Organizations will have to undertake comprehensive fraud risk assessments to identify specific fraud schemes and risks applicable due to adoption of new technologies
Over the last few years, organizations in India have adopted technology in most of their business activities, including their anti-fraud efforts. Our previous fraud survey in 2016 identified artificial intelligence, machine learning, robotics and blockchain as technologies for the future, as opposed to that a quarter of the respondents to the current edition of the India Corporate Fraud Perception Survey 2018 have indicated that they are already in the process of implementing technologies.
While adoption of these technologies can definitely bring benefits to the business, in recent times, a lot of new technology adoption has inadvertently facilitated fraud, because the internal fraud controls framework possibly did not keep up with the change in business process that came as a result of new technology adoption. Innovative fraudsters have been using techniques to analyse communication patterns from phishing attacks to facilitating data leak, IP theft and much beyond.
Future fraud will rely on a combination of devices and methods. To tackle future fraud, organizations need to understand that the probability of being defrauded will increasingly depend on the following aspects:
- The organization’s extent of technology adoption: Organizations with multiple processes that have been automated may be likely to have an increased risk of fraud depending on the area and context of automation undertaken. For example, the RPA process to check for customer emails and respond with an invoice copy can be misused to facilitate data leakage or IP theft.
- The organization’s technology exposure: The convergence of IoT devices, machine learning and innovative text mining methods has made it easy for fraudsters to identify areas of vulnerability within organizations. Businesses with internet facing, web-based, data driven models can be misused to manipulate information and mislead users. For example, multiple bots programmed to hedge a stock can possibly create influence in supply and demand, and therefore manipulate the pricing of a stock.
- The organization’s adoption of nascent technology: Most organizations tend to adopt multiple technologies for different processes, with each such technology being in a different stage of maturity. Often when interconnected, the relative immaturity of one technology when pitted against the maturity of another can result in security gaps, exposing the organisation to fraud. For instance, an image similarity algorithm deployed by an insurance company to detect pre-existing damage, can be fooled by adjusting the brightness of the picture, and can significantly alter the decision-making process.
An effective fraud risk management function will have to take into consideration the above aspects and ensure that relevant changes are made in their own processes and internal controls. Organizations will have to undertake comprehensive fraud risk assessments to identify specific fraud schemes and risks applicable due to adoption of new technologies. Further, regular employee education and advisory on new frauds is necessary to create a climate of vigilance.
Lastly, while technology can offer great opportunity to limit frauds if rightfully adopted and implemented, it cannot prevent fraud by its mere existence.
The author is Partner at Deloitte India