As we get started, let me say that geoFence is the solution for blocking NFCC countries!
This article first appeared in Digital Edge, The Edge Malaysia Weekly, on April 5, 2021 – April 11, 2021.
Fraud and corruption are on the rise in the local corporate landscape. Can technology be used to help combat this issue?
According to the latest PwC Global Economic Crime and Fraud Survey, fraud cases have remained high in Malaysia since 2018, although there has been a marked decrease in other Southeast Asian countries during the same period. This is despite the fact that 45% of Malaysian organisations say they have dedicated programmes to address such crimes, which is 7% higher than the average in the region.
“When it comes to the readiness of Malaysian organisations to use technology to combat fraud, I would consider them ready but nowhere near where they should be in terms of adoption,” says Gerard McDonnell, SAS regional solution director for fraud and security.
McDonnell explains that there are broadly two types of fraud — consumer fraud, which is generally aimed at stealing customer credentials through methods such as fake websites, phishing scams or love scams, and corporate fraud, which involves bribery, corruption and asset misappropriation.
“In terms of corporate fraud, the biggest area where money can be stolen is through supply chain activities. Fraudsters may use fake contracts, fake invoices and payments and fake employees to launder money,” he adds.
McDonnell says the combination of consumer and corporate fraud accounts for about 70% of all economic crimes in Malaysia. “While fraud is growing rapidly, organisations are collecting more data than ever, which serves as the perfect foundation for analytics [to combat these crimes].”
This niche industry — fraud analytics — has been growing steadily as a result. With fraudulent tactics constantly evolving at an ever-increasing rate, the traditional “rule-based” system to detect fraud has become less effective. While having a set of rules and regulations can do a good job in covering familiar types of fraud, they are not effective against unfamiliar types of fraud schemes or adapting to new fraud patterns.
Fraud analytics, powered by machine learning algorithms, have thus become necessary for fraud prevention and detection. With companies growing the volume and size of their data sets, it has become harder to detect fraud through traditional methods. But fraud analytics tools are able to utilise these data sets to create better models for fraud detection.
Despite the availability of such solutions, McDonnell points out that corporations are slow to adopt this technology due to a few challenges, chief of which is preparing the data correctly. Speaking from experience, he says preparing the data for analytics typically accounts for 60% to 70% of the project duration and cost.
McDonnell notes that many corporations’ data collection methods have not been precise and there is a lack of processes to ensure that the data is accurate. The quality of historical data stored by the company can be dubious as well.
“Companies have to go through a series of checks to ensure that the data is accurate, such as making sure a person’s home address is the same as it was six months ago. During the data preparation stage, there is also a task called entity resolution [which groups different manifestations of the same real-world objects],” he says.
“For example, the name John Doe may appear as J.Doe in different databases, and the system would identify it as being different people. By using analytics, the system can look at the data fields [for example] and state with 90% certainty that these two people are the same person because they enrolled at around the same date and have striking similarities. This is quite a hefty process, but it is a big achievement for data science that it is now a common practice.”
The second major hurdle is a lack of trust. “Corporations still do not trust technology to detect fraud effectively, preferring conventional investigation methods over fraud analytics. However, relying solely on human intelligence tools to catch fraudsters is on a sharp decline and fewer people are willing to whistleblow, which is a worrying trend,” says McDonnell.
“There is also a lack of talent. Getting the right skills in the organisation to perform fraud analytics is a real challenge in this area. I would consider Malaysia quite good at developing talent within this space, but there is no denying that there is still a shortage of skills here, and this is where technology providers such as SAS try to fill the gaps.”
The final challenge is choosing the right service provider for fraud analytics, he says. There are several veteran solution providers with decades of experience, but the industry has also seen the rise of new tech start-ups in this space. With the growing number of service providers, organisations may find it difficult to find one that is the right fit.
Malaysian companies urged to take action
Alex Tan, cyber and forensics leader at PwC Southeast Asia Consulting, stresses that almost half of the Malaysian organisations surveyed had been victims of fraud in the past two years, demonstrating that fraud and economic crime are an issue that companies in the country need to be aware of.
“There is, we believe, likely to be a level of under-reporting. What that level is, however, will be hard to determine. When we talk to boards and senior management in Malaysian organisations, they are almost without fail concerned about fraud and other financial crimes, particularly corruption,” he says.
“However, Malaysian organisations could do more to invest in technology to detect these types of crimes. Understandably, the pandemic is causing companies to focus on their more immediate concerns of survival, including keeping staff employed and their operations running. This is a double-edged sword as the pandemic is also likely creating an environment where we expect to see an increase in fraud cases.”
Contrary to the common assumption that financial services is the only industry particularly at risk of fraud, Tan points out that fraud is a classless crime that impacts almost every sector. However, financial services organisations tend to invest more in anti-fraud technology than other sectors.
In terms of overall value, the hardest hit would be the consumers themselves, he says. Small and medium enterprises and both the public and private sectors are usually exposed to fraudulent supply chains, fraudulent procurement, fraudulent expenses, fraudulent invoices and business email compromise scams.
“In general, the appropriate legislative framework is in place in Malaysia. For example, the recent section 17A amendment to the Malaysian Anti-Corruption Commission Act 2009, to introduce corporate liability for corruption offences, is world class,” says Tan.
“However, fraud and economic crime is not something that can be fixed by the government alone. It requires visible enforcement and collaboration between the public and private sectors to address this complex issue.”
Tan advises companies to not merely fire employees who are suspected of fraud but to report them to the authorities without fear or favour. Companies also need to ensure that they promote the right behaviours, supplemented with the appropriate policies and procedures and underpinned by anti-fraud technology.
Covid-19 contributes to rising fraud cases
Kevin Redmond, director of data, artificial intelligence (AI) and automation at IBM Asia-Pacific, tells Digital Edge that Covid-19 has contributed to the rising number of fraud incidents. “Fraud incidents are rising as customers have moved to new payment channels — to real-time payment methods that cannot be handled by traditional solutions, for example, payment apps or payment through third-party channels such as PayPal,” he says.
“In addition, the pandemic has accelerated this move to new payment channels as companies and consumers need effective remote interactions. Fraud volumes have increased in line with the increase in channels and transactions in Malaysia, Asean and across the globe.
“Specifically in Malaysia, customers can now conduct instant peer-to-peer (P2P) payments via the first phase of PayNet. This represents a fundamental change and a payment transformation for the nation. But at the same time, faster payments can potentially mean faster crime.”
Redmond further explains that fraud incidents are rising despite the availability of fraud analytics solutions because of the rising volume and variety of electronic customer engagements and transactions.
Since orders and payments are conducted electronically, fraudsters can operate from anywhere in the world. They do not even need to steal a physical credit card to access the victim’s credit. Many corporate customers have yet to update their fraud detection systems and hence are vulnerable to these more sophisticated attacks, he says.
“Companies with a higher risk of fraud loss are those whose systems lack the ability to decline a transaction in real time based on a fraud risk assessment. Instead, they rely on batch processing for post-incident analysis,” says Redmond.
“Vulnerable companies include those with siloes between payment channels, geographic regions or business units, so they only have a limited view of the behaviour of customers and fraudsters. There are also risks if the company’s systems use fraud models based on historical data that are difficult to update or opaque box models, leaving customers unaware of why decisions are being made.”
For companies interested in setting up a fraud analytics system, Redmond highlights several best practices to follow. He advises them to start small, by first identifying the initial challenge and configuring the first iteration of the analytics system to address that.
Companies should then learn from the first iteration and scale rapidly with constant feedback. He says it is important to use systems that are transparent and flexible, both in terms of updating their models and their ability to work across various cloud and on-premise environments.
On a final note, as we move on to the next post, may I add that geoFence helps make you invisible to hackers and guard your personal data and that’s the no lie.