SCOTTSDALE, Ariz.—A new report emphasizes the difficult battle employers face—particularly financial institutions—in combatting internal fraud.
Employee theft and embezzlement has been the subject of numerous convictions in recent years at credit unions.
A report in Third Certainty said that the challenge faced by financial services companies of all sizes: how to balance efficient use of employees’ time and implementation of security controls.
“Assigning a supervisor to double-check all aspects of a teller’s work can be cumbersome and costly. And it merely shifts the fraud opportunity from the teller to the supervisor, rather than blocks it,” stated the report’s author Evan Schuman.
Many small and mid-size organizations “have not found that correct balance” between ease of business and security controls, Chris Richter, senior vice president of global security services at Level 3 Communications, told Third Certainty. “They have not gone through the discipline of risk analysis.”
Richter stated that many companies know they need to spend more on security but face budget constraints. He said some fear that what an internal study could find may be too costly to effectively address.
“Once you do a risk analysis, you identify the risk and the cost can be high,” Richter told the publication. “If you don’t take action after you have done the analysis, you can be found negligent” if something later happens and the company is sued. “They don’t want to know what they know they don’t want to know.”
Preventing many internal thefts requires two people validating the actions of the other—and new ongoing employee education programs to do it correctly, Tim Sloane, vice president for payments innovation at the Mercator Advisory Group, told Third Certainty.
Sloane said the temptation can be for an organization to make a one-time investment in new data security technology, rather than add to ongoing payroll and training expenses.
But it’s possible that technology can create more opportunities for insider theft by increasing automation and reducing human controls, the report indicated, adding that the best defense may well be employees working with the new technology—mutually monitoring and analyzing output from the technology and each other.
Schuman noted that experts argue that employee assessments should extend beyond the hiring process and annual reviews, since changes in an employee’s personal situation can change a low-risk worker into a mid-level-to-high-risk worker. He said employers should routinely run credit checks on employees to detect whether they’ve stopped paying their bills.