At a national conference last month, experts examined the latest methods for fraud protection and
detection. By Dennis Blank
Although the Internet offers a high-tech vehicle for financial transactions, the medium also is riddled with fraud hazards. But at a recent fraud protection conference, auditors and other financial investigators promised a host of new developments, including software that raises red flags over questionable transactions.
Experts detailed fraud problems and new technology at the Association of Certified Fraud Examiners Conference, held last month in Orlando, FL. Highlights of the conference included methods of money laundering on the Net, ways to prevent e-commerce credit fraud, and software that detects and prevents fraud and embezzlement.
Manuel Abascal, a Los Angeles attorney with the law firm of Latham & Watkins and a former federal prosecutor, warns that the Internet has created a haven for money laundering because of its speed and ability to mask transactions, especially for offshore banking. "You can create a facade that people will fall for," he says.
According to Abascal, such is the case of two ex-felons who remain fugitives today. The pair created the "Dominion of Melchizedek," a non-existent country based on submerged islands near the Philippines. Nevertheless, a now-defunct Web site offered details of the country's history, and 30 bank charters were issued before the site was shut down.
Law enforcement officials say these "so-called banks" were involved in serious fraud, the attorney explains. It was possible to transfer funds from a bank in the United States through Melchizedek, then on to tax havens such as Gibraltar or Antigua. "The origin of the money was totally obscured," Abascal says.
Various forms of e-money, including cybercash and credits moving into downstream transactions, are difficult to trace, he says. The problem is compounded since the U.S. government is taking a wait-and-see attitude about whether it is legal tender, Abascal adds, and it has not moved to take any enforcement action. He also says that money launderers can exploit the lack of regulation on whether electronic funds transmitters, money exchangers and check cashers qualify as financial institutions under the Bank Secrecy Act.
Even with the financial failure of Cybercash, the primary promoter of currency exchange on the Internet, "offbeat currency is still alive with beenz, flooz and idollars," Abascal says. These are commercial names for money credits now used on the Internet. Moreover, the creation of various precious-metals sites, including offshore gold-based currency sites, may pose potential problems for law enforcement, Abascal says, because they could be easy sources for money laundering.
Cyberfraud is a growing worry for the nation's businesses, says Robert Nelson, who works in securing electronic evidence for Deloitte & Touche, a consulting firm in Chicago. According to Nelson, a March report by San Francisco-based Computer Security Institute indicates that of 538 U.S. security companies surveyed, 64% acknowledge financial losses due to computer breaches. Of the $377 million total reported losses, $151.2 million involve theft of proprietary information. Financial fraud accounts for another $93 million.
Because many of the computer attacks are instigated by workers or ex- employees, Nelson says business owners need to monitor how much time workers spend on the Internet and how much they download, including frequency, volume and the time at which downloads occur. Checking e-mails and the size and frequency of attachments are important surveillance techniques, he adds. A great deal of cyberfraud can be prevented by frequent, unannounced reviews and random computer investigations. Other curbs involve restricting employees' computer access, network accounts and privileges.
A worse problem is online credit fraud, which will reach over $9 billion by year's end, according to Al Cameron, credit/loss prevention manager for Digital River Inc., a provider of e-commerce solutions based in Eden Prairie, MN. Cameron told the fraud examiners that Web-based companies which conduct online transactions have twice the number of thefts of confidential data and three times the loss of revenue from fraud that companies without online business ventures report.
The most common rip-offs are through identity fraud, which involves using someone else's credit card to make purchases. "Internet shoplifters only need a computer, an Internet connection and stolen credit information as tools of their trade," Cameron says. "I have seen one credit card statement where the credit card number was used for over $14,000 worth of purchases in one week's time, and every purchase was fraudulent."
There has been a 600% increase in cyberfraud in the last two years, Cameron says. Last year, he states, there were over 1,000 complaints a week filed with Internet-based companies that handle cyberfraud cases.
One way to take quick action is through physical intervention. When suspicions are raised about an order's originating phone number and zip code, a fraud specialist should contact the customer for verification, Cameron explains. Another safeguard from illicit transactions is installing fraud-detection software. "Your company must learn to use the Internet information that your fraud-processing software captures," he says.
"There are software solutions that will help focus on the problem vendors and how to eliminate them," according to Timothy Galvin, vice president of North American operations for Xanalys Inc., a software company located in Waltham, MA. Its Watson software enables users to sift through hundreds of accounts and uncover patterns of abuse by vendors. Capabilities include spotting questionable invoices and expenditures in one account, then cross-checking data against another account.
"The types of vendor fraud we have to deal with today are the same schemes from ancient times," Galvin says. "Our dilemma is that these frauds are occurring with ever-increasing speed, as more and more business transactions are done electronically and funds can be transferred around the world instantaneously."
Steve Nicholson, account manager for ACL Services Ltd., a fraud detection software company based in Vancouver, BC, says his company's software runs tests to identify indicators of fraud, such as invoices without a valid purchase order number or the absence of a receiving report. "You can perform a computerized search of the vendor list and look for the P.O. box addresses, duplicate addresses and vendors with no phone numbers," he says.
Auditors are faced with more detective work on financial statements from publicly held companies, according to Toby J.F. Bishop, who is in charge of fraud research at Chicago-based consulting firm Andersen. "The scale of financial statement fraud is gargantuan," he says. "The creation of huge companies and high stock market valuations have led to a big increase in the cost of fraud in recent years."
In addition to surprise audits and substantive tests to detect the override of internal control by management, Bishop says universities have created a computer analysis that detects the possibility of fraud. "Using some clever mathematical techniques, an auditor can analyze financial statements and identify those that have significant similarities to those of companies that previously committed financial statement fraud," he says. "By computerizing this analysis, it can be done quickly and, in most cases, very easily."
Computers also enable auditors to review all transactions. "Fraudsters who rely on auditors only checking a few transactions may be surprised to find there is nowhere to hide their bogus entries," Bishop says.
Dennis Blank is a freelance writer based in Alamonte Springs, FL.