Introduction
Fraud losses continue to impact virtually every business enterprise. The costs of fraud are passed on to society in the form of increased customer inconvenience, opportunity costs, unnecessarily high prices for goods and services, and criminal activities funded by the fraudulent gains. But what if there existed a Fraud Management Lifecycle that when managed effectively, with successfully balanced components, would significantly reduce the losses and societal costs associated with fraud? This study developed a theoretical framework for the Fraud Management Lifecycle and tested it with empirical research. Despite significant advances in fraud detection technologies, fraud losses continue to pose a significant problem to many industries, including telecommunications, banking and finance, insurance, health care, Internet merchants, brokerage and securities, and many others. The statistics that follow are but a few examples of the magnitude of the problem.
Insurance:
"In the United States, about $67 billion is lost every year to fraudulent claim." (Federal Bureau of Investigation [FBI], 2003).
Telecommunications:
"The $1.5 trillion phone industry loses approximately 10% to fraud, that is $150 billion at current estimates" (Mena, 2003).
Bank Fraud:
"For the period of April 1, 1996 through September 30, 2002, the FBI received 207,051 Suspicious Activity Reports (SARs) for criminal activity related to check fraud, check kiting, counterfeit checks, and counterfeit negotiable instruments. These fraudulent activities accounted for 47 percent of the 436,655 SARs filed by U.S. financial institutions (excluding Bank Secrecy Act violations), and equaled approximately $7 billion in losses" (U.S. Department of Justice [DOJ], 2002). Though illustrative, it must be noted that the SAR data amounts reported are total exposure and not net losses. They are, however, indicative of the continuing problem due to historically low loss recovery and restitution rates.
Money Laundering:
"United States Treasury officials estimate that as much as $300 billion is laundered annually, worldwide, with from $40 billion to $80 billion of this originating from drug profits made in the United States" (Mena, 2003).
Internet:
"According to Meridien Research, without any technological investments in fraud detection and prevention, worldwide credit card fraud [the Internet component] will represent $15.5 billion in losses [annually] by 2005. However, if merchants adopt data mining technology now to help screen credit-card orders prior to processing, the widespread use of this technology is predicted to cut overall losses by two thirds to $5.7 billion in 2005" (Mena, 2003).
Credit Card:
The numbers from the Nilson report indicate that issuer credit card fraud losses run approximately 1 billion dollars annually. This list does not even include debit card fraud, brokerage fraud, fraud at casinos, health care fraud, and other miscellaneous fraud types such as bankruptcy fraud where it is estimated that
"…in 1995 alone, almost 250 fraudulent bankruptcies were filed every day" (FBI, 2003). Just these limited components aggregate to approximately 265 billion dollars annually flowing to fund other more damaging illegal activities. As Senator Everett Dirksen so aptly said, "A billion here a trillion there; the first thing you know, you’re talking about real money."
Fraud losses are frequently part of an economic externality. An economic externality is present when one business takes actions or refrains from acting and, as a result, passes on, imposes, or facilitates costs upon another business. An example from the internal fraud perspective would be when a financial institution decides not to facilitate law enforcement’s arrest and prosecution of a staff member who stole from them. As a result of their decisions, the ex-staff member may very well obtain employment at another financial institution and commit the same crime again. This situation is quite aptly described by the following "While fraud does exist in retail originations, it is typically related to a particular loan officer and is more often than not quickly discovered. The employee is usually terminated from his [or her] position and moves on to a new company until the same thing happens all over" (Prieston and Dreyer, 2001). Generally, since the costs of the decision are external to their business and are not illegal, it is accepted in the business community that there is limited reason to be concerned with the spillover or externality impacts of their fraud prevention actions or inaction upon other entities and society.
An example may prove illustrative. In a case on which the author worked, a telecommunications company with excessive credit card fraud losses was faced with several types of fraud. One was that some employees, frequently, but not exclusively call center staff, were taking customer demographic and payment information and using it to purchase goods and services from other card-not-present merchants. There was reason to suspect that some of them may have been initiating the first steps of identity theft and identity fraud to obtain payment cards and checks in the customer’s name. The telecommunications company was faced with an all too common decision regarding an economic externality. Although the company found cause to terminate the employee in question for exploiting his access to privileged customer information, it declined to invest in a system to proactively detect and prevent this type of behavior. The fraud being perpetrated by its employees and contract employees did not result in losses to the telecommunications company. The losses and other negative impacts of the fraud were borne by other participants in the payment system, by their customers, and by society as a whole. Although the decision process was difficult, it was decided to focus only on and fix the fraudulent practices that were resulting in direct losses to the telecommunications company. The author would submit that it is reasonable to argue that by not acting, the company made a decision to continue facilitating that type of fraud.
Fraud losses continue to impact virtually every business enterprise. The costs of fraud are passed on to society in the form of increased customer inconvenience, opportunity costs, unnecessarily high prices for goods and services, and criminal activities funded by the fraudulent gains. But what if there existed a Fraud Management Lifecycle that when managed effectively, with successfully balanced components, would significantly reduce the losses and societal costs associated with fraud? This study developed a theoretical framework for the Fraud Management Lifecycle and tested it with empirical research. Despite significant advances in fraud detection technologies, fraud losses continue to pose a significant problem to many industries, including telecommunications, banking and finance, insurance, health care, Internet merchants, brokerage and securities, and many others. The statistics that follow are but a few examples of the magnitude of the problem.
Insurance:
"In the United States, about $67 billion is lost every year to fraudulent claim." (Federal Bureau of Investigation [FBI], 2003).
Telecommunications:
"The $1.5 trillion phone industry loses approximately 10% to fraud, that is $150 billion at current estimates" (Mena, 2003).
Bank Fraud:
"For the period of April 1, 1996 through September 30, 2002, the FBI received 207,051 Suspicious Activity Reports (SARs) for criminal activity related to check fraud, check kiting, counterfeit checks, and counterfeit negotiable instruments. These fraudulent activities accounted for 47 percent of the 436,655 SARs filed by U.S. financial institutions (excluding Bank Secrecy Act violations), and equaled approximately $7 billion in losses" (U.S. Department of Justice [DOJ], 2002). Though illustrative, it must be noted that the SAR data amounts reported are total exposure and not net losses. They are, however, indicative of the continuing problem due to historically low loss recovery and restitution rates.
Money Laundering:
"United States Treasury officials estimate that as much as $300 billion is laundered annually, worldwide, with from $40 billion to $80 billion of this originating from drug profits made in the United States" (Mena, 2003).
Internet:
"According to Meridien Research, without any technological investments in fraud detection and prevention, worldwide credit card fraud [the Internet component] will represent $15.5 billion in losses [annually] by 2005. However, if merchants adopt data mining technology now to help screen credit-card orders prior to processing, the widespread use of this technology is predicted to cut overall losses by two thirds to $5.7 billion in 2005" (Mena, 2003).
Credit Card:
The numbers from the Nilson report indicate that issuer credit card fraud losses run approximately 1 billion dollars annually. This list does not even include debit card fraud, brokerage fraud, fraud at casinos, health care fraud, and other miscellaneous fraud types such as bankruptcy fraud where it is estimated that
"…in 1995 alone, almost 250 fraudulent bankruptcies were filed every day" (FBI, 2003). Just these limited components aggregate to approximately 265 billion dollars annually flowing to fund other more damaging illegal activities. As Senator Everett Dirksen so aptly said, "A billion here a trillion there; the first thing you know, you’re talking about real money."
Fraud losses are frequently part of an economic externality. An economic externality is present when one business takes actions or refrains from acting and, as a result, passes on, imposes, or facilitates costs upon another business. An example from the internal fraud perspective would be when a financial institution decides not to facilitate law enforcement’s arrest and prosecution of a staff member who stole from them. As a result of their decisions, the ex-staff member may very well obtain employment at another financial institution and commit the same crime again. This situation is quite aptly described by the following "While fraud does exist in retail originations, it is typically related to a particular loan officer and is more often than not quickly discovered. The employee is usually terminated from his [or her] position and moves on to a new company until the same thing happens all over" (Prieston and Dreyer, 2001). Generally, since the costs of the decision are external to their business and are not illegal, it is accepted in the business community that there is limited reason to be concerned with the spillover or externality impacts of their fraud prevention actions or inaction upon other entities and society.
An example may prove illustrative. In a case on which the author worked, a telecommunications company with excessive credit card fraud losses was faced with several types of fraud. One was that some employees, frequently, but not exclusively call center staff, were taking customer demographic and payment information and using it to purchase goods and services from other card-not-present merchants. There was reason to suspect that some of them may have been initiating the first steps of identity theft and identity fraud to obtain payment cards and checks in the customer’s name. The telecommunications company was faced with an all too common decision regarding an economic externality. Although the company found cause to terminate the employee in question for exploiting his access to privileged customer information, it declined to invest in a system to proactively detect and prevent this type of behavior. The fraud being perpetrated by its employees and contract employees did not result in losses to the telecommunications company. The losses and other negative impacts of the fraud were borne by other participants in the payment system, by their customers, and by society as a whole. Although the decision process was difficult, it was decided to focus only on and fix the fraudulent practices that were resulting in direct losses to the telecommunications company. The author would submit that it is reasonable to argue that by not acting, the company made a decision to continue facilitating that type of fraud.
The Fraud Management Lifecycle
Effective management of the Fraud Management Lifecycle starts with a common understanding or definition of the stages in the lifecycle. Without this awareness and understanding, fraud management professionals are unlikely to communicate effectively with each other, with their peers in other industries, and within their respective businesses. The Fraud Management Lifecycle can be best described as a combination of these two definitions, a network lifecycle. Unlike a traditional linear lifecycle, a network lifecycle’s stages are not necessarily linked sequentially, where activities in one stage are completed and then the functioning is passed on to the next stage in the chain. To the contrary, a network lifecycle facilitates simultaneous and sequential actions within each of the lifecycle stages or network nodes. The convenient term "stage" in a network lifecycle is more specifically a reference to the activities, operations, and functions performed. One can reasonably think of the various lifecycle stages as various disciplines within fraud management. The linking of the lifecycle stages as network nodes allows the representation of non-linear, non-sequential, even recursive activity. The interrelationships and interdependence of the stages or nodes can be explained without the restriction of the traditional sequential lifecycle stage progression. The Fraud Management Lifecycle is, therefore, a network lifecycle where each node in the network, each stage in the lifecycle, is an aggregated entity that is made up of interrelated, interdependent, and independent actions, functions, and operations. These activities can, but do not necessarily, occur in a sequential or linear flow.
The Fraud Management Lifecycle is made up of eight stages. Deterrence, the first stage, is characterized by actions and activities intended to stop or prevent fraud before it is attempted; that is, to turn aside or discourage even the attempt at fraud through, for example, card activation programs. The second stage of the Fraud Management Lifecycle, prevention, involves actions and activities to prevent fraud from occurring. In detection, the third stage, actions and activities, such as statistical monitoring programs are used to identify and locate fraud prior to, during, and subsequent to the completion of the fraudulent activity. The intent of detection is to uncover or reveal the presence of fraud or a fraud attempt. The goal of mitigation, stage four, is to stop losses from occurring or continuing to occur and/or to hinder a fraudster from continuing or completing the fraudulent activity, by blocking an account, for example. In the next stage, analysis, losses that occurred despite deterrence, detection, and prevention activities are identified and studied to determine the factors of the loss situation, using methods such as root cause analysis. The sixth stage of the Fraud Management Lifecycle, policy, is characterized by activities to create, evaluate, communicate, and assist in the deployment of policies to reduce the incidence of fraud. Balancing prudent fraud reduction policies with resource constraints and effective management of legitimate customer activity is also part of this stage. An example is the requirement that any cash transaction over $10,000 be reported. Investigation, the seventh stage, involves obtaining enough evidence and information to stop fraudulent activity, recover assets or obtain restitution, and to provide evidence and support for the successful prosecution and conviction of the fraudster(s). Covert electronic surveillance is a method used in this stage. The final stage, prosecution, is the culmination of all the successes and failures in the Fraud Management Lifecycle. There are failures because the fraud was successful and successes because the fraud was detected, a suspect was identified, apprehended, and charges filed. The prosecution stage includes asset recovery, criminal restitution, and conviction with its attendant deterrent value.
Stage One: Deterrence
Successful deterrence is the stopping of fraud before it happens. Deterrence or "to deter," is defined as, "to inhibit or discourage through fear; hence to prevent from action by fear of consequences" (Webster, 1997, 1976, & 1941). In the fraud arena we need to expand this definition to include the aspect of difficulty. Fraudsters tend to migrate toward the path of most anonymity and least resistance. Therefore, increasing the difficulty of committing the fraud effectively functions as an incremental increase in deterrence. For example, when conducting an online transaction, requiring address verification provides an incremental increase in deterrent value, because the perpetrator must know how to circumvent and defeat the verification process. Adding a component to the online transaction becomes a deterrent, as it makes the fraudster work harder. For the purposes of this study deterrence will be defined as: activities designed, through fear of consequences or difficulty of perpetration, to turn aside, discourage, or prevent fraudulent activity from being attempted. The aggregate nature of deterrence is implied; deterrence is not viewed as a monolithic whole, but rather an aggregation of activities with varying degrees of deterrent value. Deterrent value is a summation of the deterrent contributions and detractions provided by each stage in the Fraud Management Lifecycle. Thus, successful deterrence is contingent upon the performance of the other stages of the Fraud Management Lifecycle.
Stage Two: Prevention
In the fraud arena, prevention, detection, and deterrence are sometimes used synonymously. This contributes to confusion within the organization, as well as in external entities, about the focus of prevention activities. The activities in the prevention stage, though closely associated with deterrence and detection, occur after deterrence has failed and before the suspicion or detection of fraud has been accomplished.
Prevention is defined as, "to prevent, to stop or keep from doing or happening, to hinder a person from acting" (Webster, 1997, 1976, & 1941). Prevent is a general term meaning hindering, checking, or stopping. In the fraud arena the use of the term prevention emphasizes both common forms of the definition, to keep from doing and to hinder the fraudster from performing fraudulent activity. For the purposes of this study the definition of prevention is to hinder, check, or stop a fraudster from performing or perpetrating a fraudulent activity.
Prevention stage activities are intended to prevent the fraud from occurring or to secure the enterprise and its processes against fraud. The ability of prevention to stop losses from occurring versus stopping fraudulent activity from continuing is an important distinction. The latter activities are more appropriately mitigation stage activities. Prevention, when perceived from a security perspective, can be thought of as hardening the target. Prevention actions are frequently similar to security activities in the information technology area. Deploying protective procedures, processes, systems, and verifications, etc. that make fraud harder to commit prevents fraud. Prevention activities are designed to make fraud more difficult to commit. For example, the purpose of the many security features on credit and debit cards is to make card based fraud more difficult. Telecommunications subscription fraud is made more difficult by interactive verification and authentication procedures. Know your customer (KYC) processes for opening accounts in the financial industry make it more difficult for fraudsters to open fraudulent accounts. Querying historical fraud claim files in the insurance hinders fraudsters.
Stage Three: Detection
The third stage of the Fraud Management Lifecycle, detection, is characterized by actions and activities intended to identify and locate fraud prior to, during, and subsequent to the completion of the fraudulent activity. While "prior to" may sound like deterrence, it refers to the detection of testing or probing activity used by criminals to facilitate a fraud attempt. "To detect, is to uncover or reveal, to discover the existence or presence of the fact of something hidden or obscure" (Webster, 1997, 1976, & 1941). Detection encompasses three closely related activities in the fraud arena: fraud testing, fraud attempts, and fraud successes. The separation is derived from the facts that not all fraud attempts are successful and that not all perceived fraud attempts are intended to be successful. These "tests" are attempts to reverse engineer the current fraud policies and detection activities in order to locate vulnerability. Thus, detection in the fraud arena must include revealing the existence of fraud testing and fraud attempts, as well as successful frauds. The identification of testing, attempts, and successes are typically clustered in the detection, prevention, and mitigation stages, but are also relevant in each of the other stages of the Fraud Management Lifecycle. Detection includes identification of a testing component, an attempt component, and a success component. Only detection in all three of these areas provides the required support for the rest of the stages in the lifecycle. To miss any of these is to run the risk of creating a vulnerability that the fraudster will turn to his advantage.
Stage Four: Mitigation
Mitigation is begun once the presence or a reasonable suspicion of fraudulent activity has been detected. In short, mitigation stops fraud. Other common and relevant terms for the activities in this stage are interdiction and intervention. Sometimes mitigation activities are called prevention and aftercare, where the prevention is focused on stopping the ongoing fraud from continuing. Mitigation is defined as, "to cause to become less harsh or hostile" and "to make less severe or painful" (Webster, 1997, 1976, & 1941). Mitigation focuses upon fast actions that are intended to reduce the extent of the fraud, the amount of the associated fraud losses, and the effort and expense required to recover or correct the impact of the fraudulent activity. This last goal is especially important when identity theft and the resulting identity fraud are involved. The faster the fraud activity is detected and mitigation activities initiated, the less time, effort, and expense will have to be invested in correcting the consumer’s credit record. The definition of mitigation in the fraud arena is to stop a fraudster from continuing or completing the fraudulent activity, to reduce their success. Mitigation activities can range from real time to delayed. Clearly the faster mitigation activities can be undertaken, the better for all involved, except, of course, the fraudster. The environment in which the business enterprise operates defines the meaning of real time. For example, real time can range from a ten second authorization in the payment card industry to a one minute phone call in the telecommunications industry, to a ten minute instant credit application in the retail industry, to a week long mortgage application process, to a month long insurance claim process, to an extended internal employee fraud investigation. Clearly the environment defines the mitigation activities that can be taken in real time.
The fundamental premise is to begin mitigation activities as quickly as possible. The speed with which mitigation can be initiated is constrained by the timeliness and capabilities of the detection systems and processes utilized. If the fraud involves an employee and detection is accomplished through receiving calls from a customer or tips from an external agency, the opportunity to mitigate losses, expenses, and impact will be significantly constrained. If, on the other hand, detection systems can alert special investigations investigators to the strong likelihood of internal fraud before customers and outside agencies become aware of the fraud, the opportunity to mitigate losses, expenses, impact, and exposure will be significantly enhanced. Mitigation performance, then, is constrained by both the business environment and the detection tools being used. Fast mitigation actions provide the promise of speedy termination of the fraud event, reduced losses, and reduced expenses and impact. Much of the resource balancing in the Fraud Management Lifecycle revolves around the appropriate allocation of sufficient, efficient, and early mitigation efforts.
Stage Five: Analysis
Analysis is characterized by activities to identify and understand losses that occurred despite the deterrence, detection, prevention, and mitigation stage activities. Analysis must evaluate the impact of fraud management activities upon legitimate customers. The product or service cost structures must be evaluated and understood to ensure the appropriate prioritization of casework. Analysis is defined as, "the separation of anything into its constituent parts or elements, to analyze, to make an analysis of, to study in detail the factors of a situation, problem or the like, in order to determine the solution or outcome" (Webster, 1997, 1976, & 1941).
The analysis stage receives data regarding performance from each of the other stages in the Fraud Management Lifecycle and provides them with feedback regarding performance. Analysis provides the performance reporting metrics that allow fraud management to make informed, calculated, and relevant decisions. Analysis processes include the evaluation of the volume and causes of losses, the evaluation and reporting of analyst and investigator performance, the evaluation and reporting of individual and aggregate rule (detection) performance, the evaluation and reporting on predictive score performance, the individual and aggregate customer service impact for each of the various stages, the analysis of staffing productivity in each of the disciplines, the appropriate mix of resources in each discipline, the performance of new and existing strategies, the comparison of the performance of competing (champion-challenger) strategies, and supporting policy’s request for retroactive and prospective hypothetical analysis.
Stage Six: Policy
Policy activities create, evaluate, communicate, and assist in the deployment of fraud policies to reduce the incidence of fraud and the inconvenience to legitimate customers, and to allocate the resources required to successfully combat fraud. Policy is defined as, "wise management, prudence or wisdom in the management of affairs, management based primarily on material interest" (Webster, 1997, 1976, & 1941). Policy must seek to balance deterrent value, loss reduction, sales volume, operational scalability, and cost effectiveness. The ability to balance all of these demands surely requires the wisdom referenced in the definition of policy. In many ways policy development is the process of constantly reassembling the situations just disassembled in the analysis stage. The reassembly needs to take advantage of the knowledge gained by analysis and combine it with internal, external, and interactive environmental factors in order to craft policies that address the whole, while leveraging the knowledge of the parts. Policy development staff are most frequently the leaders within the fraud management organization, as they must be able to consider all the disciplines within the fraud management department, as well as the needs of the rest of the business enterprise.
Stage Seven: Investigation
Investigation activities obtain enough evidence and information to stop fraudulent activity, to obtain recovery of assets or restitution, and to provide information and support for the successful prosecution and conviction of the fraudster(s). Investigation is defined as, "to investigate; a careful search or systematic inquiry; to follow up or make research by patient inquiry, observation, and examination of facts" (Webster 1997, 1976, 1941). In the fraud arena the definition of investigation needs to be expanded to include the important coordination activities with law enforcement entities.
Fraud investigations are focused upon three primary areas of activity: internal investigations, external investigations, and law enforcement coordination. The first area, internal investigations, includes investigations of employees, contractors, consultants, or vendors. External investigations are conducted on "customers" (fraudulent claims), "fraudsters" (individual crooks), and "organized groups" (an association of criminals). Frequently fraud cases are neither exclusively internal nor external. In these situations, internal fraudsters and external fraudsters work in concert to commit fraud. One of the more common examples of this situation is when a fraudster or organized group targets an employee to assist them with the commission of the fraud.
Law enforcement coordination is the provision of information and resources to, and the maintenance of, a partnership with federal, state, regional, and local law enforcement authorities. Rigorous and routine investigations provide for both an incremental lift in deterrence and the maintenance of an effective relationship with law enforcement. A rigorous investigation includes comprehensive and detailed case documentation, complete detailed descriptions of the activity, accurate and complete interview notes, extensive contact information, and high quality physical and digital evidence documentation and storage. Each case is investigated with the idea that it will be prosecuted. Case files are prepared assuming an appeals court level of review. The investigations stage benefits greatly from the planned, systematic search for facts and other supporting information, as well as the ingenuity, initiative, thoroughness, and responsiveness of the investigator. The law enforcement relationship is not a one-way street. An important part of the relationship is providing substantive responses, professional assistance, and detailed documentation when calls and other inquiries are received. Depending on the business environment these requests for information can and are received twenty-four hours a day, 365 days a year. One of the most critical support components in the investigative function is the development of training on, and maintenance of, detailed investigative procedures.
Stage Eight: Prosecution
The communications in this stage are focused upon prosecutorial and judicial authorities as well as with law enforcement. Prosecution is defined as, "the act or process of prosecuting; to conduct legal action against, to pursue by legal proceedings for redress or punishment, especially because of some crime or breach of law" (Webster, 1997, 1976, & 1941). There are three aims of prosecution in the fraud arena. The first is to punish the fraudster in an attempt to prevent further theft. Secondly, prosecution seeks to establish, maintain, and enhance the business enterprise’s reputation of deterring fraud, so that the fraud community becomes aware of it. This is accomplished by the aggressive and successful catching and punishing of fraudsters who target the company. The third goal is to obtain recovery or restitution wherever possible. Some would argue that there is a fourth aim, that of satisfaction for punishing the fraudster. The emotional feelings of satisfaction, though positive, are fleeting and tend to obscure the realistic evaluation of prosecution activities. The importance of prosecution should be limited to deterrence, recovery, and restitution.
After a case has been forwarded to law enforcement for the apprehension of a suspect, the philosophical point of no return has been crossed. From this point on, the case should be prosecuted to its natural conclusion. The charges filed should be maintained and the case prosecuted even in the face of offers of restitution and mounting witness expenses. It is always advisable to request appropriate restitution as part of the sentencing recommendations.
An additional activity important to the prosecution stage is the consistent and visible coordination of supportive legislative and regulatory activities to stop fraudulent activity. This activity frequently falls to senior managers and legal counsel due to their experience, industry contacts, and broad perspective. These efforts often require, and should receive, the support of line managers and supervisors in assessing the impact of recommendations, the creation of alternatives, and the creation of committee recommendations and presentations.
Information Technology
Information technology plays a valuable role throughout the Fraud Management Lifecycle. There is not a stage in the Fraud Management Lifecycle that does not benefit from the effective application of information technology resources or suffer from inefficient or inflexible systems, processes, or staff. Information technology resources are frequently the key to the success or failure of the activities in the individual fraud stages and at times to the success or failure of the entire Fraud Management Department.
Interactions in the Fraud Management Lifecycle
The Fraud Management Lifecycle theory is a representation or model of the steps, stages, or phases through which fraud abatement activities flow. This lifecycle, though impacted and influenced by numerous environmental, industry, and economic factors, is present wherever fraud mitigation efforts exist. The Fraud Management Lifecycle can be pictured as a completely interconnected set of nodes in a network. Each node or stage has direct interactions with and influences upon each of the other stages in the lifecycle, as well as with the internal and external environment. Internal environmental factors are those arising from within the business enterprise, e.g., fraud management philosophy, information technology resources, product margins, and risk tolerance. External environmental factors are those derived from outside the organization, including regulatory requirements, fraud trends, fraud methods, competitors, and business partners. The combination of internal and external factors influences the fraud management organization. For example, the constantly evolving interaction of fraud abatement and fraud perpetration activities drives a migrating equilibrium. The equilibrium is achieved as the costs of reducing fraud begin to approximate the value of the fraud targeted. It migrates as new fraud methods are conceived and implemented, and the process begins again.
The analysis and evaluation of the circular, recursive, non-sequential relationships among all of the stages in the Fraud Management Lifecycle is important in order to establish an understanding of how the components of the lifecycle influence each other. The trend of evolution in fraud management is toward increased complexity and increased speed of change in an expanding environment. The challenge for the fraud management professional is to manage the evolution effectively. Fundamental changes in structure are necessary to maintain a fraud management function that can adapt quickly and successfully balance fraud control, customer impact, resource requirements, and information technology budgets. The interactions of the stages in the Fraud Management Lifecycle illustrate the flexibility and adaptability of the network design.
Prevention Interactions
While the focus of the prevention stage is preventing fraudsters from succeeding, it is also an objective of all the stages. Each of the stages participates in and influences prevention’s attempts to stop fraud once deterrence has failed to keep it from being attempted. From developing and evaluating prevention actions in policy and analysis to training on red flags and methods reviews in investigations and prosecution, prevention is integrated with each of the other stages.
A common example of the interaction between prevention and analysis deals with the identification and creation of fraud profiles. Analysis is responsible for the creation of these profiles and frequently prevention is the stage where the actions on the profiles are deployed. Fraud profiles are a judgmental assessment of the potential fraudster, methods, target, and impacts of various types of fraud that are relevant to the organization. Once created, fraud profiles provide specific direction to prevention, policy, and other stages in the fraud management lifecycle. Samociuk and Iyer provide excellent guidance when they say "participating employees [creating fraud profiles] should ’think like a thief’ in order to identify fraud opportunities" (Samociuk, et. al. 2003). Their focus and that of fraud profiling in general is to understand the risk of fraud.
Detection Interactions
Detection includes the identification of fraud, fraud attempts, and testing of fraud methods. This broad definition goes beyond just the detection of fraud where losses occur. When asked the question, "Does the definition of detection make sense? Is it relevant in your environment?" the mortgage industry respondent answered, "Yes, well done to include attempts and testing in your definition." Confirmation of the need to include detection of testing and failed fraud attempts crossed each of the industries evaluated.
Detection occurs throughout the Fraud Management Lifecycle. One of the keys to success in fraud management is to use detection as early as possible. However, it is important to be aware of and focus on the detection of fraud wherever it occurs in the Fraud Management Lifecycle. While early detection is desirable, it should not be the sole aim of detection activities. In fact, depending upon the environment, multiple detection layers can increase efficiency, reduce customer impact, and reduce staffing expenses.
Mitigation Interactions
When a fraud is perpetrated in spite of deterrence and prevention, the actions taken at the mitigation stage allow the first opportunity for fraud management individuals to see the circumstances surrounding the fraudulent activity. The frauds identified and detailed in the mitigation stage -- successful, attempted, and testing -- provide valuable feedback on the limitations of the current detection activities. The types of mitigation activities deployed drive the categories of analysis that are possible. Much of this stage’s impact upon policy revolves around the required reaction to fraud that was not detected and stopped completely or soon enough. The activities at this stage provide information about specific fraudsters and evolving fraud trends for the investigations stage. Mitigation stage activities are crucial to the effective prosecution of employees involved in internal fraud. Aggressive, efficient, and proactive mitigation activities can result in increased general deterrence. The level of I.T. support can greatly impact the speed and breadth of the actual loss avoidance activities.
Analysis Interactions
The estimation and evaluation of the value provided by new, enhanced, or altered prevention activities is an important analysis activity. Analysis stage activities drive the creation, evolution, and performance measurements of detection methods, processes, and tools. Analysis provides feedback to mitigation regarding the performance of activities to successfully act upon detection alerts to reduce fraud losses. It provides the information on current performance across the fraud unit and provides information about the existence of policy opportunities. Analysis provides investigation with an analytical understanding of the environment as well as an evaluation of their investigative success and activity. Fraud and performance analysis are important elements of prosecution stage activities. Analysis is able to estimate deterrent impact. Information technology provides analysis with the necessary access to the data surrounding legitimate and fraudulent activity.
Investigations Interactions
Investigation activities are represented by the gathering of enough evidence and information to stop fraudulent activity, mitigate the impact of fraud losses, provide support for prosecutions, and reinforce deterrence. As a result of these and other relationships, there are numerous interactions between investigations and other lifecycle stages. Investigative activities, such as link analysis used both to investigate and aggregate cases, uncover the existence of frauds, attempts, and testing that were unknown to the detection, mitigation, and analysis activities. Feedback on these cases provides valuable input to the analysis, prevention, and policy stage evaluations and actions. Investigations can support mitigation by providing an awareness of tactics, patterns of behavior, and methods of operation. These result in an increased awareness and accuracy of mitigation actions. Investigation provides micro case by case analysis of the fraud, which is complemented by the macro level analysis of overall case statistics. Finally, investigation interacts directly with prosecution. Investigative actions provide, or fail to provide, the basis of foundation a prosecution needs to proceed.
Prosecution Interactions
Prosecution, like deterrence, is the culmination of actions throughout the various lifecycle stages. Prosecution attempts to obtain asset recovery, criminal and/or civil restitution, and provide specific and general deterrence as a result of prosecuting the case. Prosecution, then, is dependent upon and controlled by the various successes and failures of the other stages in the fraud management lifecycle. Successes are represented by evidence gathering in investigations, evidence retention in mitigation, and case identification in detection. Similar relationships exist between policy implementations and performance analysis. Failures are represented by failures of deterrence and prevention, as well as potential failures in the speed of detection and mitigation actions. Prosecution relies heavily upon successful, thorough, and accurate investigations to provide a properly prepared and presented prosecutable case. Policy interactions with investigations can be represented by the ability to deploy consistent, non-discriminatory policies in an internal fraud investigation, as well as the ability of policy staff to communicate fraud policies clearly and accurately to the courts.
Deterrence Interactions
Deterrence is enhanced by actions throughout the Fraud Management Lifecycle, from the consequences created by investigation and prosecution activities to the front-end prevention and detection difficulties and road blocks, to the ability to perform fraud. Each stage in the lifecycle can and should contribute to effective deterrence. This is represented by policies to prosecute all staff members who engage in fraud, fast analysis of new fraud trends, the fast adoption of new preventative policies, and continual security enhancements to make fraud increasingly harder to commit. Deterrence, then, is inherent in the actions taken in each of the other lifecycle stages.
The deterrent value (difficulty component) of a fraud management operation is enhanced by the timely and accurate deployment of automated verification, confirmation, and validation activities that occur at the front end of the transaction process. The deterrent value of deploying industry standard checks and verifications is represented in two ways. First, if the enterprise is the only, or one of a few, not to deploy the tool, fraudsters will move to them because of the ease of success. Secondly, there is an inherent increase in difficulty when the tool is deployed. When you are the only company, or one of a few companies to deploy, you divert the fraudulent activity to your competitors.
The lifecycle stage interactions are well illustrated through the use of graphs with a polar perspective. The following series of diagrams illustrate how the interactions between stages can create weak points in fraud protection. They also show quite visibly how imbalances cascade to create broad vulnerabilities. Samociuk and Iyer utilize this method to illustrate companies with low and high resistance to fraud. Although their six categories are "objectives, understand the risk [Analysis], reduce the risk [Prevention], detect attempts [Detection], manage incidents [Mitigation], and review and enhance," they are similar to stages in the Fraud Management Lifecycle. Their treatment can be expanded to include the stages of the fraud management lifecycle, the level of fraud resistance, and the impact of the relationships between the lifecycle stages.
Conclusion
The successful identification of the presence of the Fraud Management Lifecycle by this study reinforces the belief that effective fraud management balances the activities in each stage of the Fraud Management Lifecycle. The preliminary confirmation, from the retail banking industry, that a balanced approach was more successful than a single focus, reinforces the hypothesis that the activities throughout the lifecycle should be balanced. However, this balance does not indicate an equal allocation of resources among all the lifecycle stages. Successful application of the theory into practice will require a sequence of intervention activities. The activities proposed are:
• identification of the current stages receiving focus;
• identification of environmental risks and constraints;
• identification of existing and missing interactions between the various stages;
• identification of the correct resource balance among the stages;
• identification of technical improvements and enhancements to facilitate fraud reduction;
• introduction of a new fraud management philosophy focused on the continual improvement of
technical tools and the successful balancing of the activities in and among all the stages in the
fraud management lifecycle.
The size, scope, duration, and success of such an intervention will vary significantly from business to business and industry to industry. However, a focus on selecting the correct balance for the lifecycle stages remains the core element to immediate and continuing success in fraud risk management.
The tentative confirmation of the Fraud Management Lifecycle led to the next level of evaluation which was to evaluate different industries for the presence of the lifecycle and review implementations of the lifecycle concept. The importance of the Fraud Management Lifecycle lies in its applicability in many different industries and environmental situations. Therefore, it was necessary to expand the scope and depth of participating companies. The ability to apply the lifecycle structure will provide not only superior fraud loss reductions, but it will provide a template that can be utilized by fraud management professionals across a broad range of industries. As the theory is refined and its application expanded, many companies and industries now operating with significant fraud losses can begin to reduce those losses in an economically efficient manner. The benefits to individual companies are realized in a number of areas: lower costs for providing the product or service, yielding either lower prices for consumers or higher margins for companies or both, greater investment opportunity in new or enhanced products or services, lower fraud prevention expenses and reductions in the opportunity costs of fraud reduction activities, and a reduced impact on legitimate customers through improved customer relations and simpler customer acquisition. The successful management of the fraud management lifecycle also provides a more cohesive and coherent approach to fraud management that can be explained to and understood by the rest of the functional disciplines in the business. Each area of a business, from accounting to customer service and from sales to marketing, will be better able to understand the needs of and value provided by fraud management. Their awareness and understanding is important to continued fraud reduction, because fraud prevention is never, nor should it be, the core business focus. Businesses exist to provide goods and services, while fraud management plays a supporting role to the larger business objectives. Successful implementation of the Fraud Management Lifecycle increases the likelihood of proactive fraud risk management and, therefore, the success of the enterprise.
Although the second study identified the presence of the lifecycle in two additional industries, mortgage and telecommunications, further research is needed for a more detailed confirmation of the presence and impact of the lifecycle within the industries studied. The details and importance of the various intra-cycle interactions need to be observed, analyzed, and evaluated in depth. In addition, other industries, such as health care, casinos, and securities need to be evaluated for the presence and impact of the Fraud Management Lifecycle. When these and other industries are evaluated for the presence of the Fraud Management Lifecycle, the intra-cycle interactions and their environmental impacts and constraints can be evaluated.
The adaptability of the lifecycle to diverse business and regulatory environments is worthy of continued analysis and evaluation. Further research of published material on each of the lifecycle stage activities, as well as fraud and fraud reduction activities, will provide an expanding base for application of the Fraud Management Lifecycle theory. In addition, continued research will likely identify additional opportunities for testing and validating the theory. The opportunity to implement the theory in practice and observe its applicability and performance through additional case studies would be a logical step in continued research of the Fraud Management Lifecycle. The opportunity to continue implementing the theory in practice will help to establish its relevance and validity in various industries.
Effective management of the Fraud Management Lifecycle starts with a common understanding or definition of the stages in the lifecycle. Without this awareness and understanding, fraud management professionals are unlikely to communicate effectively with each other, with their peers in other industries, and within their respective businesses. The Fraud Management Lifecycle can be best described as a combination of these two definitions, a network lifecycle. Unlike a traditional linear lifecycle, a network lifecycle’s stages are not necessarily linked sequentially, where activities in one stage are completed and then the functioning is passed on to the next stage in the chain. To the contrary, a network lifecycle facilitates simultaneous and sequential actions within each of the lifecycle stages or network nodes. The convenient term "stage" in a network lifecycle is more specifically a reference to the activities, operations, and functions performed. One can reasonably think of the various lifecycle stages as various disciplines within fraud management. The linking of the lifecycle stages as network nodes allows the representation of non-linear, non-sequential, even recursive activity. The interrelationships and interdependence of the stages or nodes can be explained without the restriction of the traditional sequential lifecycle stage progression. The Fraud Management Lifecycle is, therefore, a network lifecycle where each node in the network, each stage in the lifecycle, is an aggregated entity that is made up of interrelated, interdependent, and independent actions, functions, and operations. These activities can, but do not necessarily, occur in a sequential or linear flow.
The Fraud Management Lifecycle is made up of eight stages. Deterrence, the first stage, is characterized by actions and activities intended to stop or prevent fraud before it is attempted; that is, to turn aside or discourage even the attempt at fraud through, for example, card activation programs. The second stage of the Fraud Management Lifecycle, prevention, involves actions and activities to prevent fraud from occurring. In detection, the third stage, actions and activities, such as statistical monitoring programs are used to identify and locate fraud prior to, during, and subsequent to the completion of the fraudulent activity. The intent of detection is to uncover or reveal the presence of fraud or a fraud attempt. The goal of mitigation, stage four, is to stop losses from occurring or continuing to occur and/or to hinder a fraudster from continuing or completing the fraudulent activity, by blocking an account, for example. In the next stage, analysis, losses that occurred despite deterrence, detection, and prevention activities are identified and studied to determine the factors of the loss situation, using methods such as root cause analysis. The sixth stage of the Fraud Management Lifecycle, policy, is characterized by activities to create, evaluate, communicate, and assist in the deployment of policies to reduce the incidence of fraud. Balancing prudent fraud reduction policies with resource constraints and effective management of legitimate customer activity is also part of this stage. An example is the requirement that any cash transaction over $10,000 be reported. Investigation, the seventh stage, involves obtaining enough evidence and information to stop fraudulent activity, recover assets or obtain restitution, and to provide evidence and support for the successful prosecution and conviction of the fraudster(s). Covert electronic surveillance is a method used in this stage. The final stage, prosecution, is the culmination of all the successes and failures in the Fraud Management Lifecycle. There are failures because the fraud was successful and successes because the fraud was detected, a suspect was identified, apprehended, and charges filed. The prosecution stage includes asset recovery, criminal restitution, and conviction with its attendant deterrent value.
Stage One: Deterrence
Successful deterrence is the stopping of fraud before it happens. Deterrence or "to deter," is defined as, "to inhibit or discourage through fear; hence to prevent from action by fear of consequences" (Webster, 1997, 1976, & 1941). In the fraud arena we need to expand this definition to include the aspect of difficulty. Fraudsters tend to migrate toward the path of most anonymity and least resistance. Therefore, increasing the difficulty of committing the fraud effectively functions as an incremental increase in deterrence. For example, when conducting an online transaction, requiring address verification provides an incremental increase in deterrent value, because the perpetrator must know how to circumvent and defeat the verification process. Adding a component to the online transaction becomes a deterrent, as it makes the fraudster work harder. For the purposes of this study deterrence will be defined as: activities designed, through fear of consequences or difficulty of perpetration, to turn aside, discourage, or prevent fraudulent activity from being attempted. The aggregate nature of deterrence is implied; deterrence is not viewed as a monolithic whole, but rather an aggregation of activities with varying degrees of deterrent value. Deterrent value is a summation of the deterrent contributions and detractions provided by each stage in the Fraud Management Lifecycle. Thus, successful deterrence is contingent upon the performance of the other stages of the Fraud Management Lifecycle.
Stage Two: Prevention
In the fraud arena, prevention, detection, and deterrence are sometimes used synonymously. This contributes to confusion within the organization, as well as in external entities, about the focus of prevention activities. The activities in the prevention stage, though closely associated with deterrence and detection, occur after deterrence has failed and before the suspicion or detection of fraud has been accomplished.
Prevention is defined as, "to prevent, to stop or keep from doing or happening, to hinder a person from acting" (Webster, 1997, 1976, & 1941). Prevent is a general term meaning hindering, checking, or stopping. In the fraud arena the use of the term prevention emphasizes both common forms of the definition, to keep from doing and to hinder the fraudster from performing fraudulent activity. For the purposes of this study the definition of prevention is to hinder, check, or stop a fraudster from performing or perpetrating a fraudulent activity.
Prevention stage activities are intended to prevent the fraud from occurring or to secure the enterprise and its processes against fraud. The ability of prevention to stop losses from occurring versus stopping fraudulent activity from continuing is an important distinction. The latter activities are more appropriately mitigation stage activities. Prevention, when perceived from a security perspective, can be thought of as hardening the target. Prevention actions are frequently similar to security activities in the information technology area. Deploying protective procedures, processes, systems, and verifications, etc. that make fraud harder to commit prevents fraud. Prevention activities are designed to make fraud more difficult to commit. For example, the purpose of the many security features on credit and debit cards is to make card based fraud more difficult. Telecommunications subscription fraud is made more difficult by interactive verification and authentication procedures. Know your customer (KYC) processes for opening accounts in the financial industry make it more difficult for fraudsters to open fraudulent accounts. Querying historical fraud claim files in the insurance hinders fraudsters.
Stage Three: Detection
The third stage of the Fraud Management Lifecycle, detection, is characterized by actions and activities intended to identify and locate fraud prior to, during, and subsequent to the completion of the fraudulent activity. While "prior to" may sound like deterrence, it refers to the detection of testing or probing activity used by criminals to facilitate a fraud attempt. "To detect, is to uncover or reveal, to discover the existence or presence of the fact of something hidden or obscure" (Webster, 1997, 1976, & 1941). Detection encompasses three closely related activities in the fraud arena: fraud testing, fraud attempts, and fraud successes. The separation is derived from the facts that not all fraud attempts are successful and that not all perceived fraud attempts are intended to be successful. These "tests" are attempts to reverse engineer the current fraud policies and detection activities in order to locate vulnerability. Thus, detection in the fraud arena must include revealing the existence of fraud testing and fraud attempts, as well as successful frauds. The identification of testing, attempts, and successes are typically clustered in the detection, prevention, and mitigation stages, but are also relevant in each of the other stages of the Fraud Management Lifecycle. Detection includes identification of a testing component, an attempt component, and a success component. Only detection in all three of these areas provides the required support for the rest of the stages in the lifecycle. To miss any of these is to run the risk of creating a vulnerability that the fraudster will turn to his advantage.
Stage Four: Mitigation
Mitigation is begun once the presence or a reasonable suspicion of fraudulent activity has been detected. In short, mitigation stops fraud. Other common and relevant terms for the activities in this stage are interdiction and intervention. Sometimes mitigation activities are called prevention and aftercare, where the prevention is focused on stopping the ongoing fraud from continuing. Mitigation is defined as, "to cause to become less harsh or hostile" and "to make less severe or painful" (Webster, 1997, 1976, & 1941). Mitigation focuses upon fast actions that are intended to reduce the extent of the fraud, the amount of the associated fraud losses, and the effort and expense required to recover or correct the impact of the fraudulent activity. This last goal is especially important when identity theft and the resulting identity fraud are involved. The faster the fraud activity is detected and mitigation activities initiated, the less time, effort, and expense will have to be invested in correcting the consumer’s credit record. The definition of mitigation in the fraud arena is to stop a fraudster from continuing or completing the fraudulent activity, to reduce their success. Mitigation activities can range from real time to delayed. Clearly the faster mitigation activities can be undertaken, the better for all involved, except, of course, the fraudster. The environment in which the business enterprise operates defines the meaning of real time. For example, real time can range from a ten second authorization in the payment card industry to a one minute phone call in the telecommunications industry, to a ten minute instant credit application in the retail industry, to a week long mortgage application process, to a month long insurance claim process, to an extended internal employee fraud investigation. Clearly the environment defines the mitigation activities that can be taken in real time.
The fundamental premise is to begin mitigation activities as quickly as possible. The speed with which mitigation can be initiated is constrained by the timeliness and capabilities of the detection systems and processes utilized. If the fraud involves an employee and detection is accomplished through receiving calls from a customer or tips from an external agency, the opportunity to mitigate losses, expenses, and impact will be significantly constrained. If, on the other hand, detection systems can alert special investigations investigators to the strong likelihood of internal fraud before customers and outside agencies become aware of the fraud, the opportunity to mitigate losses, expenses, impact, and exposure will be significantly enhanced. Mitigation performance, then, is constrained by both the business environment and the detection tools being used. Fast mitigation actions provide the promise of speedy termination of the fraud event, reduced losses, and reduced expenses and impact. Much of the resource balancing in the Fraud Management Lifecycle revolves around the appropriate allocation of sufficient, efficient, and early mitigation efforts.
Stage Five: Analysis
Analysis is characterized by activities to identify and understand losses that occurred despite the deterrence, detection, prevention, and mitigation stage activities. Analysis must evaluate the impact of fraud management activities upon legitimate customers. The product or service cost structures must be evaluated and understood to ensure the appropriate prioritization of casework. Analysis is defined as, "the separation of anything into its constituent parts or elements, to analyze, to make an analysis of, to study in detail the factors of a situation, problem or the like, in order to determine the solution or outcome" (Webster, 1997, 1976, & 1941).
The analysis stage receives data regarding performance from each of the other stages in the Fraud Management Lifecycle and provides them with feedback regarding performance. Analysis provides the performance reporting metrics that allow fraud management to make informed, calculated, and relevant decisions. Analysis processes include the evaluation of the volume and causes of losses, the evaluation and reporting of analyst and investigator performance, the evaluation and reporting of individual and aggregate rule (detection) performance, the evaluation and reporting on predictive score performance, the individual and aggregate customer service impact for each of the various stages, the analysis of staffing productivity in each of the disciplines, the appropriate mix of resources in each discipline, the performance of new and existing strategies, the comparison of the performance of competing (champion-challenger) strategies, and supporting policy’s request for retroactive and prospective hypothetical analysis.
Stage Six: Policy
Policy activities create, evaluate, communicate, and assist in the deployment of fraud policies to reduce the incidence of fraud and the inconvenience to legitimate customers, and to allocate the resources required to successfully combat fraud. Policy is defined as, "wise management, prudence or wisdom in the management of affairs, management based primarily on material interest" (Webster, 1997, 1976, & 1941). Policy must seek to balance deterrent value, loss reduction, sales volume, operational scalability, and cost effectiveness. The ability to balance all of these demands surely requires the wisdom referenced in the definition of policy. In many ways policy development is the process of constantly reassembling the situations just disassembled in the analysis stage. The reassembly needs to take advantage of the knowledge gained by analysis and combine it with internal, external, and interactive environmental factors in order to craft policies that address the whole, while leveraging the knowledge of the parts. Policy development staff are most frequently the leaders within the fraud management organization, as they must be able to consider all the disciplines within the fraud management department, as well as the needs of the rest of the business enterprise.
Stage Seven: Investigation
Investigation activities obtain enough evidence and information to stop fraudulent activity, to obtain recovery of assets or restitution, and to provide information and support for the successful prosecution and conviction of the fraudster(s). Investigation is defined as, "to investigate; a careful search or systematic inquiry; to follow up or make research by patient inquiry, observation, and examination of facts" (Webster 1997, 1976, 1941). In the fraud arena the definition of investigation needs to be expanded to include the important coordination activities with law enforcement entities.
Fraud investigations are focused upon three primary areas of activity: internal investigations, external investigations, and law enforcement coordination. The first area, internal investigations, includes investigations of employees, contractors, consultants, or vendors. External investigations are conducted on "customers" (fraudulent claims), "fraudsters" (individual crooks), and "organized groups" (an association of criminals). Frequently fraud cases are neither exclusively internal nor external. In these situations, internal fraudsters and external fraudsters work in concert to commit fraud. One of the more common examples of this situation is when a fraudster or organized group targets an employee to assist them with the commission of the fraud.
Law enforcement coordination is the provision of information and resources to, and the maintenance of, a partnership with federal, state, regional, and local law enforcement authorities. Rigorous and routine investigations provide for both an incremental lift in deterrence and the maintenance of an effective relationship with law enforcement. A rigorous investigation includes comprehensive and detailed case documentation, complete detailed descriptions of the activity, accurate and complete interview notes, extensive contact information, and high quality physical and digital evidence documentation and storage. Each case is investigated with the idea that it will be prosecuted. Case files are prepared assuming an appeals court level of review. The investigations stage benefits greatly from the planned, systematic search for facts and other supporting information, as well as the ingenuity, initiative, thoroughness, and responsiveness of the investigator. The law enforcement relationship is not a one-way street. An important part of the relationship is providing substantive responses, professional assistance, and detailed documentation when calls and other inquiries are received. Depending on the business environment these requests for information can and are received twenty-four hours a day, 365 days a year. One of the most critical support components in the investigative function is the development of training on, and maintenance of, detailed investigative procedures.
Stage Eight: Prosecution
The communications in this stage are focused upon prosecutorial and judicial authorities as well as with law enforcement. Prosecution is defined as, "the act or process of prosecuting; to conduct legal action against, to pursue by legal proceedings for redress or punishment, especially because of some crime or breach of law" (Webster, 1997, 1976, & 1941). There are three aims of prosecution in the fraud arena. The first is to punish the fraudster in an attempt to prevent further theft. Secondly, prosecution seeks to establish, maintain, and enhance the business enterprise’s reputation of deterring fraud, so that the fraud community becomes aware of it. This is accomplished by the aggressive and successful catching and punishing of fraudsters who target the company. The third goal is to obtain recovery or restitution wherever possible. Some would argue that there is a fourth aim, that of satisfaction for punishing the fraudster. The emotional feelings of satisfaction, though positive, are fleeting and tend to obscure the realistic evaluation of prosecution activities. The importance of prosecution should be limited to deterrence, recovery, and restitution.
After a case has been forwarded to law enforcement for the apprehension of a suspect, the philosophical point of no return has been crossed. From this point on, the case should be prosecuted to its natural conclusion. The charges filed should be maintained and the case prosecuted even in the face of offers of restitution and mounting witness expenses. It is always advisable to request appropriate restitution as part of the sentencing recommendations.
An additional activity important to the prosecution stage is the consistent and visible coordination of supportive legislative and regulatory activities to stop fraudulent activity. This activity frequently falls to senior managers and legal counsel due to their experience, industry contacts, and broad perspective. These efforts often require, and should receive, the support of line managers and supervisors in assessing the impact of recommendations, the creation of alternatives, and the creation of committee recommendations and presentations.
Information Technology
Information technology plays a valuable role throughout the Fraud Management Lifecycle. There is not a stage in the Fraud Management Lifecycle that does not benefit from the effective application of information technology resources or suffer from inefficient or inflexible systems, processes, or staff. Information technology resources are frequently the key to the success or failure of the activities in the individual fraud stages and at times to the success or failure of the entire Fraud Management Department.
Interactions in the Fraud Management Lifecycle
The Fraud Management Lifecycle theory is a representation or model of the steps, stages, or phases through which fraud abatement activities flow. This lifecycle, though impacted and influenced by numerous environmental, industry, and economic factors, is present wherever fraud mitigation efforts exist. The Fraud Management Lifecycle can be pictured as a completely interconnected set of nodes in a network. Each node or stage has direct interactions with and influences upon each of the other stages in the lifecycle, as well as with the internal and external environment. Internal environmental factors are those arising from within the business enterprise, e.g., fraud management philosophy, information technology resources, product margins, and risk tolerance. External environmental factors are those derived from outside the organization, including regulatory requirements, fraud trends, fraud methods, competitors, and business partners. The combination of internal and external factors influences the fraud management organization. For example, the constantly evolving interaction of fraud abatement and fraud perpetration activities drives a migrating equilibrium. The equilibrium is achieved as the costs of reducing fraud begin to approximate the value of the fraud targeted. It migrates as new fraud methods are conceived and implemented, and the process begins again.
The analysis and evaluation of the circular, recursive, non-sequential relationships among all of the stages in the Fraud Management Lifecycle is important in order to establish an understanding of how the components of the lifecycle influence each other. The trend of evolution in fraud management is toward increased complexity and increased speed of change in an expanding environment. The challenge for the fraud management professional is to manage the evolution effectively. Fundamental changes in structure are necessary to maintain a fraud management function that can adapt quickly and successfully balance fraud control, customer impact, resource requirements, and information technology budgets. The interactions of the stages in the Fraud Management Lifecycle illustrate the flexibility and adaptability of the network design.
Prevention Interactions
While the focus of the prevention stage is preventing fraudsters from succeeding, it is also an objective of all the stages. Each of the stages participates in and influences prevention’s attempts to stop fraud once deterrence has failed to keep it from being attempted. From developing and evaluating prevention actions in policy and analysis to training on red flags and methods reviews in investigations and prosecution, prevention is integrated with each of the other stages.
A common example of the interaction between prevention and analysis deals with the identification and creation of fraud profiles. Analysis is responsible for the creation of these profiles and frequently prevention is the stage where the actions on the profiles are deployed. Fraud profiles are a judgmental assessment of the potential fraudster, methods, target, and impacts of various types of fraud that are relevant to the organization. Once created, fraud profiles provide specific direction to prevention, policy, and other stages in the fraud management lifecycle. Samociuk and Iyer provide excellent guidance when they say "participating employees [creating fraud profiles] should ’think like a thief’ in order to identify fraud opportunities" (Samociuk, et. al. 2003). Their focus and that of fraud profiling in general is to understand the risk of fraud.
Detection Interactions
Detection includes the identification of fraud, fraud attempts, and testing of fraud methods. This broad definition goes beyond just the detection of fraud where losses occur. When asked the question, "Does the definition of detection make sense? Is it relevant in your environment?" the mortgage industry respondent answered, "Yes, well done to include attempts and testing in your definition." Confirmation of the need to include detection of testing and failed fraud attempts crossed each of the industries evaluated.
Detection occurs throughout the Fraud Management Lifecycle. One of the keys to success in fraud management is to use detection as early as possible. However, it is important to be aware of and focus on the detection of fraud wherever it occurs in the Fraud Management Lifecycle. While early detection is desirable, it should not be the sole aim of detection activities. In fact, depending upon the environment, multiple detection layers can increase efficiency, reduce customer impact, and reduce staffing expenses.
Mitigation Interactions
When a fraud is perpetrated in spite of deterrence and prevention, the actions taken at the mitigation stage allow the first opportunity for fraud management individuals to see the circumstances surrounding the fraudulent activity. The frauds identified and detailed in the mitigation stage -- successful, attempted, and testing -- provide valuable feedback on the limitations of the current detection activities. The types of mitigation activities deployed drive the categories of analysis that are possible. Much of this stage’s impact upon policy revolves around the required reaction to fraud that was not detected and stopped completely or soon enough. The activities at this stage provide information about specific fraudsters and evolving fraud trends for the investigations stage. Mitigation stage activities are crucial to the effective prosecution of employees involved in internal fraud. Aggressive, efficient, and proactive mitigation activities can result in increased general deterrence. The level of I.T. support can greatly impact the speed and breadth of the actual loss avoidance activities.
Analysis Interactions
The estimation and evaluation of the value provided by new, enhanced, or altered prevention activities is an important analysis activity. Analysis stage activities drive the creation, evolution, and performance measurements of detection methods, processes, and tools. Analysis provides feedback to mitigation regarding the performance of activities to successfully act upon detection alerts to reduce fraud losses. It provides the information on current performance across the fraud unit and provides information about the existence of policy opportunities. Analysis provides investigation with an analytical understanding of the environment as well as an evaluation of their investigative success and activity. Fraud and performance analysis are important elements of prosecution stage activities. Analysis is able to estimate deterrent impact. Information technology provides analysis with the necessary access to the data surrounding legitimate and fraudulent activity.
Investigations Interactions
Investigation activities are represented by the gathering of enough evidence and information to stop fraudulent activity, mitigate the impact of fraud losses, provide support for prosecutions, and reinforce deterrence. As a result of these and other relationships, there are numerous interactions between investigations and other lifecycle stages. Investigative activities, such as link analysis used both to investigate and aggregate cases, uncover the existence of frauds, attempts, and testing that were unknown to the detection, mitigation, and analysis activities. Feedback on these cases provides valuable input to the analysis, prevention, and policy stage evaluations and actions. Investigations can support mitigation by providing an awareness of tactics, patterns of behavior, and methods of operation. These result in an increased awareness and accuracy of mitigation actions. Investigation provides micro case by case analysis of the fraud, which is complemented by the macro level analysis of overall case statistics. Finally, investigation interacts directly with prosecution. Investigative actions provide, or fail to provide, the basis of foundation a prosecution needs to proceed.
Prosecution Interactions
Prosecution, like deterrence, is the culmination of actions throughout the various lifecycle stages. Prosecution attempts to obtain asset recovery, criminal and/or civil restitution, and provide specific and general deterrence as a result of prosecuting the case. Prosecution, then, is dependent upon and controlled by the various successes and failures of the other stages in the fraud management lifecycle. Successes are represented by evidence gathering in investigations, evidence retention in mitigation, and case identification in detection. Similar relationships exist between policy implementations and performance analysis. Failures are represented by failures of deterrence and prevention, as well as potential failures in the speed of detection and mitigation actions. Prosecution relies heavily upon successful, thorough, and accurate investigations to provide a properly prepared and presented prosecutable case. Policy interactions with investigations can be represented by the ability to deploy consistent, non-discriminatory policies in an internal fraud investigation, as well as the ability of policy staff to communicate fraud policies clearly and accurately to the courts.
Deterrence Interactions
Deterrence is enhanced by actions throughout the Fraud Management Lifecycle, from the consequences created by investigation and prosecution activities to the front-end prevention and detection difficulties and road blocks, to the ability to perform fraud. Each stage in the lifecycle can and should contribute to effective deterrence. This is represented by policies to prosecute all staff members who engage in fraud, fast analysis of new fraud trends, the fast adoption of new preventative policies, and continual security enhancements to make fraud increasingly harder to commit. Deterrence, then, is inherent in the actions taken in each of the other lifecycle stages.
The deterrent value (difficulty component) of a fraud management operation is enhanced by the timely and accurate deployment of automated verification, confirmation, and validation activities that occur at the front end of the transaction process. The deterrent value of deploying industry standard checks and verifications is represented in two ways. First, if the enterprise is the only, or one of a few, not to deploy the tool, fraudsters will move to them because of the ease of success. Secondly, there is an inherent increase in difficulty when the tool is deployed. When you are the only company, or one of a few companies to deploy, you divert the fraudulent activity to your competitors.
The lifecycle stage interactions are well illustrated through the use of graphs with a polar perspective. The following series of diagrams illustrate how the interactions between stages can create weak points in fraud protection. They also show quite visibly how imbalances cascade to create broad vulnerabilities. Samociuk and Iyer utilize this method to illustrate companies with low and high resistance to fraud. Although their six categories are "objectives, understand the risk [Analysis], reduce the risk [Prevention], detect attempts [Detection], manage incidents [Mitigation], and review and enhance," they are similar to stages in the Fraud Management Lifecycle. Their treatment can be expanded to include the stages of the fraud management lifecycle, the level of fraud resistance, and the impact of the relationships between the lifecycle stages.
Conclusion
The successful identification of the presence of the Fraud Management Lifecycle by this study reinforces the belief that effective fraud management balances the activities in each stage of the Fraud Management Lifecycle. The preliminary confirmation, from the retail banking industry, that a balanced approach was more successful than a single focus, reinforces the hypothesis that the activities throughout the lifecycle should be balanced. However, this balance does not indicate an equal allocation of resources among all the lifecycle stages. Successful application of the theory into practice will require a sequence of intervention activities. The activities proposed are:
• identification of the current stages receiving focus;
• identification of environmental risks and constraints;
• identification of existing and missing interactions between the various stages;
• identification of the correct resource balance among the stages;
• identification of technical improvements and enhancements to facilitate fraud reduction;
• introduction of a new fraud management philosophy focused on the continual improvement of
technical tools and the successful balancing of the activities in and among all the stages in the
fraud management lifecycle.
The size, scope, duration, and success of such an intervention will vary significantly from business to business and industry to industry. However, a focus on selecting the correct balance for the lifecycle stages remains the core element to immediate and continuing success in fraud risk management.
The tentative confirmation of the Fraud Management Lifecycle led to the next level of evaluation which was to evaluate different industries for the presence of the lifecycle and review implementations of the lifecycle concept. The importance of the Fraud Management Lifecycle lies in its applicability in many different industries and environmental situations. Therefore, it was necessary to expand the scope and depth of participating companies. The ability to apply the lifecycle structure will provide not only superior fraud loss reductions, but it will provide a template that can be utilized by fraud management professionals across a broad range of industries. As the theory is refined and its application expanded, many companies and industries now operating with significant fraud losses can begin to reduce those losses in an economically efficient manner. The benefits to individual companies are realized in a number of areas: lower costs for providing the product or service, yielding either lower prices for consumers or higher margins for companies or both, greater investment opportunity in new or enhanced products or services, lower fraud prevention expenses and reductions in the opportunity costs of fraud reduction activities, and a reduced impact on legitimate customers through improved customer relations and simpler customer acquisition. The successful management of the fraud management lifecycle also provides a more cohesive and coherent approach to fraud management that can be explained to and understood by the rest of the functional disciplines in the business. Each area of a business, from accounting to customer service and from sales to marketing, will be better able to understand the needs of and value provided by fraud management. Their awareness and understanding is important to continued fraud reduction, because fraud prevention is never, nor should it be, the core business focus. Businesses exist to provide goods and services, while fraud management plays a supporting role to the larger business objectives. Successful implementation of the Fraud Management Lifecycle increases the likelihood of proactive fraud risk management and, therefore, the success of the enterprise.
Although the second study identified the presence of the lifecycle in two additional industries, mortgage and telecommunications, further research is needed for a more detailed confirmation of the presence and impact of the lifecycle within the industries studied. The details and importance of the various intra-cycle interactions need to be observed, analyzed, and evaluated in depth. In addition, other industries, such as health care, casinos, and securities need to be evaluated for the presence and impact of the Fraud Management Lifecycle. When these and other industries are evaluated for the presence of the Fraud Management Lifecycle, the intra-cycle interactions and their environmental impacts and constraints can be evaluated.
The adaptability of the lifecycle to diverse business and regulatory environments is worthy of continued analysis and evaluation. Further research of published material on each of the lifecycle stage activities, as well as fraud and fraud reduction activities, will provide an expanding base for application of the Fraud Management Lifecycle theory. In addition, continued research will likely identify additional opportunities for testing and validating the theory. The opportunity to implement the theory in practice and observe its applicability and performance through additional case studies would be a logical step in continued research of the Fraud Management Lifecycle. The opportunity to continue implementing the theory in practice will help to establish its relevance and validity in various industries.
Very nice blog.
ReplyDeleteUnique and very nice articles.
Please visit:
http://global-digibiz.blogspot.com
Keep blogging.
Happy holidays.