3 ways to reduce fraud risk in a changing cybercrime landscape

May 18, 2021 11:03
Photo: Bloomberg

The COVID-19 pandemic has intensified the risk of fraud globally, and Hong Kong is no exception: criminals thrive on uncertainty and disruption, and the conditions of the pandemic provided an abundance of both. Companies accelerated digital transformation, work-from home arrangements, and online collaboration, sometimes leaving security loopholes that made staff vulnerable to fraudsters. Hong Kong police reported that cybercrime in the region surged two-fold in the first half of 2020 alone, transforming the fraud landscape.

These threats are nothing new: the spread of coronavirus has simply made them more prevalent, and hence more visible, both to the general public and senior management. It is well recognised that fraud attacks have a very large reputational and monetary impact. However, the range of fraud types and speed at which it spreads can make prevention seem like a daunting task. Here are three ways by which businesses can help protect themselves from fraud.

1. Stay on top of fraud risk with proactive testing

Criminals have responded with characteristic ruthlessness and speed to exploit COVID-19. Banks and financial institutions in particular are under attack from fraudsters – HSBC recently issued a statement to customers warning of the increase in phishing SMS scams and fraudulent websites.

When launching new products and services, risk analysis and evaluation is essential right from the planning stage. New online solutions are more susceptible to fraud with large ‘attack vectors’ that criminals can exploit. To address this companies must adopt a proactive approach, conducting controlled stress-testing to identify potential flaws and loopholes of new products and services.

2. Think like a criminal to stay one step ahead

Criminals are without qualms when it comes to exploiting others for their own gain. For their schemes to work, offenders ensure that they are flexible and act quickly as situations unfold. Hong Kong’s financial institutions are required by law to continuously monitor emerging fraud and cybersecurity threats and review vulnerabilities to their own infrastructure. Banks are also required to monitor any external providers they work with for vulnerabilities.

Learning how criminals behave and how they think is crucial: this helps anticipate and nullify new threats. Equally, unsuccessful criminal activity is often hugely informative in exposing popular methods and techniques that criminals adopt in different regions. Only by studying the behaviour of criminals can their ways of operating be understood and, ultimately, identified and prevented.

3. Embed zero tolerance for fraud in the corporate culture

Embedding a zero-tolerance approach to fraud should be a priority for senior management and an anti-fraud ethos should be part of a firm’s wider culture.

Positioning fraud beneath this broader umbrella underlines the danger it poses to everyone within a firm. For example, after a data breach in 2019, American bank Capital One’s stock dropped 5%. Fraud affects the whole business, and by educating staff with such examples, the threat of fraud becomes far more vivid; the damage fraud can do to a firm’s profit margins is an excellent way of conveying your message.

Using a company laptop for personal use, or vice versa, for example, is fraught with risk. IT control standards, including identity verification must be as robust as it would have been in the office. Information about risks must be circulated whilst staff adjust to remote working.

A holistic approach is key here: cybercrime must be brought under the financial crime compliance canopy, instead of just credit risk.

Get to grips with fraud

Learning and education is fundamental to overcoming the issues that confront firms in the fight against fraud; without it, none of the statements above can even begin to be addressed. On a senior management level, this can be as simple as setting up email alerts or absorbing the latest reports and publications.

Awareness of fraud risk and a preventive mindset need to come from the senior levels of an organisation. The surest way of engaging the wider workforce in the battle against fraud is to arm yourself with the facts on fraud, recent case studies, and actionable ‘quick wins’ for each member of staff on how to mitigate the threat. This learning must be continual; criminals are unceasing, persistent and sophisticated in their efforts, and firms must be unceasing, persistent and sophisticated in turn, to better equip them to navigate an ever-changing fraud landscape.

-- Contact us at [email protected]

Chief Executive Officer, Asia Pacific and the Middle East, of International Compliance Association