New research from LexisNexis Risk Solutions confirms that the pace of so-called “cross-industry fraud” is accelerating and becoming costlier for organizations of all kinds.
This momentum is a growing concern for finance professionals — or at least it should be — because such crimes are increasingly affecting margins, audits, payment processing, and other financial operations.
Cross-industry fraud occurs when bad actors who commit fraud against companies in one industry are emboldened to exploit other industries with the same fraudulent credentials.
The most egregious fraud activity is perpetrated by sophisticated, organized rings or individuals that make their living from fraud. While these professional thieves don’t have a particular bias for a given industry or sector, cross-industry fraud is particularly prevalent across financial services, health care, insurance, communications, retail, and government entities.
For example, a perpetrator of a typical insurance fraud scheme, staging an auto accident, could expand into exploiting system gaps to fraudulently claim government benefits or participate in telecommunications, retail, or credit card fraud.
In the government sector, hackers responsible for the Office of Personnel Management data breach in 2015, the largest breach of federal employee data in recent years, were also responsible for attacks on health insurance providers Anthem and Premera, two of the biggest private sector breaches in recent memory.
And it’s only getting worse. For the first time since the inception of the LexisNexis Fraud Mitigation Study four years ago, the latest survey shows a significant increase in the number of organizations (89%) reporting cases of cross-industry fraud. A quarter of the surveyed fraud mitigation professionals said they see evidence of cross-industry fraud in more than half of fraud cases they have investigated.
The severity of the financial impact of fraud is increasing as well. Cross-industry fraud cases have become significantly more expensive for organizations than fraud cases stemming from isolated events. Approximately 80% of study respondents said that these fraud events exacted at least a moderate toll on their organizations, with more than half of cases causing extreme financial harm.
The estimated cost of fraud may vary from about 1% to 5% of revenue for a typical organization. They force price increase, pose security challenges, and risk reputational damage.
Synthetic Identities Add New Complications
One reason fraud mitigation is becoming the purview of CFO organizations is the emergence of a new variant called “synthetic identity fraud.”
Traditionally, identity theft focused on crooks who churned out fake credit cards based on stolen consumer information. But as that crime became easier to detect, fraudsters have embraced fictitious identities as a more insidious workaround.
The approach creates new consumer identities using a combination of real and fabricated information to obtain credit, open bank accounts, secure fake passports, among other nefarious exploits. In some cases, synthetic identities have a real Social Security number from one person and an address, a date of birth, and a phone number from three others, making them difficult to detect.
Synthetic identity fraud is a longer and more sophisticated con game, as fraudsters gradually build their credit profiles and open accounts before striking and then disappearing.
For example, finance professionals within health care organizations saw a significant rise in synthetic and cross-industry fraud when the Affordable Care Act introduced millions of new patients into the health-care system. It created more opportunities for fraud, including additional chances for newly insured individuals’ identities to be stolen, and for applicants to game the system using false identity information.
The problem is compounded by the health care industry’s growing virtualization. Online portals and telemedicine services enable patients to sign up, coordinate, and receive care without being physically present in a provider’s office, making it that much more crucial to have appropriate safeguards in place.
Another reason cross-industry fraud is a growing concern for CFOs: more companies have embraced multi-line business models. Consider one with lines in insurance, banking, and wealth management. If a fraudulent identity breach in one line is not dealt with adequately, chances are the same activity is impacting the other business lines as well.
The opportunities for fraud against financial services organizations are becoming ever-more abundant as new services and products are introduced. Fraud is typically perpetrated by thieves opening new credit card, loan, checking, debit, mortgage, or other financial services products with synthetic identities, or by taking over existing accounts by impersonating a real customer to make unauthorized transactions.
New-application and account-takeover fraud each account for 20% of all fraud losses within the financial services industry.
Cross-industry fraud also factors into auditing due diligence. CFOs and their teams have traditionally focused their spotlights on internal threats such as employees who inflate expense reports or other instances of “cooking the books.”
But they’ve had little visibility into fraud by customers. As the external threat mounts, CFOs need to employ new auditing tools that extend their visibility outside their organizations.
Steps to Take
CFOs intent on protecting their enterprise have a number of options for addressing the threats of cross-industry and synthetic identity fraud.
First, those with multiple business lines should take a more holistic picture of fraud and formulate risk mitigation strategies than span the different silos within the organization, rather than treat each business line separately.
Second, while combatting fraud is typically the domain of chief information security officers, the CFO department should establish closer working connections with the company’s special investigative units or fraud team. Some organizations have gone so far as to move the fraud team into the CFO organization.
Third, leverage fraud-fighting technology. Recent technological advancements in big data, predictive analytics, and social network graphing are providing new, stronger tools for fighting fraud.
Finally, CFOs should consider joining forces with compatriots in other industries in order to establish a coordinated approach to exchanging fraud information. Such a coordinated approach can be accomplished through a cross-industry contributory database, where member organizations contribute potentially fraudulent events.
Beyond giving contributors a more comprehensive view of a suspect or entity, a cross-industry initiative helps organizations intercept fraud before it happens, to safeguard from losses due to fraud.
By leveraging an informed cross-industry view, CFOs will be able to gain a clearer view of the fraud landscape and what they can do to make informed decisions that will help them navigate that hazardous terrain.
Vikram Dhawan is senior director of product management for identity and fraud at LexisNexis Risk Solutions. Kimberly Sutherland is the organization’s senior director of fraud and identity management.