23 August 2014

26968

Mark Elkins - TrenZ

8 | posts 15,260 | views 2 | comments
A post relating to this item from Finextra:

HSBC clerk gets nine years for attempted £72m fraud

09 July 2008  |  13316 views  |  0
A former HSBC clerk who tried to steal £72 million from the bank in a massive electronic fraud has been sentenced to nine years in jail.

The Enemy Within!

10 July 2008  |  1634 views  |  1
All too often with fraud there is a dishonest employee involved somewhere along the line. Although every check on an employees background may show them to be a paragon of virtue, there is no guarantee that they will remain a faithful servant to the bank forever. Indeed “sleepers” may be planted within a bank by criminal organisations who gain the trust of the management over a period of time (even up to as much as 5 years), becoming a trusted employee who is just awaiting the opportunity, on the word of their conspirators on the outside, to perpetrate a huge fraud. I read somewhere recently that employee fraud in the UK is estimated to have increased by 200% since 2003. That being the case, what can be done to identify an “at risk” employee once they have passed the screening processes employed by the recruiting bank? Certainly the last thing honest employees want is to not feel trusted  by their employer; therefore any surveillance system need to be covert. An employee fraud identification system also needs to be able to draw upon data from a wide spectrum of sources including access data, internet data, email usage and content, current account activity, transactions performance and telephone systems – to name but a few. Normal patterns of behaviour need to be established initially. We are creatures of habit, parking in the same space in the company car park, arriving and leaving at similar times each day etc... Having established “the norm”, changes in behavioural patterns can be detected and these anomalies can be further investigated since they may indicate fraudulent activity. The rigorous approach that the banks take in recruitment is the first line of defence. Employee circumstances can change through time however; they may develop a gambling addiction for example and need money to pay off their debts, or may fall prey to a criminal gang intent on fraud and act in collaboration with them, or they may just want to live out a Walter Mitty lifestyle. A second, and third line of defence is necessary. The second line is the putting in place of rigorously monitored policies and procedures, setting thresholds and counter signatory processes to mitigate the risk. The third is achievable by the deployment of employee fraud prevention and detection systems capable of analysing data from a wide variety of sources based upon behavioural patterns. There is of course the fourth line - and that is the deterrent of long-term imprisonment – by which time it's too late. The fraud has been committed, and possibly money lost, and the bank suffers in terms of its reputation  - a situation that could have been avoided with earlier intervention. 

Comments: (1)

Dean Procter - Transinteract - Sydney | 11 July, 2008, 04:16

Another solution might have been to use mobile authentication. This simple fraud would have been prevented and you wouldn't need all that behavioural analysis to tell you about it after the fact. Of course the behavioural analysis should be applied at the trader/broker/dealer/overseer(s) balance and transaction level, otherwise you wouldn't understand the risks and therefore the value of real fraud prevention.

Telling you about it afterwards might be useful, but it doesn't really qualify as 'prevention', at best it's a chance for 'loss minimisation'. It doesn't prevent those unpleasant feelings when you find out or the harm to your reputation either.

As people become more fiscally challenged the likelhood of such attempts increases.
I suspect we are entering a long period of substantial fiscal challenge, and that the easy pickings will be picked more often.

'An ounce of prevention costs less than a gallon of cure'. There are obviously various definitions of 'prevention' - I prefer the one where you actually stop it before it happens.

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Mark

Protecting ourselves - as nature intended?

11 June 2009  |  1550 views  |  0  |  Recommends 0

Probably the best customer experience in the world

20 April 2009  |  1581 views  |  0  |  Recommends 0

Chip and Skin the way ahead !!!

10 September 2008  |  1909 views  |  0  |  Recommends 0

Keeping ahead of the Fraudsters

15 August 2008  |  2374 views  |  10  |  Recommends 0

Green, clean and mean!

24 July 2008  |  2234 views  |  0  |  Recommends 0
name

Mark Elkins

job title

Principal

company name

TrenZ

member since

2008

location

London

Summary profile See full profile »
TrenZ builds on 20 years experience of bringing CPE, Software and Hardware,and network operators ...

Mark's expertise

What Mark reads
Mark writes about
Mark's blog archive
2009 (2)2008 (6)

Who is commenting on Mark's posts