Understanding criminal behavior and why people commit fraud is not an easy task. Too often we tend to react emotionally to what happened instead of logically understanding why it happened in the first place. This reactive approach is very common. We typically address a shoplifting or fraud event by posting a photo of the suspect in the employee break-room or sending out an email after the crime has been committed.
A much better, more proactive approach to preventing future thefts and disrupting fraudulent behavior begins with a simple mindset: “How can we ruin a bad guy’s day?” Ask yourself, “What preemptive steps can we take as an organization to disrupt criminal behavior and prevent future fraud attempts?”
Fraud Prevention (noun) is defined as “the act of preventing fraud.” Instead, we should utilize Fraud Prevention as a verb defined as, “to anticipate, avoid and/or prevent fraud from occurring.” This approach adds needed action to the basic definition of fraud prevention (noun). This methodology allows us to analyze how loss occurs in the first place and take preemptive, corrective action much sooner.
The good guys are always asking themselves how they can better understand the methods and tools bad guys use to commit fraud. More importantly, how can we do a better job of listening to what they are telling us? After we have determined the “how it happened, when it happened, and by whom”, we then should ask the question “why it happened.” Fraud prevention professionals have stated the most common response to this question is “It was easy.” That’s right; the fraudster said, “It was easy.”
To some, this response may be insulting and disturbing that it was so easy for the bad guy to commit fraud against your company. But it’s what we do with this information that is so important. Are you listening to the bad guys? They are telling us what we need to do to prevent and deter future theft attempts. The “it was easy” response is telling us that there is a serious break down in a particular process or procedure that allows an opportunity for the bad guy to commit fraud.
If the bad guys believe that your store or organization is an easy target, then they will exploit every weakness in your internal controls and processes. This includes exploiting every weakness with your personnel, security surveillance equipment, access controls, and loss prevention methods.
An organization’s weaknesses will be dissected by the fraudster into 3 main areas: People causes, Physical causes, and Process causes.
People causes: An employee did not follow a process or procedure that ultimately led to a loss. These types of losses are usually connected to some type of physical cause.
Physical causes: A physical or mechanical type of device failed in some way to prevent a loss. This could be an unlocked door, battery failure on a security device, or malfunctioning video surveillance equipment.
Process causes: A faulty, outdated process or procedure used by people within the organization is causing loss. Example: If a new process or procedure is not thoroughly tested, this lack of testing can cause “unintended consequences” resulting in loss.
Take time to analyze and understand your organization’s three areas of potential weaknesses. The process of assessing your organization’s weaknesses begins with reverse engineering (reconstructing and analyzing) how a fraud was committed. Reverse Engineering Fraud: A method of determining the likely sequence of events before, during, and after a fraud event through observation and evaluation of processes and evidence.
Did the fraudster exploit weaknesses in your internal controls and processes to commit the crime? Was the fraudster enabled because of poor customer service and/or bad morale? Was the store fully staffed that day? Did you merchandise high-value products in low traffic areas? Did your network get hacked because of unsecure and weak passwords?
There’s usually a logical reason the fraudster chose that day to steal from your organization. Unfortunately, the bad guys believed it was going to be easy to steal from you. Now we need to find out why.
To be continued…
Skip is actively involved with industry events as a speaker and contributor to articles covering a range of topics that include, “How to Ruin a Bad Guy’s Day.”