Subscribe by email
Enterprise fraud and misuse is on the rise. A recent study by the Ponemon Institute found that of the organizations surveyed, on average respondents experienced more than one incident of employee-related fraud per week – about 53 in a year’s time. Twenty-four percent of respondents indicated that their organizations experienced more than 100 incidents in the past 12 months. I’ve been in this industry for a long time and even my jaded soul was shocked by the findings. But I guess I really shouldn’t have been surprised.
The reality is that our increasingly connected world provides boundless opportunities for employees to accidentally stumble into private realms of information—or to trespass with malicious intent.
Here are some typical problems we see out in the wild:
- An employee uses someone else’s credentials to access information he doesn’t have rights to.
- An employee changes the address in a customer record, and then reinstates the correct address after a check has been sent.
- A curious—or star-struck—employee casually accesses personal information about a neighbor or a celebrity.
- Organizations, caught be a breach or privacy mishap, find themselves scrambling to piece together incomplete data in a frustrating attempt to create a complete audit trail.
Financial loss, failed audits, regulatory fines, and brand damage—these are just a few of the devastating risks of being in the dark when it comes to fraud and misuse. We see it every day.
We also see that businesses are stuck trying to clearly distinguish between the legitimate work of their employees and suspicious activity because the evidence trail is often missing. Organizations seeking to be proactive about managing the risk of fraud within their enterprise should take pains to discover, capture, monitor and alert on the following activities:
- After-hours access of information
- Employee change records in customer accounts—like changing an address and then changing it back
- Out of band transaction requests
- Multiple failed password attempts
- Account snooping—especially VIP accounts or dormant accounts
Watching out for fraud and misuse is a nuanced business. The activity is often hidden or obscured—and all too often the trail has gone
cold by the time you figure out the fraud occurred. When evaluating possible solutions to your enterprise fraud challenge, focus on the next generation of fraud technologies. They’ll get you farther faster and with the flexibility you need to really hone in on what’s right for your business.
