- Security TWENTY
- Women in Security
The seventh annual conference of the London Fraud Forum runs on October 3, in London, would you believe. Its chairman, Alan Day, like last year, has done a question and answer ahead of the event.
Interesting that among the speakers is someone on the topic of social engineering – is something as simple as social engineering in fact the greatest problem and the most difficult to guard against?
Social engineering is a major problem and that is why we have included this on our agenda for this year’s conference. As the latest CIFAS Fraud Landscape publication points out, two out of three frauds now involve identity crime and as we become more aware of identity fraud attacks, criminals are becoming more sophisticated in their attempts to steal identities. Social engineering is therefore something we need to be more cognisant of and how we protect ourselves, our employees and our customers.
Another thought about social engineering – as it can harm people over the phone at their home, fraud prevention people might be able to get staff to listen about fraud if they make it relevant to their lives outside work as well?
This is a major problem and is not just limited to social engineering but all types of fraud. Education of the public is a major battle. I know many companies (including my own) try to make employees aware of fraud risks that not only affect the business but also the employees in their private lives. Hopefully they will pass on this message to their families. But this is only one small step and we in the counter-fraud community need to do far more in this area.
I note that Mark Button, Director of the Centre for Counter-Fraud Studies, University of Portsmouth, is an invited speaker. A Portsmouth event features in the August issue of Professional Security. One interesting point from the event was a speaker suggesting fraud is a profession, like accounting or engineering, and that while fraud professionals have come a long way, there’s still progress to be made. Does that sound about right?
That is spot on. We need to have a proper and formally recognised counter-fraud career structure. A cradle to grave plan if you like, for those who are seeking a career in counter-fraud. One example is accreditation of training. There are numerous courses, suppliers and accreditations, some very good and others perhaps not so good. How does a person starting on the counter-fraud ladder know what to choose and how does an employer know what course is best and what that course included? We all know what is meant by a chartered engineer or a chartered accountant but we do not have that luxury in the counter fraud arena. There is now a chartered status for security professionals and I would like to see a similar structure being developed for counter fraud but it is a huge task.
And the LFF conference has a speaker on whistle-blowing. How to deal with whistle-blowing – because while it does raise alarms, is there something about it, or human nature, that people feel like they’re telling tales out of school?
Yes and that is why I am not in favour of the term ‘whistle blowing’. I frequently amend papers that say whistle blowing to ‘speak out’ or ‘confidential reporting’. There are so many negative connotations with the term whistle blowing and I believe it can put people off reporting matters. But there will always be that human nature reluctance to report on one’s friends and colleagues. It is only natural and that is why a formal fraud awareness and education campaign is essential for all companies to encourage people to understand that if a person is committing a crime, they do not deserve the protection of their colleagues.
There are a number of regional fraud forums. What is being done to bring these groups together?
The chairs of the regional fraud forums met recently to discuss this and we have created an organisation called the Network of UK Fraud Forums whose aim it is to ‘bring the public and private sector together at a national level to reduce the harm caused by fraud’. The network will be a self funding organisation run on a not for profit basis and will co-ordinate and support the regional fraud forums and represent our members at a national level. I was asked if I would be the chair of the new Network and I accepted this honour. There is still a lot to sort out but at least we have a properly constituted organisation to link the regions and to act as a single national voice.
And interesting that you have speakers from an audit firm. Is it useful in countering fraud as in other jobs to spread the net wider than your specialism?
Definitely, we need everyone to be aware of fraud in their own particular areas, be it auditors, accountants, commercial staff and HR. The counter fraud professionals cannot be everywhere so we need others who are looking at assurance, controls and procedures to be our eyes and ears.
As so much of fraud, like life in general is done electronically, is countering fraud now a matter of IT, or is there a place – a vital place – for old-fashioned putting your foot in a door and getting face to face with fraudsters?
There is so much talk today of cyber-crime, e-crime and fraud being a more technical matter. There is no doubt that IT and the internet has had an impact of fraud and the types and breadth of fraud. But we do still need what you call old fashioned counter fraud activity and investigations. IT is an enabler and should be seen that way rather than a separate issue. I have often said that in the days of Butch Cassidy and the Sundance Kid the ‘officers of the law’ need a horse, in Gene Hunt’s day (Life on Mars) you needed the Audi Quattro and now you need a computer. But you should also keep the Quattro well serviced and able to move when needed!
On a personal note, do you find yourself shocked, surprised, angered, ever by what fraud you find? Or have you gone beyond that? Or is it best not to bring emotions into fraud work?
I would not say shocked or surprised. I think I am a bit long in the tooth to be shocked but I am often surprised, for example, by the way some employees will gamble their careers and their liberty for the sake of a few thousand pounds to be gained through a fraud. But I am always angered when I see fraudsters targeting the vulnerable such as elderly people in scams such as courier frauds, boiler house frauds and other such crimes. It is then when we can really get the message across that fraud is not a victimless crime.