TRENDING:

"Fraud & Stupidity Look a Lot Alike"

Interview with Alan Bachman of the Association of Certified Fraud Examiners Tom Field (SecurityEditor) • May 12, 2010    
"Fraud & Stupidity Look a Lot Alike"
The magnitude of fraud schemes has grown - the scale and the losses. But the basics of fraud investigation remain sound. And if there's one thing people should know up front, says Alan Bachman of the Association of Certified Fraud Examiners (ACFE), it's this: "In their initial stages, fraud and stupidity look an awful lot alike." In other words, an investigator who stumbles upon what appears to be just a stupid mistake might want to dig further. Stupidity often ends up being cleverly disguised fraud, Bachman says.

In an interview with Editorial Director Tom Field, Bachman discusses:

Current fraud trends;
When a breach becomes an actual investigation;
What it takes to be a fraud examiner today.

Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on several IT implementations specializing in security. His largest fraud investigation for over $1.5 million was conducted during this time. Previously Bachman worked in or consulted for retail, real estate, manufacturing and has done extensive small business consulting where he has actively worked a number of fraud cases. His fraud investigation experience extends back to the mid- 70's and has continued throughout today. He became a CFE in 1993.

TOM FIELD: What's new in fraud examination? Hi, this is Tom Field, Editorial Director with Information Security Media Group. I am picking up a conversation I started last fall with Allan Bachman, the Education Manager at the Association of Certified Fraud Examiners. Allan, it is a pleasure to talk to you again.

ALLAN BACHMAN: Good to be back.

FIELD: Well, we spoke just last fall, and it seemed like fraud couldn't get any more exciting then, but it seems like an awful lot has happened since then. What's new with you since we first spoke last November?

BACHMAN: We are unsurprised by the magnitude of what has been going on. I think the "magnitude" being an interesting word because we are seeing a lot more of these big frauds. We are seeing a lot of big names coming to light in ways that we, and I am sure they, have never expected to be perceived by the public, as more and more frauds are being exposed to the light of day. We are seeing large organizations with big numbers and it is frightening in the extreme.

FIELD: Allan, what are some of the specific trends that your organization is tracking right now?

BACHMAN: We are on the verge of releasing our 2010 report to the nation on fraud, which is a survey of our fraud examiners and what they are reporting to us. What we are seeing is a lot more awareness. We are seeing a lot more vigilance now. We are seeing a lot more, obviously, we are seeing a lot more fraud partially because of the economic climate, partially because people are fed up and have started reporting things that they are seeing and that they are suspicious of. So we are seeing a turn in some ways to where the public awareness and disgust, if you will, is turning in the favor of the people who are chasing the fraudsters down.

FIELD: Well, that's a good thing. That means some of the fraud education you have been working on is working then.

BACHMAN: Hopefully, it is always working. We don't deceive ourselves; people who come to our training may not ever experience fraud, they may never see it in their organizations. But if they do, we provide them with a toolkit and a skill set to address those types of issues when the time does come.

FIELD: So, Allan, when we first spoke we talked about education. I would like to talk to you now about investigation. Specifically, when does a breach become an actual fraud incident?

BACHMAN: Well, as I said to a group that I was speaking to recently, in its initial stages fraud and stupidity look an awful lot alike. An organization that is looking into something that might be a stupid mistake might want to look a little further. They might want to investigate a little bit more to see how often that stupid mistake in fact existed. The largest fraud I ever investigated really was designed to look like a stupid mistake until you peeled back the layers and discovered that there was a stupid mistake occurring twice a month and had been occurring twice a month for 18 months to the tune of about $1.5 million dollars. But on the surface, it looked very, very simple. It looked like a mistake. So when you start an investigation, you really want to look -- you really don't want to draw early conclusions as to whether it is a fraud or whether it is not a fraud. You really want to keep an open mind. That is the best approach you can take. If you fit the facts to your speculation then you might run into a problem, the best way to do that is to keep an open mind.

FIELD: What do you find to be unique about some of the incidents that you are seeing today?

BACHMAN: Well, it goes back to the word I used early on, magnitude. We are seeing where we used to see frauds in the tens and hundreds of thousands of dollars and then eventually millions of dollars as they slowly get exposed , have existed of a longer period and now will cost billions of dollars. And we are talking large organizations that are seen almost as a culture of deceit. We are going to see how these things roll out in the next few years and see if these are mitigated. And so it is a very interesting time to be watching this kind of stuff.

FIELD: Allan, given the magnitude of the fraud as you discuss, what new types of skills do you find are required of fraud examiners?

BACHMAN: That's a very good question, and that is part of what we do and what we try to keep on top of. The skill set of a fraud examiner has evolved from somebody who (and those skill sets remain) is diligent, studious, ability to do a lot of detail work; what has evolved is the technology. The technology to support a person investigating fraud and the technology of the perpetrator of fraud and the way the artifacts and data are being kept nowadays -- there are no longer hard copies of records that you are looking through; it is data that is on computers. A lot of skill sets that need to be brought to bear are tactical in nature. Sooner or later, you get down to the personal level where you need to talk to people, interview people, and those skill sets are important, but also you need the skill set that allows you to work with other professionals who could bring to bear the expertise you may not have. For example, digital forensic technology, accounting forensics, things like that. So it is good to keep that pallet as broad as possible, but to know what your limits are and be able to reach out and get the expertise when you don't have it.

FIELD: Interesting words you used here, skill set, because it segues to my next question, which is what type of individuals should be considering a career as a fraud examiner today? Has that evolved?

BACHMAN: That has evolved. There has been a lot more interest in the profession if you will; it is almost becoming a profession. We see a lot of people in law enforcement, federal and state and local law enforcement, who deal with all sorts of crimes but primarily white-collar crimes, drifting that field away from law enforcement into the private sector. We see people from other fields of government who are enforcement people working at city offices, inspector general, drifting into the fraud examination area. We see individuals coming out of public and private accounting focusing on fraud examination and moving it away from the traditional role that, say, a CPA firm would do and counsel with their client and now are offering services to a lot of their clients just to say 'You may have a problem' and then bring a fraud examiner in to help them resolve that. So the source of individuals who are becoming fraud examiners hasn't really changed much, but there has been more interest so there are a lot more people gravitating that way.

FIELD: Allan a final question for you. For someone that is gravitating that way, what advice would you give to somebody making the career choice today to go into fraud examination?

BACHMAN: Keep an open mind; be curious; be speculative on everything you hear and see in your job; follow your nose, if you are suspicious follow that; be interested, read a lot of the how frauds are perpetrated; get a feel and understanding for how crimes, white collar crimes are committed, money laundering, all sorts of frauds like that. Ponzi schemes are big right now, and the understanding of how those are structured and how they work is important; how traditional frauds are created; ghost employees; false billing schemes. Really understand the underpinnings of those so that when the time comes and you do want to start gravitating that way you have got some fundamentals. You have got some basic experience in terms of an understanding how the crime is committed and how it is hidden and how it is uncovered.

FIELD: Well, Allan, for better or for worse, there is plenty of source material for somebody wanting to learn about this today.

BACHMAN: There is that.

FIELD: Once again, I appreciate your time and your insight. It is a pleasure to talk with you, and I look forward to talking with you again.

BACHMAN: Let's do that.

FIELD: We have been talking about fraud. We have been talking with Allan Bachman with the Association of Certified Fraud Examiners. For Information Security Media Group I'm Tom Field. Thank you very much.

Previous
PCI Issues New POS Standard
Next
ACH Fraud: Is Legislation Needed?

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.