According to PWC’s biennial Global Economic Crime Survey (2011), economic crime continues to rise, growing by 13% since the 2009 survey. Fifty-six percent of respondents said that employees were responsible for the most serious fraud, and asset misappropriation (typically undertaken by insiders) was responsible for the majority (72%) of economic crime, although cybercrime is growing strongly.
Most worrying of all, of all the countries surveyed, South African companies reported the second-highest incidence of fraud (60%).
“In the wake of the 2008 economic crisis, the temptation to commit fraud remains strong,” says Nick Perkins, division director of Bytes Identity Management.
“The first line of defence is to make absolutely sure that when you hire somebody, they are who they say they are and that they have the experience and qualifications they say they have. The next phase is to implement non-repudiation within the company’s operational environment.”
The growing incidence of CV fraud can, at least in part, be ascribed to the shortage of good jobs. But it is also used by white-collar criminals to misrepresent their qualifications and lack of criminal records to infiltrate companies.
Perkins notes that many databases exist which HR departments can use to verify identity numbers, driver’s licences, qualifications and the like. But performing these checks individually for large numbers of employees is onerous and time-consuming – hence the creation of iFacts, which offers a single front end to allow users to query a customised range of these databases.
Bytes is a distributor of this software. iFacts also allows a company to build up its own database of verified information about candidates and employees, which means that when person applies for different jobs, only one set of checks need be made.
Then there’s the question of establishing the absolute identity of the employee. “iFacts also allows a company to use biometrics to verify not only that the person has the qualifications and experience claimed but is, in fact, who they say they are,” Perkins explains. “This final stage of verification is very important and uses the state and police systems to match fingerprints.”
Having verified the employee’s identity absolutely, the next step is to use biometrics to ensure that transactions on the company systems cannot be repudiated. This is done by using biometrics not only to log in but also to validate certain types of transaction. In the background, the system also needs to create an audit trail so that fraud can be detected and the perpetrator punished.
“Proper identify management can help a company to avoid hiring the kind of people who are likely to commit fraud in the first place,” Perkins says. “And while it won’t prevent it, the knowledge that fraud, once committed, can’t be repudiated is a strong deterrent.”