September 11, 2005 | Boston, MA: Each year, American businesses suffer staggering losses at the hands of a constantly evolving enemy: fraud and abuse. Here are just a few of the sobering statistics, culled from industry experts:
- Health insurance fraud exceeds $61 billion a year
- Life insurance fraud is estimated at almost $12 billion a year
- Check fraud is estimated to cost up to $20 billion a year
- Consumer lending fraud is $1 billion annually and growing rapidly
- Identity theft estimates have hit $50 billion and are growing
Businesses in every industry are constantly fighting an uphill battle to gain the upper hand against clever thieves who always find new ways to exploit the system to their advantage. As technology has become more sophisticated, so have the criminals. The Internet provides relatively easy access to public documents and sophisticated cross-reference capabilities make it easy for savvy crooks to connect the dots to create new identities or usurp someone else’s.
Even worse, these attacks are not just the work of outside elements. A joint study by The United States Secret Service and Carnegie-Mellon Software Engineering Institute (CERT) found that a frightening 78 percent of financial cyber crimes were committed by authorized financial institution users.
A New Tool in the Battle: Risk Management
Companies have become smarter, investing in ever-more sophisticated physical security and protection technology to prevent unauthorized access by the bad guys. But little has been done about preventing bad guys from using legally available data and systems to commit fraud and abuse.
“Nothing has changed. The game is exactly the same. In fact, technology has actually made it easier,” said Frank Abagnale, author of Catch Me If You Can and a leading security expert whose knowledge comes from his own experience as a former forger and embezzler.
“The only difference is that what I used to do in months people can now do in days and even less of the money lost by fraud is ever recovered,” he told a recent gathering of banking industry executives.
Due to the scarcity of police and crime resources, Abagnale said that punishment for fraud is rare and less than 5% of court ordered restitution of stolen funds is achieved. The only viable course of action, he said, is prevention. To mitigate the risk of internal and external fraud, companies need to monitor data in real-time, make decisions quickly and enforce internal controls. This is where enterprise risk management and applied business intelligence technology can play a critical role by helping businesses create methods to identify these abuses and provide escalation paths to compliance or elimination from their systems before damage occurs.
A risk management approach helps business understand – often for the first time – key risk and performance indicators that are crucial in developing effective operational controls. This is the first step in curbing fraud and abuse. Typically, the information that identifies weaknesses in a company’s policies and procedures (and the liabilities of those weaknesses) lies deep within the operations of an organization. Risk management tools helps senior management develop effective risk plans by providing access to staff experience and insights to identify operational risk, understand what to measure and control and calculate the impact on the bottom line.
Once a risk plan is completed, business analysts use risk management tools to validate risk plans with actual historical data and industry benchmarks. (For more information on how to create a risk plan, read Developing Risk Plans)
Some risk management tools then go further, with applied business intelligence capabilities that leverage existing applications and infrastructures to automatically generate fraud- and abuse-specific software modules, enabling firms to proactively prevent losses.
These applications can match patterns in customer behavior across multiple data sources, make automated decisions where appropriate and enforce controls such as separation of duties where needed. They also escalate issues for immediate action and resolution to prevent fraud. Equally important, the technology helps identify treacherous gaps in logic during the early design process rather than at the end, allowing systems to be rapidly changed and tested to keep up with the fast pace of fraud evolution.
To better understand the benefits, let’s consider some real world fraud and abuse scenarios in a few industries where business intelligence-enabled enterprise risk management is making a difference.
Automobile Insurance Fraud
Catching auto fraud can sometimes seem like trying to catch a ghost, because in many cases the participants are fictitious. Consider a case in which a policyholder submits a claim for car repairs and medical treatment that never took place because the car accident never occurred. Others involved in the fraud assume the role of the non-existent body shop owner and doctor. The paperwork is all in order and the amount of damages is not high enough to arouse suspicion.
With risk management and intelligent business modules, the company can identify key fraud indicators and then cross-check claims against those indicators. By automatically cross-checking that data- be it credentials, licenses and the appropriate use of the license, consistency of the claim details, etc. – the company can easily highlight those claims that don’t hold up against industry benchmarks and its own standards.
Criminal activity always surfaces where money is being made and the hot housing market has been a big draw. Banks and homeowners must be on guard against numerous schemes like “flipping,” which federal authorities define as “acquiring an over-inflated loan on a rundown or neglected property, often using fraudulent documents,” or “straw buyers” in which people’s identities are used to take out fraudulent loans.
Using robust enterprise risk management for banks, financial institutions can catch fraud before it happens by first identifying its key risk indicators and then using best practices to validate key pieces of data within a mortgage application against original public records and other documents. This helps to minimize false-positives and uncover real abuse or fraud.
Health Insurance Abuse
Many fraudulent claims fly below the radar. For instance, a medical provider may regularly order three MRIs as part of the diagnosis and treatment process. While on average only one MRI is needed, the insurance company allows up to three. Because it complies with the terms of the policy, the abuse remains hidden and unnecessary procedures continued to be paid. Someone is benefiting from the extra MRI procedures just not the patient or the insurance company.
With risk management tools, the insurance company can cross-reference claims against key internal risk and performance indicators, identify abuse and weed out providers that are deliberately exploiting loopholes within policies or colluding with patients to avoid payment of required deductibles.
Credit Card Fraud
An insidious manifestation of identify theft, credit card fraud is dangerously common and ridiculously easy to commit. Let’s use an example of insider involvement here, one based on a real-life case detailed in the Secret Service-Carnegie Mellon study mentioned earlier: A supervisor at a financial institution with security privileges was able to change the address of an account, order a new credit card and PIN and withdraw money from the account.
Based on the results of the study, financial services firms may very well determine that the risk and performance indicators should be applied to internal processes and policies. By identifying liabilities within internal processes and policies, firms can use intelligent modules to prevent abuse and monitor patterns to identify future fraud cases.
Small Steps, Big Gains
It’s foolish to think that fraud can be completely eliminated or that there is a silver bullet that will stop criminals cold. But with losses skyrocketing into the tens of billions of dollars and wasted productivity in cleaning up the mess, thwarting even a portion of fraudulent activities can yield huge results. By remaining vigilant and taking advantage of enterprise risk management tools, businesses can make a difference that will be clearly seen in the bottom line.