IT-based fraud on the increase
A significantly lower barrier to entry is allowing IT-based fraud to flourish.
So says Vinod Vasudevan, COO of Mumbai-based Paladion.
Vasudevan says recent estimates from the Association of Certified Fraud Examiners (ACFE) are that up to 5% of enterprises' annual revenues could be lost to fraud, with the average time taken to detect these frauds around 18 months.
A number of factors are driving the rapid growth in IT-based fraud, he says. Key among these is the relative ease with which fraudsters can acquire the tools needed to commit fraud.
"The technology needed to commit fraud is easily available in the underground economy, and the fraudster no longer needs specialised skills to use it. For example, card-skimming devices may cost as little as $100, while phishing kits might be acquired for as little as a few hundred or a thousand dollars," Vasudevan says.
"Another factor making fraud more prevalent is the data explosion. Now, a vast amount of personal data is available in many forms throughout the enterprise. This increase in data volumes means the possibility of data leaking has increased. Incidents of data loss or leakage - either unintentionally or deliberately - has certainly increased in recent years," he says.
These factors, amplified by global economic turmoil, is driving people to seek ways to make 'fast money', creating an environment in which online fraud can flourish, he says.
Vasudevan notes that there is an increase in the incidence of high-volume fraud, such as phishing attacks on banks and data theft in the telecoms domain. High-volume frauds are those where the per-transaction loss is not high, but the overall impact can be significant in terms of total revenue loss or reputational damage.
In addition, he says: "Now fraud is cutting across domains - for example, SIM cloning impacting the telecoms sector may lead to bypassing the two-factor authentication for banking, which then also leads to financial fraud impacting the banking sector."
Vasudevan says there is growing awareness among enterprises of the need to mitigate technology-based fraud. Doing so effectively requires a focus both on technologies and processes. "Given today's transaction volumes and fraud scenarios, it is no longer possible to rely on processes and people's diligence to detect fraud. Automated systems for monitoring transactions and detecting abnormal patterns are 'must-haves' for organisations to combat fraud," he notes.
Vasudevan will address the upcoming ITWeb IT Security Summit on the topic of enterprise fraud, discussing how enterprises can build effective mechanisms to detect and prevent technology fraud. For more information about this event, click here.