In times of crisis, force is exerted on all three sides of the fraud triangle. The confusion created by changes in behavior, along with a spike in government payments presents a window of opportunity. Pandemic-related payouts include unemployment claims, stimulus payments, business loans, and enhancements to other welfare programs. With the economy faltering, companies and individuals may face severe financial pressures. Considering the sometimes-life-or-death consequences of a pandemic, there is plenty of rationalization for illegal behavior.
And fraudsters are using increasingly sophisticated tools. We live in the age of the breach. Because individuals and businesses suffer a constant stream of attacks, huge volumes of personal identifiable information about a company’s constituents, partners, customers and employees are available for sale on the dark web, often packaged into fraud programs. For example, in March a dark web seller was already offering 10,000 stolen loan profiles targeting the huge SBA loan program included in the CARES Act.
Protecting your company in the new normal
Many organizations have deployed analytic models to help detect fraud. Long used in the payments industry to detect suspicious transactions, this same technology has been deployed to spot suspicious insurance claims, online logins, applications, and more. While supervised predictive models are very powerful, they have a fatal flaw in the current environment. They are based on the fundamental principle that past behavior is a predictor of future behavior. When there is a major event like a pandemic that disrupts normal behavior, that principle is no longer valid. The result? Models begin producing a high volume of false positive and false negative results.
Under normal business circumstances there is strong pressure to strike a balance between providing a streamlined customer experience and detecting fraud. In a crisis scenario, there is even greater pressure to reduce friction and ensure resources flow the people who need them most. That needs to be the priority. Inevitably, this results in compromised fraud defenses. Many fraud protections – especially those that introduce friction or time delays – may be sidelined during a pandemic response. But allowing fraud to occur unchecked will divert resources from the needy to the greedy. The following five steps will help stem fraud in the current pandemic environment.
Changing your fraud detection program
Step 1. Designate an anti-fraud champion in your organization. Your champion should have accountability for all pandemic-related anti-fraud programs. This person may already exist in your organization, but this is not a “business as usual” assignment. This person needs to be adaptable and inclined toward rapid execution.
Step 2. Update core systems. There are likely to be many changes in business process to rapidly respond to changing government programs, regulations, stimulus packages, economic factors and executive business decisions. Current systems may not be well suited to capturing adequate data for new procedures. Plan to adapt current systems or improvise new ones to suit the new process.
Step 3. Ideate fraud schemes. In these uncertain times, it is even more important to be proactive in identifying new threats. Establish a team to evaluate these emerging fraud schemes and gather intelligence from peers, regulators, and partners. Collaborate with cybersecurity teams to leverage existing threat intelligence sources.
Step 4. Leverage unsupervised detection techniques. While supervised modeling techniques may not provide the greatest accuracy when behaviors change dramatically, unsupervised methods can provide greater lift. Anomaly detection, network analytics, and expert rule systems can all add immediate value.
Step 5. Iterate and adapt. Fraud detection is not a “set-and-forget” process. Expect the threat landscape to evolve over time. Explore the use of robotic process automation, alert hibernation and other methods to help deal with the increased volume of alerts that fraud teams are likely to encounter.
All indications are that fraud will increase dramatically in the coming months. With these steps, organizations can be better prepared to address this new wave of fraudulent activity, protect the assets of their organization, and ensure that resources are available for legitimate uses – especially for those who need them most.