Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
December 17, 2012
The Fraud Triangle
The "Rule of 3" is a principle that suggests when things come in threes, they are inherently funnier, more satisfying, or more effective. (I talked about the Rule of 3 in a recent post in which I described my search for the right payment product.) There's even a Latin phrase that generally describes this concept: omne trium perfectum, which means "everything that comes in threes is perfect," or "every set of three is complete."
This rule may apply even to occupational fraud. Long recognized as a predictor of fraudulent actions in the workplace, the Fraud Triangle suggests that three factors must be present for fraud to occur: opportunity, perceived pressure or motivation, and rationalization. But what happens when one of the three members of the trifecta is removed? Will it topple over like a three-legged stool that loses a leg? Will the chance of fraud be decreased?
The Fraud Triangle theory, first described by Donald Cressey in the 1950s, is based on interviews with 200 incarcerated embezzlers, including executives. Not surprisingly, the researchers found that the majority of these embezzlers had committed fraud for financial gain. But what they didn't expect was that most often the perpetrators had no intent to commit the crime.
In workplace fraud, there is the opportunity—say an employer doesn't follow necessary workplace controls and makes one trusted employee singly responsible for all the cash in the business. Then there is the financial trigger, or motivation—the employee experiences a sudden illness, is living beyond his or her means, experiences a loss of spousal income, or has an addiction.
Next, there is the rationalization. Say the employee feels job pressure because of too-high performance standards or unattainable goals, or maybe the employee simply wants to exact revenge on the employer for a missed promotion or reassignment. And voila! You have the Fraud Triangle. The employee has access to cash, needs cash in his or her personal life, and is angry at the employer anyway, so might feel somewhat justified in taking the money.
These situations can occur any time there are weak or missing controls, fast growth in a business, or just lax management, and they usually increase in times of downsizing and layoffs. The crime tends to start small. It may even at first be a true accident. But when it goes undetected, the amounts grow, as does the confidence of the fraudster.
According to the Fraud Triangle theory, then, opportunity, motivation, and rationalization combine to lead to fraud. As an employer, by taking away the opportunity, you can prevent fraud. Make sure you have the proper controls in place in your workplace, even if your workplace is your home, because you hire outside help.
You can protect yourself from fraud as a consumer, too. Make sure you have balance alerts on your accounts, use strong passwords, and undertake other prudent financial account management practices. Let's all keep our holidays safe and secure.
By Michelle Castell, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The Fraud Triangle:
February 7, 2011
Cash acceptance: A risky proposition for merchants
This blog frequently deals with the risks of electronic transactions—debit and credit card payments, mobile payments, international money transfers, etc. These modern instruments often replace cash, a payment method with its own, sometimes overlooked, risks. While new threats against electronic payments continue to emerge, the transition away from cash may drive down other important risks. Robbery, employee theft, and counterfeit currency are key threats facing merchants and others who accept cash for payment.
More robberies (lower tips)
Businesses dealing primarily in cash run increased risks of robbery. The Occupational Safety and Health Administration (OSHA) lists handling cash as a major risk factor in workplace violence, primarily due to the danger of violent robbery. The Centers for Disease Control and Prevention (CDC) recommends moving to cashless transactions when possible to decrease workplace violence, further supporting OSHA's assessment. Taxi driver, retail and convenience store worker, and restaurant delivery worker are all occupations vulnerable to violence because they exchange cash directly with the public. According to the Department of Justice, taxi drivers suffer the highest rate of robbery of any profession, along with a high rate of robbery-motivated assault and homicide. OSHA recommends that cab drivers shift to credit card payments to mitigate these risks. The Center for Problem-Oriented Policing also suggests that convenience stores limit cash in the till and taxis eliminate cash payments to deter robbery.
However, merchants have largely failed to implement these recommendations. The Police Chief Magazine found that while cash control is the most effective strategy in reducing robberies, it is also the least frequently implemented. Regulation seems to be the most effective way to discourage the acceptance of cash payments. In New York City and Philadelphia, for example, local authorities require taxis to accept credit and debit card payments. These cities met with stiff resistance from drivers at first, but the realization of other benefits, including higher tips, has led to broader acceptance of the mandate. Anecdotal evidence suggests that crime may already be decreasing as a result of the shift away from cash to credit and debit card payments in recent decades.
More employee theft
The 2009 National Retail Security Survey finds that employees were responsible for 43 percent of inventory shrinkage, or theft, resulting in an annual cost to retailers of $14.4 billion. Although this survey focuses on inventory losses, it also indicates that employees pose the single greatest threat of losses for retailers. Cash is more vulnerable to employee theft than electronic payment methods because unlike cards, cash does not leave an electronic audit trail. Card payments are also automatically deposited to merchant accounts, while cash must first pass through employee hands, where it can be pilfered.
Merchants that accept cash payments occasionally suffer losses from accepting a counterfeit note. The Federal Reserve Bank of Chicago found that there is a low incidence of counterfeits in U.S. currency: fewer one in 10,000 notes by both volume and value is counterfeit. Actual losses were lower still, as many low-quality notes can be detected with basic anti-counterfeit procedures. However, according to the Secret Service's Annual Report, the agency removed more than $182 million of counterfeit currency from circulation in 2009, more than double the amount recovered in 2008. Although these losses may be small relative to the entire economy, individual businesses can still experience nontrivial losses, like the bar in New York that received $700 in counterfeit bills in one night last year.
Cash acceptance entails risks distinct from those related to electronic payments. While it is unlikely that any merchant can eliminate all cash transactions, key questions have yet to be answered. Are merchants underestimating the risks posed by cash acceptance? How can the industry and regulators move to mitigate the risks posed by cash acceptance? While there are many possible responses, the most effect answer may lie in the adoption of technology emphasizing the use of debit, credit, and prepaid cards.
By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Cash acceptance: A risky proposition for merchants:
November 22, 2010
The continuing challenge of workplace fraud in financial services
Is it true that most economic crimes are committed by insiders? Yes, according to a worldwide study on workplace fraud that the Association of Certified Fraud Examiners' (ACFE) conducted. ACFE's study found that organizations lose an estimated 5 percent of annual revenues, or $2.9 trillion globally, to insider fraud. (A down economy probably sees even higher losses.) Banking and financial services are the industries that most commonly feel the impact of workplace fraud (see the table).
The study also said that the median loss caused by workplace fraud was $160,000, and nearly one-quarter of the frauds involved losses of at least $1 million (see the chart). Typically, the frauds lasted a median of 18 months before being detected.
Theft of electronic data and information increases
A separate report looking at international fraud trends found that companies are experiencing an increase in theft of information and electronic data compared with the physical theft of assets. The report noted that the financial services sector had the highest level of information and electronic data theft. The biggest problem for financial services was information theft (42 percent), followed by internal financial fraud (31 percent) and regulatory breaches (25 percent). According to the report, in the last twelve months, businesses lost almost $1.7 million per billion dollars in sales worldwide, compared with $1.4 million per billion dollars.
Common elements in workplace fraud: The fraud triangle
There are many reasons an employee might commit fraud. Experts regularly cite financial pressures as the primary motivation for committing workplace fraud. According to the ACFE study, employees who live beyond their financial means accounted for 43 percent of the workplace-fraud cases; employees with other money difficulties accounted for 36 percent.
Opportunity or ability to commit a fraud can also motivate someone to commit workplace fraud. It is also the area that an employer can best control through dual and internal controls.
Rationalization is another motivating factor, perhaps the most difficult one to pin down since it may not manifest itself outwardly. Rationalization is how a dishonest employee might justify his or her fraudulent actions. For example, the thief may take money with the intent initially to repay it, or may feel deserving of the stolen funds because he or she feels unappreciated or undervalued at work.
Having any or all three of these elements present (financial pressures, opportunity, and rationalization) creates what is known as the fraud triangle. Although the presence of any of these factors can increases the risk of workplace fraud, gaining a better understanding of how each one presents itself in the workplace can help deter fraud. Strengthening detection in any organization may entail going beyond applying sophisticated anti-fraud software and establishing a work culture that educates staff as another resource for detecting possible fraudulent activity. Staff can play a vital role in combating workplace fraud when provided an anonymous reporting channel and education on procedures and expectations for communicating known concerns or potential wrongdoing.
Combating workplace fraud
While we cannot eliminate workplace fraud entirely, awareness of known "red flags" may help identify workplace fraud in development or before material losses from the fraud are experienced. An effective system of internal checks and balances generally reduces an organization’s exposure to workplace fraud.
Weaknesses in internal controls may provide insiders' opportunities to access data that they can then use to perpetrate financial fraud. As workplace fraud becomes increasingly sophisticated, the exposure of financial services to workplace fraud will continue to be an ongoing challenge. However, having a better understanding of the common elements of workplace fraud may help prevent, detect, and deter it from occurring.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The continuing challenge of workplace fraud in financial services:
- The Year(s) of Ransomware
- What Canada Knows That We Don't
- Calculating Fraud: Part 1
- Additional Authentication: Is the Protection Worth the Hassle?
- Would Consumers Ever Give Up Their Passwords?
- Will the Password Ever Die? Part 1
- Catch Me If You Can
- Governance Down Under
- Don't Forget the Check
- Fraud Reduction at the IRS: Some Happy Returns
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud