Identity Theft Uncovered - But It's Not Always Easy to Spot!

Identity Theft Uncovered - But It's Not Always Easy to Spot!

Patrick Müller
by Patrick Müller
02.06.2023
0 Shares

Fraudsters ignore laws! That much is clear. But what about definitions, distinctions, and standards? Probably similar.

I wonder, is it primarily about defining every incident perfectly when it comes to preventing these cases? In other words, is it essential for raising employee awareness whether the uncovered fraud case of Martin Meng at konfidal is identity theft or just the presentation of false information?

In my opinion, it’s much more important that employees are well-informed about the considerable criminal effort that goes into these deceptions and are educated on the scenarios currently circulating.


konfidal
➡️ Read Martin Meng’s full article on LinkedIn.

(Editorial note: Permission to reprint has been granted.)




But raising awareness of red flags alone is not enough.

The people who process hundreds of transactions daily also need support in verifying authenticity.

We know two-factor authentication (2FA) from passwords as a security method where two different and independent components are required to confirm a person’s identity.

In the Purchase to Pay procurement process, this can be easily applied to verifying the existence of suppliers, purchase orders, or recorded goods receipts during the invoice entry process.

But what about invoices without purchase orders?
Process guidelines often prohibit such transactions, but in reality, there are many reasons and exceptions. And it’s precisely these exceptions that fraudsters exploit.

Therefore, for such cases, similar to two-factor authentication, consideration should be given to what measures can be implemented to ensure the integrity of senders or payment recipients.

A relatively simple verification step: checking the bank account details.
For example, just look it up on the respective authority’s website or ask the known contact at the business partner’s office.

Is that enough? Certainly not!
What exactly is needed should be individually defined for each company or department. But it doesn’t always have to be complicated or elaborate; it should be practical.

Currently, I am deeply involved with CEO fraud, a scam that involves identity theft. While considering prevention measures, I keep noticing that these verification methods also protect against other types of fraud, regardless of whether the "boss" calls or the tax office writes.


Further reading recommendation:

If you're interested, feel free to check out the CEO Fraud Blog.

CEO Fraud: The 'Grandparent Scam for Companies'
Patrick Müller
Patrick Müller
Lecturer & Author | Data Analytics, IT Forensics, and Fraud Detection | Building & Training In-House Analytics Teams & Architectures in Corporations

No comments yet

What do you think?

Mr. 01 Analytics

Transform data into EBIT, prevent fraud, and boost profitability with our tailored Data & Analytics and IT coaching. We help optimize and secure your business processes and IT systems.

Receive monthly inspiration on data, data analytics, and approaches to prevent fraud and identify opportunities.
Subscribe to the newsletter
Copyright: All rights reserved.
 | Privacy Policy | Imprint | Whistleblowing System
..