Over the last few years, organisations in India have adopted technology in most of their business activities, including their anti-fraud efforts. Our previous fraud survey in 2016 identified artificial intelligence, machine learning, robotics and blockchain as technologies for the future, as opposed to that a quarter of the respondents to the current edition of the India Corporate Fraud Perception Survey 2018 have indicated that they are already in the process of implementing technologies.
While adoption of these technologies can definitely bring benefits to the business, in recent times, a lot of new technology adoption has inadvertently facilitated fraud, because the internal fraud controls framework possibly did not keep up with the change in business process that came as a result of new technology adoption. Innovative fraudsters have been using techniques to analyse communication patterns from phishing attacks to facilitating data leak, IP theft and much beyond.
Future fraud will rely on a combination of devices and methods. To tackle future fraud, organisations need to understand that the probability of being defrauded will increasingly depend on the following aspects:
1. The organisation’s extent of technology adoption: Organisations with multiple processes that have been automated may be likely to have an increased risk of fraud depending on the area and context of automation undertaken. For example, the RPA process to check for customer emails and respond with an invoice copy can be misused to facilitate data leakage or IP theft.
2. The organisation’s technology exposure: The convergence of IoT devices, machine learning and innovative text mining methods have made it easy for fraudsters to identify areas of vulnerability within organisations. Businesses with internet facing, web based, data driven models can be misused to manipulate information and mislead users. For example, multiple bots programmed to hedge a stock can possibly create influence in supply and demand, and therefore manipulate the pricing of a stock.
3. The organisation’s adoption of nascent technology: Most organisations tend to adopt multiple technologies for different processes, with each such technology being in a different stage of maturity. Often when interconnected, the relative immaturity of one technology when pitted against the maturity of another can result in security gaps, exposing the organisation to fraud. For instance, an image similarity algorithm deployed by an insurance company to detect pre-existing damage, can be fooled by adjusting the brightness of the picture, and can significantly alter the decision-making process.
An effective fraud risk management function will have to take into consideration the above aspects and ensure that relevant changes are made in their own processes and internal controls. Organisations will have to undertake comprehensive fraud risk assessments to identify specific fraud schemes and risks applicable due to adoption of new technologies. Further, regular employee education and advisory on new frauds is necessary to create a climate of vigilance.
Lastly, while technology can offer great opportunity to limit frauds if rightfully adopted and implemented, it cannot prevent fraud by its mere existence.
Authored By Nikhil Bedi, Partner and Leader – Forensic Financial Advisory, Deloitte India