Most fraud occurs because of a gap in a process or system that can be exposed and gained advantage of.
To resolve the fraud you need to implement a process of your own that is repeatable and understandable by the organisation. At threepercent we like to break things down in to simple bite-size chunks. So we like to start with the high-level process below.
Let’s deal with Step 1, finding the cause:
- Is this fraud incident isolated to being a financial issue, a security issue, a reputation and brand issue or a mixture?
- How did you come to know about the fraudulent activity? Which part of the organisation made you aware of this problem? Note: There is a difference between Customer Support advising you about an issue versus your Finance Team telling you about a problem.
- How many incidents like this have occurred – is it believed to be a one-off or is it a continual issue?
- What do you believe the cost to date to be? Have you calculated other costs, such as chargeback costs, administration fees, taxes payable (even though products/services have been stolen from you).
- What could you learn about the behaviour about the participants in the fraud?
- What could you learn about the behaviour of the organisation in relation to the fraud? Was the incident a matter of the organisation not paying enough diligence to procedures or was this an outright attack?
- What level of attacker do you perceive to be involved? Was this a syndicated attack or simply a matter of chance by an uninformed individual. (See our Attacker Matrix in Resources for further information).
- Do you think you were the actual intended target or the targets on your organisation were a by-product of something different? (See our credit card fraud use case in Resources for further information).
- Who else in the organisation needs to be made aware of the incident?
The questions above help you establish an understanding of the problem.
At threepercent we lead you not only through the demographical analysis of the problem but also the psychographic analytics of the problem and the attackers. Our approach identifies the problem and outcomes as well as the human behaviours behind them.
Your problems are important to us, and solving them requires intelligence.