A new approach to adopting technology to mitigate fraud

By Arjun Rajagopalan, Partner, Deloitte India

The first wave of technology adoption by businesses was primarily in the areas leading to revenue enhancement, cost optimisation and increased profitability. Over time, some of these technologies were being re-used in a different context – for fraud prevention.

Research suggests that use of Radio Frequency Identification (RFID) tags by retailers can significantly improve the efficiency of their supply chain operations by ensuring product replenishment’s happen just in time, thereby saving inventory costs . However, RFID tags can also effectively be used to safeguard against fraud by tracking pilferage, and non-compliance by tracking expiry dates on perishable products. Similarly, Big Data technology is now used by banks to not only serve customers better but also to analyse suspicious transactions.

An analysis of the responses received in Deloitte’s India Corporate Fraud Perception Survey report, Edition III, indicates that Indian organisations may need to embark on the second leg of the technology adoption journey by rethinking of how their existing technology deployments could be used in the context of fraud risk management.

Consider the case of Artificial Intelligence (AI) that is slowly becoming part of our everyday lives – using facial recognition on social media, providing video streaming recommendations, and IoT devices integrated with other functions.Organisations with a large number of customers (such as retail, banks, and utilities) could use AI to build customer profiles from disparate sources of data and undertake targeted marketing,selling and customer service. They can also tweak this tool to gather information on suspicious transactions and analyse them. A large credit card company currently uses AI in this capacity to make fraud-detection efficient and even reduce the high number of false-decline cases .

In the case of Blockchain, traditional business functions can use smart contracts to nearly eliminate frauds related to payments by pre-creating if/then contracts, where unless the previous step of the process is complete,the next steps will not be initiated .

We believe a similar application would benefit supply chain functions wherein digital payments can be withheld (in an escrow-like account) until the product is marked as ‘shipped’ in the blockchain system. Further, block chain can also be used to ascertain the product quality,should it be extended to the original producer. For example, if the producer of organic rice (the farmer) is on a blockchain platform, as an end customer in an urban super market purchasing this rice, one can ascertain if the product is indeed organic and in which farm it was produced, thereby eliminating fraud .Incidentally, such a verification would take a few seconds, unlike in a traditional supply chain set up where one can take several days to receive this information.

These examples demonstrate that technology can be effectively used to prevent fraud. However, the outcomes of technology adoption are heavily dependent on the underlying processes and system design. In our view, this should be the primary consideration for organisations wanting to embrace new technology and/or re-use their existing technology deployments. In the course of our work we have observed how early-stage system design manipulations(inadvertent or otherwise) have diminished an organisation’s capabilities to identify potential fraud. For instance,a recent wallet provider was unable to secure its systems to identity theft and in another case, a bank lost over INR 5 Crore to fraud due to a loophole that didn’t link its core banking system to its wallet service in real time.

Such incidents can be prevented by inculcating a Forensic Software Development Life Cycle (SDLC) governance model from the start of technology adoption. Unlike traditional software development, where testing of controls was done by a technology team at the end of each stage of development,the new approach relies on designing of the fraud controls at the time of technology adoption and testing by risk experts while the development is ongoing, thereby improving the chances of identifying loopholes and system design flaws early on. Particularly in the case of new technology adoption,such an approach has been found effective, considering there is no historic view of past frauds. Further, a robust consequent management system should also be developed to respond to any fraud risks that may be discovered or in response to any technology upgradation /enhancements.

New technologies such as artificial intelligence rely on constant learning from other data sources, and response patterns. This also means they can emulate good and bad decisions taken by organisations, imbibing the biases of those who programmed prior systems.Periodic checks by risk and technology professionals on the ‘state of technology’can help fraud risk management programs evolve more robustly in the future.

 

Comments (0)
Add Comment