The Bahamas may be experiencing an increase in fraud, as is the world-over. It is generally accepted that fraud is something that most, if not all companies, have to deal with, both from without and from within. Don’t think so? Consider a couple of everyday occurrences. Perhaps the use by employees of business telephones for personal use, or the filing of inflated expense claims. Or maybe the practice of artificially increasing an insurance claim after a loss has occurred.
Analysts in the U.K. believe that in the latter case, one in ten motor insurance claims and 15 percent of household claims contain some element of fraud, and the incidence rate is increasing at 30 percent a year.
The Association of Certified Fraud Examiners in Texas estimates that the average company loses $9 per day per employee to fraud, or up to six percent of revenue, and of most concern to business is the reality that fraud of the type outlined above is often considered by the perpetrator to be acceptable practice. The reality too, is that such white-collar crimes are generally considered of low importance by law enforcement, and an affected company will rarely have success in pursuing corrective action. The issue for most companies becomes one of internally policing what can readily be controlled, and putting the balance down to the cost of doing business.
The means of dealing with fraud have historically involved human beings engaged in some form of reporting and control, but the rise of e-commerce has led to development of a whole new area of fraud that requires more rigid and diligent control. Knowing your customer in the world of e-commerce is a significant challenge, with the means of hiding identity easy to those who would engage in fraudulent practices. The Internet in particular provides fraudsters with complete anonymity, and the incidence of fraud arising in areas such as identity theft, or false online transactions, is rapidly increasing.
As a result of the above, organisations are turning to the use of technology to help in identifying fraud in real time, capturing a transaction before it has been approved. This use of real time identification is born from the realisation that the likelihood of reimbursement of lost funds after the transaction has been sanctioned is not only remote, but likely to cost more than the amount recovered. For an e-commerce transaction that totalled $100, getting law enforcement’s attention to pursue a fraudster, even if they could be identified, is an uphill struggle. Experience suggests that organisations rarely recover more than 10 percent of the value of the crime due to the cost and practical difficulty in gaining a conviction in the courts. Moreover, monetary loss to the business is likely to be outweighed by a higher loss to reputation in the event that such episodes become widespread or commonly known.
Software that has been development to tackle the problem relies on two related approaches. Firstly, neural networks establish a pattern of learned behaviour where a history of a customer’s “normal” or typical practices is acquired, allowing a current transaction to be measured against a learned yardstick. Then, a second scorecard application, which allocates risk points against a transaction, will help decide whether it should be accepted or rejected. For example, a sudden very high credit card transaction from a location that is far from those normally experienced by the card-holder in question, is likely to result in a red flag being raised.
The problem with neural networks lies in the need to establish a history or pattern of normal behaviour, something that is unlikely in random e-commerce transactions. Moreover, scorecard applications can readily result in false negatives that could have the effect of rejecting a profitable transaction from an otherwise highly reputable customer. An over zealous implementation of fraud detection might identify 100 percent of all fraud, but in the process it would likely reject a high percentage of real transactions. In practice, there is a middle of the road approach that is taken to minimise fraud, and still engage in sensible business. A general rule of thumb is that businesses should be prepared to accept a false positive rate of about 10 percent.
A related reality is that total dependence upon technology is a risky strategy. A better approach involves a mix of software and human resources, where software generated alerts are passed to customer service representatives for off line appraisal. This cuts out much of the risk associated with “insult rejections” that would have the effect of turning away otherwise honest and upstanding customers.
Of course, fraudsters are themselves adept at using electronic and human wiles to practice their craft, and the matter becomes one of both sides using technology to keep pace with, or preferably outwit, the other. And unfortunately, at the end of the day, it is the honest consumer who ends up paying for it.
Paul Hutton-Ashkenny is the president of Systems Resource Group Limited and Bahamas On-Line. Business partners include Cisco Systems, Mitel, HP/Compaq, Microsoft. Questions/comment/info P.O. Box N 3920 Nassau, Bahamas or info@srg.com.bs.
