Identity theft and abuse of information in fraud and corruption

Similar documents
An overview of the fraud threat to business, including the particular threat posed by electronic funds transfer fraud

Protecting Yourself from Fraud including Identity Theft Advanced Level

November 2017 ICPAK FORENSIC AUDIT SEMINAR

Describe Fraud in the Context of Financial

SAFEGUARDING YOUR CHILD S FUTURE. Child Identity Theft. Protecting Your Child s Identity

ROCHESTER INSTITUTE OF TECHNOLOGY

11/9/15. Fraud in Non-profit Organizations: What You Need to Know NOW!

Financial Transactions and Fraud Schemes

IDENTITY THEFT PROTECT YOUR MONEY

IDENTITY THEFT. Robb Cummings Director, Business Development Spring 2018 KASFAA Conference April 5, 2018

Just the facts about proving your identity.

Identity thieves use a variety of ways to gain access to your personal information:

Fraud Risk Assessment CARRIE KENNEDY, PARTNER DUSTIN BIRASHK, PARTNER

Good From The Inside Out. Saturday, April 8, 2017

Its Not About If, Its About When! Learning how to protect your organization.

Pockit Prepaid MasterCard General Spend Terms and Conditions of Use

What to expect as a LifeLock member LEARN HOW TO GET THE MOST FROM YOUR MEMBERSHIP

AGA Risk and Fraud Webinar

Identity Theft: Prevention & Recovery. Kathi Gosnell Investigator Consumer Protection Division Iowa Attorney General s Office

2017 annual fraud update:

Stop Fraud in Your Office. Presented by: Margaret A. (Peggy) McGarrity, Esq., CPA

UNIT 3-4 Preventing Identity Theft

Reduce Your Risk: Understanding Internal Controls and Fraud Risks and Prevention

Identity Protection 101: Protect your good name from identity theft.

Fraud Detection in Public Schools

Privacy Notice. 1. Who we are and our approach to your privacy

emoneysafe debit Mastercard Terms and Conditions of Use

SECTION 2. Preventing Financial Exploitation

Recognizing Credit Card Fraud

A Model for Calculating User-Identity Trustworthiness in Online Transactions

FRAUD EXAMINERS MANUAL (INTERNATIONAL EDITION)

LifeLock Product Features LIFELOCK BENEFIT ELITE FACT SHEET LIFELOCK ULTIMATE PLUS FACT SHEET LIFELOCK JUNIOR FACT SHEET

Templeton Municipal Light and Water Plant

A Definitions: Europ Assistance USA, Inc East-West Highway, Suite 1000, Bethesda, Maryland 20814

Fraud & Financial Services

Identity Theft: Protecting, Monitoring and Resolving

Medical Identity Theft Prevention Policy

Identity Protection Services

Making cards work for you. A public education campaign brought to you by MasterCard

Protecting against and recovering from fraud and identity theft WHAT TO DO

TRAVELLING SHOULDN T COST YOU THE EARTH USER GUIDE

OAPT June 9, Deterring Fraud and the Latest Fraud Schemes in Public Entities TAKE AWAY #1

Identity Theft Information for Tax Professionals. August 2017

ID Theft Security. Michael G. Solomon. CISSP PMP CISM

A Losing Bet: Binary Options

The Smartest Employee Benefit Is Identity Theft Management

Three D s of safeguarding your personal data

MASTHAVEN BANK FIXED RATE BOND TERMS AND CONDITIONS

Identity Theft: Help Your Students Avoid This Epidemic

Identity Theft. Emergency Repair Kit Beavercreek Marketing, a division of Beavercreek Inc. All rights reserved.

FPP Virtual Session July 2018 Helping You and Your Clients Avoid Identity Theft Juan Omar Matos, Guidewell Financial Solutions

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Deluxe Provent SM : Protecting against expanded threats. Providing for expanded opportunities.

A Losing Bet: Binary Options

Catch Me If You Can. Fraud in Local Government. CITY & COUNTY OF SAN FRANCISCO Office of the Controller Audits Division

Selected Terms & Conditions for Wells Fargo Consumer Debit and ATM Cards

Here is some more information on the Equifax Breach and how you may protect yourself in the aftermath...

Identity Theft. Help Your Students Avoid This Epidemic Sun Ow

Identity Theft.

c» BALANCE C:» Financially Empowering You Identity Theft Podcast [Music plays] Nikki:

Privacy Policy. HDI Global SE - UK

UNIVERSITY OF DENVER POLICY MANUAL IDENTITY THEFT PREVENTION

Lecture Notes for How to Steal $500 Million

CONTENTS INTRODUCTION ABBREVIATIONS/ACRONYMS

Protect Your Identity. Tips and Tools for Safeguarding Your Personal Information from Being Used Fraudulently

Terms and Conditions for Current, Demand Deposit and Masterplan Accounts

PRACTICAL MONEY GUIDES. Identity Theft. How to safeguard your identity and financial information from theft.

Online Personal Demand Deposit Account Terms and Conditions

Anti-Fraud Policy Date: Version: Review Date:

protecting yourself Money Management SESSION #6

ANTI-FRAUD STRATEGY INTERREG IPA CBC PROGRAMMES BULGARIA SERBIA BULGARIA THE FORMER YUGOSLAV REPUBLIC OF MACEDONIA BULGARIA TURKEY

HOW TO SPOT AND MITIGATE FRAUDULENT ACTIVITIES

Crime Coverage Section Application (Large Public Company > $1B revenues)

Identity Theft Prevention Program

! The rental agreement is governed by the law of the country where you pick-up the BOOKING CONDITIONS. 1. Making a booking

Cyber Insecurity - Making Sense of Payment Fraud

APPENDIX 2 CORPORATE ANTI-FRAUD AND CORRUPTION STRATEGY

MANAGING FINANCIAL CRIME RISK : A PRIMER FOR CHARITIES AND NOT-FOR-PROFITS

Weber State University. Cash Handling Training

Have you dealt with fraud in the past?

MONROE COUNTY SHERIFF S OFFICE. General Order

Financial Accounting, 1e Chapter 6: Ethics, Internal Control, and IFRS Test Item File

ACC3FOA CHAPTER 1 THE NATURE OF FRAUD

Corruption prevention, fraud and technology

POLICY: FRAUD PREVENTION. October 2017

Group Personal Pension Plan

Identity Theft & Identity Fraud. By Kevin Sullivan. Page 1 Anti-Money Laundering Training, Kevin Sullivan

Financial Crime - Early Warning Signs the role of Internal Audit in recognizing red flags

Services & Features for Employee Benefit Members

Fraud and corruption prevention and control policy of the International Federation of Red Cross and Red Crescent Societies

Increase Effectiveness in Combating VAT Carousels

Selected Terms & Conditions for Wells Fargo Business Debit, ATM and Deposit Cards

January to June 2016 fraud update: Payment cards, remote banking and cheque

MMAAA Annual Meeting. Conducting an Investigative Audit June 13, Presented by: John J. Sullivan, CFE Melanson Heath

MEDICAL IDENTITY THEFT Presented by:

netwise INTERNET BANKING APPLICATION FORM - CORPORATE

How to combat card fraud. A guide to detecting and preventing card fraud

Heerema Marine Contractors

General Terms and Conditions

Asset Misappropriation. Peter N. Munachewa, CICA, CFIP, CFE

Transcription:

Identity theft and abuse of information in fraud and corruption Steven Powell FISA Conference September 2018

overview What is identity theft Elements of fraud The consequences The reality EFT fraud How to minimise the risk Action plan Conclusion Questions

What is identity theft? The unlawful use of someone else s personal information For example ID / Passport / Driver s licence death certificate marriage certificate letters of executorship salary advice municipal bill bank statements Login details - username / password Organised Crime

Data sources exploited in identity theft? Hacking of g-mail accounts CIPC DEEDS Natis Credit checks Case study example

What syndicates do with this info Fraudulent ID factories create authentic looking docs to Open new retail or credit card accounts Submit false claims/redemptions re investments insurance medical aid Impersonate you and attend to your bank and transact on your accounts open companies in your name on CIPC Change bank accounts receive tax refunds/redemptions payments

Change of bank account fraud This is a form of corporate identity theft Invoices intercepted in the mail Details are cloned NEW BANK ACCOUNT DETAILS are inserted Everything else looks identical and legitimate

How to minimise the risk There are people who gather personal information about you in order to access your funds. Therefore make sure that it is difficult for strangers to access your personal information What must I do? Shred all documents Always remain attentive at ATM s Make sure all your accounts have strong passwords that are not easy to decipher Never respond to an e-mail or sms that asks you to insert or update your personal and banking information by clicking on a website link

How to minimise the risk cont d Be very selective with the type of information that you share on social media sites Case study Only carry identification documentation such as your passport or identity book when it s absolutely necessary and keep these documents safely locked away when not in use.

Are you sharing too much? The use of social media Names of children, places of employment, places you frequent (your Facebook check-ins, birthdate all can be accessed via social media and can be used to perpetrate identify theft. Don t post pics of your holiday in the Seychelles CFO case study Make sure your privacy settings are updated!!

Are you a victim? Read your statements - do you see charges for things you did not buy? Watch your bank account statement - do you see withdrawals you did not make? Are there changes you do not expect? Check your mail - did you stop getting a bill? Or did you start getting a new bill you do not know about? Get your credit report - are there accounts or other information you do not recognize?

I ve been robbed! What do I do? Take three steps immediately: 1.Place a fraud alert on your accounts 2.Change your passwords 3.Open a criminal case with SAPS

The reality you will be held responsible effects your reputation effects your credit score Increases the likelihood of EFT Fraud

the profile of the typical fraudster White collar crime statistics reveal that more than 80% of fraud involves internal employees, most of whom have more than 5 years of service Many companies who fall victim to fraud rely on trust rather than controls The fraudster could be your most capable, most reliable & most trusted employee Generally the profile of the typical fraudster is: Older than 30, stable family situation, above average education, first offender and has been with the company for more than 5 years The fraudster is often the last person that anyone would suspect and the red flags (symptoms) that become known are often ignored due to high levels of trust

the fraud triangle - Psychology behind it fraud takes place when the 3 factors described below converge the fraud recipe fraud takes place when employees under pressure identify the opportunity to commit fraud - coupled to a perceived low risk of detection fraud rationalization The employee will justify committing acts of dishonesty by rationalizing his or her behaviour Rationalization takes the form of finding justification for the behaviour by relabeling to remove moral stigma

fraud pressures Often, formally honest employees commit fraud as a result of pressure which presents itself in a variety of ways: living beyond means insecurity regarding tenure of position, retrenchments trigger events divorce extra marital affairs medical emergency peer pressure gambling alcohol or drug problems

opportunity When employees experience the pressure, they often start looking for gaps or weaknesses in the control environment Opportunity to commit fraud presents itself in a variety of forms: Weak control environment Shared passwords Limited segregation of duties Limited independent review Poor management oversight Remote location High trust

examples of rationalizations Rationalization takes place when employees try to justify or re-label their illicit activity in order to make it seem less morally reprehensible Examples of rationalisations that have been verbalized: it was just a loan I am going to pay it back it was a spotters fee it was just a commission the company makes huge profits but does not pay us enough the company has retrenched a lot of staff I should have been promoted long ago

EFT fraud risk EFT fraud is essentially the diversion of funds from the organisation s bank accounts to third parties, to whom those funds are not due, usually involving manipulation of the vendor payment system This is an important risk area for FISA members to be aware of

electronic funds transfer fraud two methods creation of alternative vendor profile which is then selected to perform illicit transactions substitution of employee account and deletion in the 1st scenario the risk of being caught is higher as the employee info remains on the vendor profile and should be detected through proper checks

whose problem is EFT fraud it is invariably an account holder problem, and usually not a bank problem it is usually facilitated by password abuse within the finance team spyware and collusion with bank officials must be excluded

case study 1 eft payment clerk shaken not stirred 007 steals R740k from a large retailer position - eft payment clerk earnings R10k divorce weak controls fraud rationalization

case study 1 EFT payment clerk A junior employee in a finance team, whose role involved processing batches of vendor payments electronically, got divorced He was already battling to manage financially and now needed to pay for a messy divorce, alternative accommodation & maintenance Realised that he can authorise and release transactions with his supervisors password Made small talk with his supervisor as he was logging in, - noted his password, and voila. he could create, capture and release payments He tested thresholds with small payments to himself then waited Suspect became very bold and loaded a duplicate vendor with his personal bank account on the vendor master database Nobody noticed, and the volume and scale of his fraud escalated, within a year he had stolen just under a million

Case study 1: the black hole lost payment software programmers showed our suspect how to manually override the system to ensure that payments reach the intended destination every time our suspect made a legitimate payment he knew he could steal by changing a text file on his c drive I could not resist the temptation, the controls were so weak they deserved it testing thresholds

case study 2 chief accountant R2 million in one year modus operandi amendment of vendor banking account detail on vendor master file substituted account not own account (DRC) once illicit transaction concluded amended vendor profile deleted and vendor banking info restored to original when routine audits are performed all appears as it should where did the money go? the local casino received R1,95 million out of the R2 million stolen

case study 3 - FD at packaging company R4.2 mil misappropriated R1,7 in one morning substitution and deletion vehicles, houses, timeshare (house search), gambling, overseas travel, holidays, private schooling, heart operation, property for family, vehicles for close friends safety deposit boxes? 3 million rand recovery via full co-operation which translated into mitigation for an effective 5 year jail term

Case study 4 R4,2 million in Western Cape over 8 years Case suspect study placed 4 & personal 5 stop orders (DSTV, Telkom cars and insurance on organisation account) suspect paid for her house R1.3 million with EFT to lawyers suspect overpaid suppliers and diverted reimbursement to her account

what should the company have picked up? eft clerk the payments to a particular supplier whose profile was exploited was far over budget routine audits testing payroll against the vendor master files would have identified the illicit profile chief accountant password control was abused cfo signed off batches of eft s if he just counted the transactions he would have noticed that there were more payments in the batch than the paperwork reflected supplier payments were duplicate- a proper recon of each supplier against approved budget would have identified the overspend There were multiple changes to vendor banking details which is abnormal

key controls to prevent EFT abuse vet vendors properly (address, history, bank account, expertise & infrastructure) enforce tight control over changes to suppliers bank accounts add management authorisation audit changes to supplier banking info over the past year interrogate the changes verify with suppliers and banking institution

conclusion ID theft, fraud and corruption are significant risks prevention is better than cure review your anti-fraud controls annually perform control review regarding eft payments (See ENSafrica checklist) do not rely only on controls - only as effective as the people enforcing the controls recognize the symptoms do not work in a vacuum - use the tools, technology & experts 2009 S Powell

questions

Steven Powell spowell@ensafrica.com +27 21 410 2553 or +27 82 820 1036

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback