, there is the need for businesses to take a proactive role in dealing with this issue by ensuring that appropriate controls are in place to help prevent and detect fraud.
Even though digitization has created major opportunities for businesses, in today’s world, almost every instance of financial fraud is perpetrated with the use of a computer.
New and up-to-date technology is absolutely necessary to combat fraud more effectively and efficiently through data solutions, procedures, workflow and improved risk management. New technology in areas such as data visualization, predictive modelling, and other analytic testing are proving useful in combating fraud.
Technology also allows organizations to move from static or periodic fraud monitoring techniques, such as detective controls, to continuous, real-time fraud monitoring techniques that offer the benefit of actually preventing fraud from occurring.
By using such technological tools to implement real- time fraud prevention programmes and advanced fraud detection tools, organizations can reduce the time it takes to detect fraud, thereby reducing the cost of fraud.
Computer forensics is an investigative discipline that includes the preservation, identification, extraction, and documentation of computer hardware and data for evidentiary purposes and root cause analysis. Computer forensic technology and software packages are available to assist in the investigation of fraud — where computers are used to facilitate the fraud — or to identify red flags of potential fraud.
The IT fraud risk assessment is a tool that assists IT management and internal auditors in systematically identifying where and how fraud may occur and who may be in a position to commit fraud. A review of potential fraud exposures represents an essential step in addressing IT management’s concerns about fraud risks. An IT fraud risk assessment concentrates on fraud schemes and scenarios to determine the presence of internal controls and whether the controls can be circumvented.
Even though the above measures put together will not eliminate cyber fraud, it will go a long way to minimize its occurrence.
Nana Prof. Osei Darkwa, President
African Virtual Campus