Cifas: Employers must do more to fight internal fraud and support “honest majority”
Employers need to step up the fight against internal fraud and strengthen their businesses, Cifas, the UK’s fraud prevention service, said today.
The comments come as Cifas publishes its annual Employee Fraudscape report. The report finds that recorded internal frauds rose by 18 per cent in 2014. In total, Cifas Internal Fraud Member Organisations recorded 751 confirmed cases of employee (or insider) frauds last year, compared to 638 in 2013.
These figures come from the Cifas Internal Fraud Database, a unique cross-sector data sharing system used by 134 organisations to prevent insider fraud. The frauds cover a range of different fraud types – from data theft, to account fraud, employment application fraud and bribery.
Simon Dukes, Cifas Chief Executive, said:
“Fraud is not just about remote attacks – some of the most dangerous threats can come from within. Internal fraud costs huge amounts in money, reputation and employee morale. Customers are also affected when their personal data is stolen by an insider.
“Cifas members are taking action to report and fight fraud, supporting the honest majority. But it is concerning that many other UK organisations are not; enabling fraudsters to move around from job-to-job, free to commit fraud again.
“We urge all organisations to do more - sharing confirmed fraud data remains one of the simplest, most cost effective ways to prevent the actions of a small minority from causing huge damage.”
Today’s report includes analysis of Cifas data for 2014 along with a range of expert contributions covering degree fraud, the psychology of internal fraudsters and the importance of treating all staff equally when it comes to fraud, from the top right down to the most junior employee. It aims to help organisations think through the different aspects to internal fraud and encourage them to take action to combat the risks facing their own organisation.
Contributor Rachael Tiffen, Head of the CIPFA Counter Fraud Centre, said:
“We welcome the release of today’s report, which shines a spotlight of attention on internal fraud. Often overlooked, internal fraud can take many organisations, private and public, by surprise causing significant damage.
“Developing an anti-fraud culture in the workplace, led from the top, and sharing data can dramatically reduce the threat from internal fraudsters. We hope that the report encourages many more organisations to participate and to adopt a zero tolerance policy towards all types of fraud.”
Analysis of the frauds recorded in 2014 shows:
- Theft of data by staff remains a serious threat: with 53 confirmed incidents of customers’ personal data being stolen by an employee in 2014 (a 10% increase from 2013) and over half of these involving passing the data on to a third party.
- Fraud on customer accounts decreased in 2014, but increased in contact centres: tighter monitoring and security measures are acting as effective fraud deterrents, with the number of cases where staff used customer accounts fraudulently dropping from 53 cases in 2013 to 33 in 2014. The proportion of these frauds taking place in a customer contact centre, however, increased by 27% - underlining how controls and checks need to be put in place across all areas of an organisation.
- Employment application fraud remains the most prevalent fraud type: (473 cases - accounting for over 60% of all frauds recorded in 2014). The vast majority of these (396 frauds) were identified before the applicant had started employment - showing how organisations have invested in strong controls and verification checks.
- Employers need to do more to balance flexible resourcing with risk: around 16 per cent of employment application frauds were only discovered after the applicant had started in the role. On average, such frauds were discovered two months after the individual had started employment; indicating that many positions are still being filled before full checks and vetting procedures have been completed.
Notes for editors:
Download the full report at https://www.cifas.org.uk/research_and_reports
Cifas aims to make the UK a safer place to do business, by enabling organisations in every sector to prevent fraud and protect the public through the sharing of confirmed fraud data.
Cifas has over 300 Members spanning the public and private sectors. In 2014 alone, Cifas Members prevented over £1 billion of avoidable fraud losses by using Cifas’ National Fraud Database, which records confirmed fraud cases.
In 2006, Cifas set up the Internal Fraud Database specifically for organisations to share confirmed fraud data about frauds committed inside an organisation by its staff. The Internal Fraud Database is unique as it is the only cross-sector data sharing system dedicated solely to confirmed cases of insider fraud.
Cifas offers Protective Registration for individuals whose identities are at risk of being used fraudulently, for instance after a burglary.
In 2014, Cifas launched a new scheme called Protecting the Vulnerable. This service is offered free of charge to local authorities to protect those under the care of Court Deputies who are unable to access financial products and whose identities may be at risk.
Visit www.cifas.org.uk for more information.