The Fraud Playbook
Data breaches are accelerating at an alarming rate. In fact, 2008 was a record year for digital crime. But let's not forget about such good old-fashioned tactics as returns fraud, card-not-present fraud, employee theft, credit card cloning, fake receipts and shoplifting.
The struggling economy is exacerbating the problem, experts agree, at the same time as a disturbing trend is accelerating -- adoption of fraud techniques by organized gangs of criminals that are well equipped, highly skilled, extremely motivated and frequently located beyond the reach of the U.S. legal system.
"While fraud is committed during strong economic conditions, it is clearly exacerbated in declining markets," says Kerry L. Francis, chairman and national leader of Deloitte Financial Advisory Services Corporate Investigations practice. "Smaller paychecks, reductions in employee headcount and internal controls, as well as diminished morale, are just a few factors that can open the door to fraud in a down market."
Meeting New Realities
Retailers today are adjusting budgets for loss prevention (LP) to meet new economic realities. A question they face is this: To cut or not to cut? If history is a guide, many retailers are already planning to cut LP budgets in response to the pain inflicted by the current economic downturn.
But as Francis notes, reducing internal fraud controls through budget cuts may actually cost more money later. According to the Loss Prevention Budget Trends report conducted recently by Preference Research, there is a strong correlation between reducing LP spending and increased retail shrink.
According to the survey, 77 percent of respondents report that during past soft economies their spending on LP was cut or delayed. And during this time the cost of shrink increased for 68 percent of respondents. Nearly all respondents -- 98 percent -- agreed that cutting LP budgets during an economic slowdown would make retailers more susceptible to theft.
Although there are definitely new wrinkles in the fraudster playbook, historic schemes that occur during a downturn include manipulation of reporting in such areas as revenue, inventory and cost of goods sold.
Error and theft at the POS typically accounts for as much as 50 percent of shrink by most industry estimates, surpassing that of customer theft.
"Retailers have long focused their attention on customer merchandise theft," says Christine Bardwell, retail technology analyst at Datamonitor. "But general employee and cashier caused shrinkage, whether intentional or not, is now a massive concern in most retail organizations."
Also of concern are some new methods used by fraudsters that include bundling together small-denomination electronic gift cards to buy high-ticket items; installation of tiny computer processors, miniature cameras and Bluetooth wireless connectivity to capture data in transit at the POS; and sophisticated, team-oriented shoplifting sprees.
Fraudulent Returns
Despite the size and scope of the fraud problems facing them, retailers have good tools at their disposal to fight back and limit their exposure. Returns fraud has never been easier than it is today with home PC technology and the Internet. But by putting sound processes in place retailers will reduce fraudulent activity significantly.
For example, when a customer returns an item with a paper receipt, the receipt identifier is scanned and the original transaction details are returned to the POS register. Fake receipts simply do not work as easily if the original transaction can be retrieved and the item verified.
Without a receipt, a solution retailers can use is a velocity check to monitor how many times the customer has been a non-receipted returner. However, sometimes customers with the highest number of returns are actually among the best customers.
A more efficient way to handle this is to convert it into an electronic or digital receipt by using original receipt lookup. When receipts are available in a digital format, they can be retrieved on demand by sales associates, allowing them to correctly verify the merchandise being returned.
Digital receipts use search and identification parameters to find the original transaction from a database. When the search parameters locate the digital receipt the item is returned and securely authorized.
Online Fraud
As fraudsters continually educate themselves in ways to circumvent traditional anti-fraud systems, merchants need to be aware of what other methods they can deploy to find the right balance between security and ease-of-use for online customer transactions.
Using a combination of tactics is the most effective method because it creates a complex net that fraudsters have to negotiate. These tactics include checking for drop-shipment addresses and visibility into time zone and language settings (to determine if, for example, a Russian language setting is used to make a transaction from New York at three in the morning).
Checking for lazy keystroke entries, such as "abcd," may be a tell-tale sign of a suspicious customer profile. The same is true for sequential e-mail addresses, a practice called "e-mail tumbling."
Although automated tools are important, retailers should not eliminate manual investigations to find themes a computer would never uncover. For example, a computer would not know to create an alert if names like Peyton Manning, Tom Brady and Brett Favre show up with a common linkage despite being different in almost every other way.
Accounting Fraud
To prepare for increased risks associated with accounting fraud many retailers are establishing new protocols for conducting investigations.
"Strong anti-fraud programs and controls can reduce fiscal, investigative and reputational costs," says Donna Epps, partner and national leader of Deloitte Financial Advisory Services' Anti-fraud Consulting practice. "Clearly communicated, written guidance helps promote an integrated fraud prevention program across all levels of an organization."
To help make this happen, retailers are adding fraud awareness training, more robust fraud risk assessments and expansion of internal audit monitoring efforts. Specific tips include clearly defining anti-fraud program roles and responsibilities for LP departments, auditing bodies, company management and line-of-business employees. Another good approach is to establish a whistle-blower hotline that is easily accessible and confidential. And, of course, regular communication and training about LP is essential.
The good news for retailers is that existing technologies and processes can do an effective job of controlling fraud and reducing exposure in an era of increasing criminal activity. Using advanced technologies, retailers are not only able to fight fraud but add revenue at the return counter, online and in back-office processes.
The bad news is that budget cuts for LP activities, a common occurrence today, are likely to produce rising fraud rates. As mentioned, the right blend of technology and internal controls will help retailers fight back against this assault. However, if pro-active steps aren't taken retailers will expose their organizations to a relentless enemy that attacks weakened defenses and takes a growing chunk out of their bottom lines. Retailers get to pick which course they want to steer, and then accept the final results.
The struggling economy is exacerbating the problem, experts agree, at the same time as a disturbing trend is accelerating -- adoption of fraud techniques by organized gangs of criminals that are well equipped, highly skilled, extremely motivated and frequently located beyond the reach of the U.S. legal system.
"While fraud is committed during strong economic conditions, it is clearly exacerbated in declining markets," says Kerry L. Francis, chairman and national leader of Deloitte Financial Advisory Services Corporate Investigations practice. "Smaller paychecks, reductions in employee headcount and internal controls, as well as diminished morale, are just a few factors that can open the door to fraud in a down market."
Meeting New Realities
Retailers today are adjusting budgets for loss prevention (LP) to meet new economic realities. A question they face is this: To cut or not to cut? If history is a guide, many retailers are already planning to cut LP budgets in response to the pain inflicted by the current economic downturn.
But as Francis notes, reducing internal fraud controls through budget cuts may actually cost more money later. According to the Loss Prevention Budget Trends report conducted recently by Preference Research, there is a strong correlation between reducing LP spending and increased retail shrink.
According to the survey, 77 percent of respondents report that during past soft economies their spending on LP was cut or delayed. And during this time the cost of shrink increased for 68 percent of respondents. Nearly all respondents -- 98 percent -- agreed that cutting LP budgets during an economic slowdown would make retailers more susceptible to theft.
Although there are definitely new wrinkles in the fraudster playbook, historic schemes that occur during a downturn include manipulation of reporting in such areas as revenue, inventory and cost of goods sold.
Error and theft at the POS typically accounts for as much as 50 percent of shrink by most industry estimates, surpassing that of customer theft.
"Retailers have long focused their attention on customer merchandise theft," says Christine Bardwell, retail technology analyst at Datamonitor. "But general employee and cashier caused shrinkage, whether intentional or not, is now a massive concern in most retail organizations."
Also of concern are some new methods used by fraudsters that include bundling together small-denomination electronic gift cards to buy high-ticket items; installation of tiny computer processors, miniature cameras and Bluetooth wireless connectivity to capture data in transit at the POS; and sophisticated, team-oriented shoplifting sprees.
Fraudulent Returns
Despite the size and scope of the fraud problems facing them, retailers have good tools at their disposal to fight back and limit their exposure. Returns fraud has never been easier than it is today with home PC technology and the Internet. But by putting sound processes in place retailers will reduce fraudulent activity significantly.
For example, when a customer returns an item with a paper receipt, the receipt identifier is scanned and the original transaction details are returned to the POS register. Fake receipts simply do not work as easily if the original transaction can be retrieved and the item verified.
Without a receipt, a solution retailers can use is a velocity check to monitor how many times the customer has been a non-receipted returner. However, sometimes customers with the highest number of returns are actually among the best customers.
A more efficient way to handle this is to convert it into an electronic or digital receipt by using original receipt lookup. When receipts are available in a digital format, they can be retrieved on demand by sales associates, allowing them to correctly verify the merchandise being returned.
Digital receipts use search and identification parameters to find the original transaction from a database. When the search parameters locate the digital receipt the item is returned and securely authorized.
Online Fraud
As fraudsters continually educate themselves in ways to circumvent traditional anti-fraud systems, merchants need to be aware of what other methods they can deploy to find the right balance between security and ease-of-use for online customer transactions.
Using a combination of tactics is the most effective method because it creates a complex net that fraudsters have to negotiate. These tactics include checking for drop-shipment addresses and visibility into time zone and language settings (to determine if, for example, a Russian language setting is used to make a transaction from New York at three in the morning).
Checking for lazy keystroke entries, such as "abcd," may be a tell-tale sign of a suspicious customer profile. The same is true for sequential e-mail addresses, a practice called "e-mail tumbling."
Although automated tools are important, retailers should not eliminate manual investigations to find themes a computer would never uncover. For example, a computer would not know to create an alert if names like Peyton Manning, Tom Brady and Brett Favre show up with a common linkage despite being different in almost every other way.
Accounting Fraud
To prepare for increased risks associated with accounting fraud many retailers are establishing new protocols for conducting investigations.
"Strong anti-fraud programs and controls can reduce fiscal, investigative and reputational costs," says Donna Epps, partner and national leader of Deloitte Financial Advisory Services' Anti-fraud Consulting practice. "Clearly communicated, written guidance helps promote an integrated fraud prevention program across all levels of an organization."
To help make this happen, retailers are adding fraud awareness training, more robust fraud risk assessments and expansion of internal audit monitoring efforts. Specific tips include clearly defining anti-fraud program roles and responsibilities for LP departments, auditing bodies, company management and line-of-business employees. Another good approach is to establish a whistle-blower hotline that is easily accessible and confidential. And, of course, regular communication and training about LP is essential.
The good news for retailers is that existing technologies and processes can do an effective job of controlling fraud and reducing exposure in an era of increasing criminal activity. Using advanced technologies, retailers are not only able to fight fraud but add revenue at the return counter, online and in back-office processes.
The bad news is that budget cuts for LP activities, a common occurrence today, are likely to produce rising fraud rates. As mentioned, the right blend of technology and internal controls will help retailers fight back against this assault. However, if pro-active steps aren't taken retailers will expose their organizations to a relentless enemy that attacks weakened defenses and takes a growing chunk out of their bottom lines. Retailers get to pick which course they want to steer, and then accept the final results.