The South African economy loses about R150bn/year to white collar crime, most of which can be attributed to technology security breaches within organisations.
That’s the word from Steven Powell, head of forensics at law firm Edward Nathan Sonnenbergs.
He says that fraud committed by employees has increased dramatically over the past three years, with much of the increase directly related to the abuse of passwords.
Powel says the most prolific form of internal fraud is electronic fund transfer, thanks to abuse of passwords within an organisation.
Edward Nathan Sonnenbergs has seen the average amount of money stolen in the cases it deals with rise from R80 000 to R10m during the past three years, adds Powell. SA appears to be one of the countries hardest hit by insider fraud.
A survey released by PriceWaterhouseCoopers at the end of last year, says 60% of companies surveyed in SA had fallen victim to employee fraud in 2009, compared to the global average of 30%. The survey shows that most insider crime is not being committed by high-level staff members, but junior and mid-level members of staff.
In many of the local cases Edward Nathan Sonnenbergs has investigated, financial staff shared their passwords with other employees, often because an urgent payment needed to be made while they were out of the office.
With access to a single financial staff member’s authentication details, these employees could exploit the IT system and make changes to banking details or vendor and supplier information.
“They change the details of suppliers accounts, or payment plans and pay themselves the money.”
He says this kind of fraud is on the rise. In some organisations, it is not detected for years.
Mark Eardley, head of marketing at biometric security business Super Vision, says companies worldwide lose about 5% of their annual revenue to insider fraud. He says that cards, PINs and passwords are all flawed information security measures since they can be shared, stolen, lost or forgotten.
The PriceWaterhouseCoopers survey shows the increase in commercial crimes can be linked to a growth in opportunities for fraudsters. It says without an audit trail, employees are less likely to be caught.
Eardley says biometric systems enable companies to tack users and make sure that the employee that physically has access to the data is the same employee that has been authenticated by the IT systems. — Candice Jones, TechCentral