Although it’s hard to calculate the total cost of fraud (all types of fraud), there is quite a consensus about the cost being very high; see for example the PwC Global Economic Crime and Fraud Survey 2018. Many organizations – and especially Government agencies (law enforcement) and financial institutions (banks, insurances) therefore invest vast resources in detecting and preventing fraud. Today I’ll share insights from FRAUDtalks 2019, an industry event (25 Sept. 2019) of FRISS, the provider of software that specializes in detecting insurance fraud. The audience included many professionals who deal with insurance claims. These people are tasked with finding the fraud cases while reducing the “false positives”, i.e. cases where they think that there is fraud (and thus they start an investigation), but in fact, it’s a legitimate case. As often in risk management, the difficulty is in finding as many as possible (ideally: all) fraud cases, while minimizing (ideally to zero) the false positives.
Threat Is More Pervasive Than You May Think
Several speakers talked about risks, especially cybersecurity risks. They demonstrated very tangibly that in a world where “digital” is the standard, risks are more pervasive than what many people tend to think.
What’s Real And What’s Fake? This Person Does Not Exist!
John Ridd from eviid spoke about the importance of and the difficulty in verifying that digital media (photos, videos) are authentic. Take a look at https://thispersondoesnotexist.com, a website that presents AI-generated photos of people. These all look authentic, but they are not. They were generated by software! How does this experience change your view on “fake news”? If you’re a fraud-fighter, how do you ensure that photo/video evidence is authentic? John also discussed hacking and told the story of a large retailer that was hacked. While normally people think that hackers aim to steal information such as lists of clients and their details, or steal money (digitally), in this case the hackers – organized crime – hacked the retailer’s IT systems in order to trace back the supply chain of the retailer, find its “soft spots”, and steal physical products at these spots. Thus digital crime for enabling crime in the physical world.
AI Is All Over. Think About It.
Gian Luigi Chiesa from FRISS reminded the audience that we’re all using AI already in daily life. For example, Siri, Alexa, or even weather forecasting. As AI becomes more and more pervasive, we need to be careful in considering the (sometimes unexpected) consequences of AI. For example, in the insurance world (as this was an insurance fraud event), one may use AI to decide whether to accept a new insurance client or to reject the application. Once such a decision is automated using AI (as opposed to “business rules” that follow a well-defined and explicable “IF-THEN” process), will we always be able to explain why a specific application was accepted, and another one was rejected?
Hacking the Internet-of-Things (IoT)
Ken Munro’s talk was tremendously impactful. He presented a series of consumer IoT products (that probably many people in the audience use). He showed how easily these IoT devices can be hacked by people or organizations with bad intentions. These products included children’s toys (people with bad intentions can gain access to your children), smartwatches (if you’ve been worried about “Big Brother Watching You”, start considering “Bad Brother Listening to You and Tracking You”), car smart-locks (not as secure as you’d expect from a security device) and so-called smart doorbells (giving access to your passwords through a simple hack of the WiFi connection). The bottom line is: do not trust that something is “secure” without evidence. But can a layman evaluate such evidence?
Catch Me If You Can: Identity Theft
How real is the threat of identity fraud? Bennett Arron knows the answer. The Welsh comedian was one of the first major victims of Identity Theft in the UK. He described to the audience in an entertaining yet highly informative way how his identity was stolen, what the impact thereof was on his life (hint: immense impact), and how the Government (UK law enforcement agencies) dealt (hint: did not deal) with the situation. One important lesson learned is that identity fraud is easier than one may think. In Bennett’s case, both financial institutions and Government failed to support him when his identity was stolen, and hence the immense impact on his life. One can only hope that these things improved by now. And thus Bennett’s talk presents an extra dimension for fraud fighters: how can you support victims of fraud (people and companies), while fighting those who actually committed fraud by exploiting the victims’ identities? Bennett has been devoting much time and energy to informing people about identity theft. Check out his website!
Towards A Sustainable World
Among all the speakers that spoke about fraud, risks, and technology, Ynzo van Zanten from Tony’s Chocolonely delivered a fascinating talk that had nothing to do with the stated topic of the conference. Ynzo spoke about Tony’s Chocolonely’s aim to establish slave-free chocolate supply chains and fair trade. He reminded the audience about the imbalance between the price of cocoa (which farmers receive) and the price of a chocolate bar (e.g. in a supermarket). He showed real-life examples of teenagers that have been exploited as slaves in cocoa plantations, supported by an industry of chocolate consumers that ask no questions about the source of the cocoa. Tony’s Chocolonely’s success is proof that sustainability and financial success can go hand in hand. This is an important message to any audience.
FRISS deserves a compliment for the organization of this event. Success was achieved through (hard work and) a beautiful location (the EYE Museum in Amsterdam), an informal and professional atmosphere, a professional host (Pep Rosenfeld from Boom Chicago demonstrated that stand-up skills come handy in business events) and presentations that were delivered similarly to “TEDtalks”, thus keeping the audience interested.
Last but not least: In this event, I did not come across any Government representatives (forgive me if I missed you!). I think that the private sector and the public sector can both benefit from engaging more in each other’s communities of fraud fighters. Such engagement makes sense because: (1) in my experience, fighting fraud in Government has many similarities to fighting fraud in the private sector: you aim to find the irregular cases among the “normal” cases; and (2) wouldn’t someone who commits frauds in the private sector be more likely to commit fraud also in their engagements with the Government (and maybe vice versa)?