Preventing fraud -_jm_kadaner

WHAT TRAVEL PAYMENT IS ALL ABOUT.

P. 1 Dateiname / Datum

Preventing Fraud in a Managed Travel Programme Internal, External and Technological……

7th October 2014, Inner Temple Hall, London

JM Kadaner , Partner AREKA CONSULTING and CEO Key Corporate Solutions

AIRPLUS. WHAT TRAVEL PAYMENT IS ALL ABOUT. P. 2 AirPlus Annual Client Event 2014

Summary What is fraud, an overview

Most common fraud in T&E and MICE

How does the payment industry react? With what measures?

How to identify and prevent?

New technologies = new risks?

Does P-to-P and End-to-End processes help detecting fraud?

Some key measures you should undertake to limit the risks…Forensic analysis..

Conclusion

Program of the show..


Legal Redux Note 1 : All trademarks, service marks, collective marks, design rights, personality rights, copyrights,

registered names, mottos, logos, avatars, insignias and marks used or cited in this presentation are

the property of their respective owners and this presentation in no way accepts any responsibility for

an infringement on one of the above.

Note 2 : By reading, or hearing, any member of the audience provide its consents that s/he is familiar

with, understands and absolutely accepts the above disclaimer and renounce any litigations against the author who is excessively paranoid about being dragged into court….

Note 3 : The information provided on this presentation is of a general, broad, sweeping, large, wide-

ranging, wide-reaching and wide-spread nature and cannot substitute for the advice of a licensed

professional. A competent authority with specialized knowledge is the only one who can address the

specific circumstances of your problems. We can try, but this disclaimer frees us of any liability if

negative consequences result from our efforts.

Requisite..

AIRPLUS. WHAT TRAVEL PAYMENT IS ALL ABOUT. P. 4 Dateiname / Datum

Price list published on the “Shadow” internet…

Do not forget, it’s also a Business..

Courtesy : Symantec


Some facts to begin with… Total global payment-card fraud losses were >$12.3 billion in 2013, up nearly 15% from the prior

year…and it continues…..on average it costs the industries 0,07 BPS (source: Nilson Report)

According to a recent Association of Certified Fraud Examiners survey, employees residing in the

"executive/upper management" department of an organization also account for 27% of expense

reimbursement fraud cases…..

According to the Association of Certified Fraud Examiners’ (ACFE) most recent Report to the Nations

on Occupational Fraud and Abuse, T&E frauds alone account for 14.5% of all frauds uncovered….

30% of adults in the U.K. viewed exaggerating expense claims as acceptable and 20% admitted to

having done so themselves..Source Globalexpense…and so on…

What is fraud, an overview


Potential causes… "People feel bitter when they feel like they're not being well compensated or they're being overworked,"

"When you have a downturn in the economy, you tend to see more fraudulent use of company credit

cards,"

" Human nature is vain..if you have 5 % of the population in prison…it’s only the visible part of the

iceberg…. There's no way to examine how much fraud is actually out there “ Said a Forensic Expert..

More seriously the reasons are :

1. Lack of security

2. Lack of rules

3. Lack of controls



Big Fraudsters…

Charles Ponzi

(March 3, 1882 – January 18,

1949) was an Italian swindler, who

is considered one of the greatest

swindlers in American history…..

Bernie Madoff

(Born April 29, 1938) is a former

stock broker, investment adviser,

non-executive chairman of the

NASDAQ stock market, and the

admitted operator of what has been

described as the largest Ponzi

scheme in history.


You and….Me

(Born anytime) that could, given

particular circumstances, become

one…l’occasion fait le laron……in

particular when comes the Tax

Declaration Exercise…


Some well-known examples.. fictitious expenses Charging for items used for personal reasons (gas, groceries, hotels, etc.)

Billing for travel and expenses that never materialized (canceled airline tickets, seminar or convention

registration fees, tuition reimbursement and professional dues payments)

Seeking reimbursement for items that were never purchased (office supplies, gifts for clients, fuel)

Collusion among employees who both bill separately for travel or mileage reimbursement when they

traveled together

Outright falsifying or manipulating receipts

Falsified invoices…and not delivered services/goods

Etc.

Most common fraud in the T&E and MICE


Some well-known examples…Inflating business expenses Claim meals and entertainment reimbursement that may be in excess of allowed per diems or items

not reimbursable under your policy (alcohol, leisure activities, sports tickets).

Add tips to reimbursement when tips were already included.

Add tips to their reimbursement copies that were greater than what was actually left.

Fly first class or use limousines when modest means may be available and more applicable….see

travel policies…

Use inflated mileage totals when seeking reimbursement for auto travel.

Etc..



Some external Treats… Stolen cards..as you may not know its stolen…

Skimming in other words taking a copy of your card (ATM’s and teller machines..)

Identity theft

1. Application fraud, issuing a card under your name,Company

2. Account takeover, what it says..

Tele phishing..lots of example in the press lately..real Pro’s

Fraudulent charge-back schemes

Unexpected repeat billing

NFC Signal & data Capture



Counter measures…a Lot of them Cardholder liability according to issuers local Laws and Insurances schemes

Merchant certifications PCI DSS (Payment Card Industry Data Security Standard) and rules

Fraud detection and prevention software, analyses spend patterns

Strong Authentication measures (3D Secure) such as:

Multi-factor Authentication, verifying that the account is being accessed by the cardholder through requirement of additional

information such as account number, PIN, ZIP, challenge questions

Multi possession-factor authentication, verifying that the account is being accessed by the cardholder through requirement

of additional personal devices such as smart watch, smart phone Challenge-response authentication

Out-of-band Authentication, verifying that the transaction is being done by the cardholder through a "known" or "trusted"

communication channel such as text message, phone call, or security token device

How does the payment industry reacts ? With what measures ?

AIRPLUS. WHAT TRAVEL PAYMENT IS ALL ABOUT. Source: Mobile Money Market: Key Market Drivers & Restraints (2010-2015)

Lack of regulation on mobile transactions

Quality of service

Lack of collaboration between players

High cost of solution

Better user awareness

Ease of payment

Secure network

Interoperability across networks and platforms

Efficiency and speed of mobile networks

Drivers Restraints

Security will remain a key inhibitor

Security concerns


Mobile application security examples


Some key words and methods..building blocks

How to identify and prevent ?

Anti Fraud Policies

& Procedures

Fraud Vulnerability

Reviews

Fraud Awareness

Training

Fraud Risk

Assessment

Whistle Blower /

‘Report a Fraud’

Proactive Fraud Prevention & Detection

Post Event Analysis (eg : Mice)

Reviews &

Investigations Data Mining &

Analysis


Some key words and methods..Policies


IT Security Policy

Outsourcing Policy

Travel & Mobility Policy & T&E

Guidelines

MICE Policy

Fleet Policy

Employee Code of Conduct

Whistle Blower Policy

Fraud Policy

1. Responsibility of senior

management

2. Staff accountability for frauds


Some key words and methods..Some tips


Require original documentation (No receipt=>No Pay)

Initiate a formal review process (Managers validation)

Routinely question expenditures (Do not be afraid to ask )

Have all disbursements made in a formal manner (Uniform payment, no cash)

Treat reimbursement activities consistently (Do not allow delays)

Receive credit activity reports on a monthly basis (And follow-up)

Implement the use of corporate charge cards (Obvious is not it ?)

Automate the processes as far as possible (Fewer manual ops,fewer errors) The Technology is there today

Annually audit a sample of employees’ expense reports (Forensic Approach)

Prosecute offenders (Not Often done.. )


The right question should be..more Technology more risks Smartphones and Tablets

Social Media and open environments

BYOD..(Bring your Own Device) and related Management (Or lack of)

Door to Door and End to End

Open booking and internet security

Alternative Travel Behaviour (AIR BNB,UBER,Other Similar services)

Virtual payment alternatives

Mobility Management

Etc…

New technologies = New risks ?


What do you think ? Raise your hands for Yes, Raise your hands for No ? These systems (tools) alone, no

Cards (in all shape and forms) or ACH (Automated Clearing house) a must

1. To secure the operations and transaction

2. To trace the activities through identified and clear workflows

3. To facilitate documentation and reconciliations

4. To build up your data cube and allocate the costs

5. To perform analysis and reveal the extremes

6. To protect your company

It’s an investment but it pays off…data is king !

Does P-to-P and End-to-End processes Help detecting fraud ?

AIRPLUS. WHAT TRAVEL PAYMENT IS ALL ABOUT. P. 19 Dateiname / Datum

Article in Brief :

160000 travellers audited

6,3 % “out of compliance”..

19 % fraudulent..

5 % of employees committed 82 % of

the fraud

Tools :

68 % used Concur

10 % used Oracle & SAP

6 % used IBM GERS

Fresh from the press (nearly) BTN September 30th


It is important to control the complete process consistently

Some key measures you should undertake to limit the risks…Forensic analysis..


Some of them..

Travel organization : Acte,GBTA,AFTM,BATM,VDR

Press : Btn, The Beat, Travel Procurement,Tnooz

Card industry professional's, Payment industry professional’s, Nilson, ACFE, PWC,

Communications Fraud Control Association..

and more

A Great Thank You !

Sources


Some quotes..

“Somebody once said that in looking for people to hire, you look for three qualities:

integrity, intelligence, and energy. And if you don’t have the first, the other two will kill

you. You think about it; it’s true. If you hire somebody without [integrity], you really want

them to be dumb and lazy.”

Warren Buffett

An alternative is ‘’ Death is the solution to all problems, no Man, no problems ‘’ Joseph

Stalin

Let’s be all happy, to have so many still to resolve…..

Conclusion


Thank You Very Much ! We have answers, we have answers…

Do you have any questions ?