The average company fraudster is a middle-aged white collar worker in finance, sales or operations who has worked at his or her employer for some years and “misappropriates assets,” a study of 596 real-world fraud investigations by KPMG has found.
Incredibly, KPMG also found that barely any of the perpetrators face prosecution because their firms want to avoid public embarrassment, something the fraudsters are probably aware of when factoring the price of being caught.
Some of the findings in Global Profiles of the Fraudster sound obvious such as that 70 percent of fraudsters were aged between 36 and 55. Given that this age range constitutes almost all the people with the job power and opportunity to commit fraud without it being detected, this is perhaps a given.
Also par for the course is that most frauds happen gradually in small bites over some years, with seventy percent involving collusion with others at some point.
One surprise is the potential losses from insider frauds, with a third exceeding $500,000 (£320,000) and 9 percent breaching an astonishing $5 million. This reinforces that many acts of fraud go undetected for years.
KPMG’s data is interesting because it’s based on real-world examples and not extrapolated from a survey that ignores deeper trends, but what if anything can firms learn from its findings? Surely some fraud is inevitable?
There seem to be several strands to the answer. The first is that peering at generalisations about the profile of fraudsters and their crimes after the fact misses the point that the common issue is a lack of oversight. Organisations need to invest in controls (KPMG mentions data analytics) in order to have any chance of detecting skilful fraudsters and their collaborators before they do damage.
It is technology that has made some of the frauds possible so technology should have a place in curbing it.
A second point is that the technologies of fraud are rapidly evolving in ways the old chains of accountability can’t detect. Damage can now be inflicted in days, weeks or months rather than years as in the recent past using automated systems and AI-driven “attack bots.” While about half of fraudsters were traditional dishonest opportunists, 'predatory', i.e. professional criminals now make up most of the rest, which holds a warning for the future of this type of crime.
“This is not science fiction, but a taste of things to come. We are already seeing highly trained hackers link up with the organised crime network and the faceless criminal is not far away,” said KPMG’s UK head of forensics, Hitesh Patel.
“Cyber crime is already on the rise and we expect cyber-attacks and high-tech fraud to grow exponentially.”
The old division between internal fraudsters operating at a small scale and external attackers working from the outside might no longer be a useful distinction. The two are now as likely to work together in concert.
The firm admits it doesn’t have a huge amount of evidence of internal fraudsters working in concert with organised crime, noting that only 15 of the 596 frauds had this as a factor. National characteristics also seem to play a part here; some nations are objectively more corrupt than others.
However, despite the lack of hard examples the possibility that today’s dissatisfied middle-management crook could morph into a far more dangerous era of software-driven fraud is intriguing if untested.
“With an ability to master artificial intelligence, it’s only a matter of time until fraudsters harness the full power of technology to enrich themselves and criminal organisations, unless legitimate businesses take steps to defend themselves,” said Patel.
Find your next job with techworld jobs