What it Takes to Fight Fraud

As Crimes Have Evolved, so Has Investigator's Role
What it Takes to Fight Fraud
Jack McCoy is an internal fraud investigator.

Currently the VP of corporate security at Discover Financial Services, McCoy previously spent 29 years as a special agent with the Federal Bureau Investigation. While in the FBI, he worked a variety of criminal matters -- bank robbery, extortion, organized crime, and white-collar investigations.

Since joining Discover 10 years ago, McCoy has found that his role has evolved. Instead of just dealing with street criminals and combating fraud locally, he now is investigating high-profile international crime groups that represent technology savvy criminals who are sometimes situated half a world away.

"In over a decade at Discover, I have observed fraud change from non-receipt, fraudulent applications and account takeover to where skimming is the major fraud type today, and where the fraud may likely have more of an international nexus than it did when I first started," McCoy says.

Because fraudsters are constantly creating more diverse and complex schemes using advanced technology, reacting to fraud is no longer acceptable, McCoy says. The role of a fraud investigator has evolved to be proactive. One must understand the nature of fraud, predict where the attacks are expected. Which technologies are likely to be in use? What are the vulnerabilities, and how can we be safe? "Just as technology is impacting our daily lives," McCoy says, "It has impacted fraud."

Changing Face of Fraud

Brad McFarland is a fraud investigator and director of corporate security with The South Financial Group, a South Carolina-based financial services holding company. "At one time, fraud simply meant a theft of cash; however, now we see criminal activities ranging from the theft of data, customer records to intellectual property," he says. "That is where a huge risk lies in terms of reputational risk, financial risk and regulatory risk."

Internal fraud investigation has evolved from working in silos to more of a collaborative role that involves integration with business units and processes across the organization. "It is combating fraud and ensuring that the company's business products, investments and consumer reputation are protected at all times," says McCoy.

Whenever Discover launches a new product, McCoy plays an active role in understanding the offering and its potential market. This way he has a better sense of what type of fraud the company can expect, as well as the adequate measures to ensure that the product and company are safe.

"Today, internal fraud investigation is a full-fledged career evolving to senior management roles," says McFarland. "Fraud has transformed from being a risk to becoming a priority issue for some corporations."

The types of fraud investigators face include external crimes such as corporate account takeover, payment card fraud as a result of skimming devices and internal fraud, including insider theft, loss of data and intellectual property.

For McFarland, check fraud is the biggest fraud category he routinely investigates. He finds these cases originating from foreign lottery scams, internet auctions, and work from home schemes that are conducted by organized crime groups located outside the US. These groups often recruit willing participants to deposit counterfeit checks into their own accounts for a commission. Fraudsters think that this is an easy way to make money. "In most instances individuals don't realize that they are an unwitting participant to a criminal act," says McFarland.

McCoy, on the other hand, is routinely confronted by skimming incidents, which is the fastest-growing electronic-fraud risk, according to the U.S. Secret Service, accounting for more than $1 billion in annual losses.

Both their roles involve a 24/7 vigilance, staying abreast of the bad guys and ensuring safety, which comes with its own set of challenges. "To me, internal fraud is the most challenging because of the time lag that is typically experienced between the initiation of the fraudulent activity and its detection," says McFarland. "The greatest issue with internal fraud is risk - because of the time period, number of parties and businesses involved, nature of fraud committed and the reputational impact on the company."

For McCoy, the challenge lies in keeping up with the changing landscape and technology savvy criminals who operate overseas with false identities. "The challenge, like everything else, is to think ahead technologically," he says. "If our systems identify fraud in Atlanta, the challenge lies in identifying unique ways and rules to stop the fraud from affecting other areas and systems within a relatively short period of time."

What it Takes to be an Investigator

McCoy and McFarland identify these key skills as being most necessary for a fraud investigator today:

  • Analytical Thinking -- For security professionals, the transition is relatively easy, as they usually have a computer science or IT background that supports math-oriented thinking and analysis. The individual needs to have the capacity to deal with large volumes of data, be able to identify patterns and crunch the data to come to a meaningful conclusion. Historically, most fraud is reported via a tip from employees being suspicious about an activity from within an internal business unit or discrepancies noted by customers. "Today it is imperative that professionals use data analysis effectively in an effort to take a proactive stance against fraud," McFarland says.
  • Problem Solving -- Professionals need to have an open desire and curiosity to solve problems. "They need to have the capability to uncover fraud at many levels," says McCoy. Again, for most incidents, computers are used by perpetrators, so professionals need to be skilled at identifying security and IT vulnerabilities and risks within the system.
  • Decision Making & Communication -- The investigator needs to quickly respond and arrive at a decision when dealing with fraud, as otherwise the impact can lead to huge potential losses -- especially in cases of skimming or a data breach involving high volumes, says McCoy. Often, professionals with business degrees and a law enforcement background do well in these circumstances as they are used to making an accurate case from a given set of information or data. Communication skills also play an important role in fraud investigation as professionals need to interview people, write reports and collaborate with different business owners to solve and detect crime.
  • Business Understanding -- Professionals need to develop a deep understanding of the business process to uncover fraud. For instance, take the case of ACH payments. A professional working within the financial services sector will need to understand how ACH works. How are transactions occurring? How are merchants involved? What laws and regulations apply here?
  • Credentials -- An academic computer science degree with courses in statistics, economics and business pays off really well in this field, says McCoy. In addition, professional certifications like Certified Fraud Examiner (CFE) and Certified Financial Crimes Investigator (CFCI) set the standard for quality training in fighting fraud.
  • Investigative Background -- Candidates with prior law enforcement background are often preferred because of their investigative skills. They are adept at questioning involved parties and carry experience dealing with diverse groups of individuals both locally and internationally which makes it easier to communicate. However, a successful private sector investigative unit is comprised of individuals with industry related backgrounds - in addition to those with law enforcement experience. It is important to have a variety of skill sets represented in an investigative unit, says McFarland
  • Forensics Background -- Security professionals specializing in digital forensics and cybercrime are very desirable for their skills in handling and scrutinizing sensitive information, collection of evidence, retrieving information as well as for legal proceedings.

Where the Jobs Are

Today, with cybercrime activities on the rise in all organizations, stopping fraud has become a main priority in industries including healthcare, finance and government.

Within healthcare, the recent updates on regulations such as the Health Information Technology for Economic and Clinical Health Act and the Health Insurance Portability and Accountability Act have further tightened the regulatory requirements for hospitals, medical providers and facilities, leading to more effective security controls and best practices. This is likely to increase the need for professionals with security, forensics and anti-fraud background to implement proactive measures to combat crime in this sector, says McFarland.

The sheer number of breaches and security incidents are leading companies within healthcare to hire experienced professionals with anti-fraud backgrounds. Jobs as healthcare fraud investigators are high within insurance companies, hospitals and large medical facilities, where the role involves investigating and resolving instances of healthcare fraud and/or abusive conduct by the medical profession, insured members or the broker community.

Within financial services, the regulatory and reputational pressure, coupled with the rising cost of fraud, leads to more demand for professionals with anti-fraud backgrounds. Job opportunities are plenty in areas of forensics examination, data analysis, data loss prevention, investigation and management roles involving security program, policy implementation, training and education. Banks, credit unions, insurance companies, brokerage firms, payment processors all need expertise in fighting fraud.

Within government, with continued emphasis on cybersecurity by the Obama administration and the heightened need to protect national security, jobs have opened up for forensics, fraud and cybersecurity in almost all federal and state agencies and law enforcement organizations. Prospective employers include the FBI, Department of Defense, Department of Homeland Security, state police, Central Intelligence Agency, as well as big defense contractors like Lockheed Martin, General Defense etc.

It is increasingly important that organizations today communicate and share resources with peer institutions and with law enforcement, says McCoy. "If we want to prosecute fraudsters effectively, it's important to be open, learn and share dialogue with others to try and get the full picture."

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.