A commonly quoted principle concerning fraud states: "there is no such thing as a new fraud, only new ways of committing old fraud." The advent of scanners, laser printers and desktop publishing software has made the forging of documents and signatures as simple as a few mouse clicks. However the underlying fraud remains the same – forgery; and some of the less sophisticated frauds such as forging cheque signatures are still as popular as ever.

Technology has always been used by fraudsters to perpetrate fraud. One of the first cases I ever worked on involved a cashier falsifying the balance on a till roll by rolling the tape forward, subtracting the amount he had stolen, then rolling the tape back before printing the total for the day. The fraud went undetected for months because management assumed (and why not) that the total on the till roll was accurate. After all, it was a machine.

Unfortunately, as technology becomes more complex and pervasive, fraud is always there to take advantage of any weaknesses. The introduction of magnetic strips, CVV numbers and then Chip and PIN technology within the credit card industry are all examples of the card providers trying to catch-up with the growing technological sophistication of fraudsters.

Perhaps the biggest advantage obtained by a fraudster from using technology is the ability to perpetrate fraud without being anywhere near the scene of the crime. The average bank robber steals less than £4,000; they will more than likely be caught and sentenced to at least ten years for his crime. The average fraud nets the perpetrator over £100,000 with the chances of being caught and successfully prosecuted slim to non-existent.

One of our recent cases involved an attempt to divert the wages of some 700 employees into the fraudster's bank accounts. The loss could have been as much as £400,000, not to mention the damage caused by having to deal with hundreds of disgruntled employees who had not been paid. The fraud was attempted by using a smartphone to obtain access to both the client's own IT network and that of its external payroll provider to alter the employees' bank account details. Fortunately, someone was sufficiently cognisant to ask, 'why would so many employees be changing their bank details at the same time?' With only five minutes before the payments were processed, they were corrected.

Again, payroll fraud is not a new fraud. The use of online payroll systems, combined with the lack of controls over system access and the ubiquitous availability of smartphone technology created a new opportunity to commit an old fraud.

Fraud prevention in a technological world still has the same fundamental principles as always:

  • Understand your business
  • Understand the fraud risks your business faces
  • Design controls which address those risks
  • Regularly test controls, to ensure they are effective
  • Run targeted fraud awareness training
  • Encourage employees to report their concerns.

By necessity, this briefing can only provide a short overview and it is essential to seek professional advice before applying the contents of this article. No responsibility can be taken for any loss arising from action taken or refrained from on the basis of this publication. Details correct at time of writing.