Beware of “frenemies!” People close to your organisation – such as customers, suppliers, consultants or agents – are most likely to commit customer fraud, which is now Australia’s number one economic crime.
Most of us take for granted that the people we do business with on a daily basis will do the right thing by us. But a newly released survey by PwC (formerly known as PricewaterhouseCoopers) points to a new and worrying trend that turns this assumption on its head.
The PwC survey found customer fraud is more prevalent in Australia than elsewhere – a 45% of Australian organisations have experienced customer fraud compared to the global average of 29%.
The Australian edition of PwC’s Global Economic Crime Survey reveals threats from outside of organisations such as fraudulent customers, hackers and organised crime also outweigh internal threats for the first time in the 27 years the survey has been running (64% vs 36% respectively).
Almost two-thirds of all fraud and economic crime came from external sources compared to less than half just four years ago.
“However, 60% of these crimes were committed by “frenemies” – someone close to the organisation, such as a customer, supplier, consultant or agent,” the report said.
PwC Partner and Forensic Services Leader, Malcolm Shackell, said: “The significant rise in customer fraud is being driven by the increasing availability of information and new technologies like editing apps to change documentation, make fraudulent IDs, credit card applications and insurance claims. Another driver is the increasing influence and sophistication of organised crime syndicates.
“Fraudsters are more strategic in their goals, and more sophisticated in their methods. It’s a business in its own right that’s tech-enabled, innovative, opportunistic and pervasive – like the biggest competitor you didn’t know you had.
“Organisations need to be alert to the changing nature of the threat environment so they can adopt necessary risk controls. Unfortunately, more than 40% of organisations we surveyed have not assessed the risk of fraud in the last two years, leaving them increasingly vulnerable to new and emerging forms of economic crimes. We’re also lagging behind our global counterpart in the use of technologies like artificial intelligence and advanced analytics as part of our efforts to combat and monitor fraud.”
Good questions:
- Have you defined economic crime and communicated it across the business?
- Do you really know who works for you? Have you completed background checks, spoken to previous employers, validated education, taken references?
- Do you know who you are working with? Who are the owners, directors and key management? Do they have any criminal convictions, undischarged bankrupts, disqualifications as a director, adverse media, or legal proceedings?
- Does your supplier have a third party risk management framework and due diligence program?
Australia still a hotspot for cybercrime
Cybercrime remains one of the most prevalent forms of economic crime experienced by Australian organisations, with almost half of those surveyed saying they have suffered a cyber attack in the last two years. Phishing was the most common type of cyber attack experienced, followed by malware, which was the same for survey respondents across the globe.
Australia is among 18 countries out of 123 which reported cybercrime to be more disruptive than the global average (15%). Survey respondents in Australia and across the globe expect cybercrime to be the most disruptive economic crime in the next two years.
PwC cyber partner, Richard Bergman, said: “To see that one in two organisations surveyed suffered a cyber attack in the past two years is bad enough, but we think the number is probably much higher. We’re seeing at least one new attack every fortnight and it’s only going to get worse as enabling technologies become cheaper and more accessible.
“It’s particularly concerning that around half (48%) of the organisations surveyed have not assessed their vulnerability to a cyber attack and over one-third (36%) don’t have a cyber incident response plan documented and tested. Without these cyber security fundamentals, organisations will find themselves highly vulnerable to a successful cyber attack and poorly prepared to respond when the inevitable happens.”
You can download the full report from the PwC website here.
Edited by Peter Needham
.jpg){kind=tracking}