Vikshay Vijai: When we talk about fraud impacting organizations today, we’re actually talking about two types: internal and external fraud.

Internal fraud includes a range of acts committed by an organization’s own employees. One example is embezzlement, where employees misappropriate cash or divert funds, e.g. through fake invoices. We often see cases where employees process refunds to their own accounts. Asset misappropriation, such as stealing inventory, is also common, especially in industries like construction and healthcare. These thefts often involve small quantities taken over time, making them hard to detect until an audit reveals the discrepancies.

Meanwhile, external fraud covers acts by third parties. One common tactic is the ‘fake CEO’ scam, where fraudsters impersonate executives to trick employees into transferring funds or releasing goods to fake warehouses. Payment diversion schemes are also widespread, often involving forged messages with altered payment details. Another issue is buyer fraud, where criminals pose as legitimate business partners or customers to exploit companies.

Marius Schirmer: There can be a mismatch between the kind of fraud people expect and what we actually see when we crunch the numbers on the claims we process. For example, internal fraud caused 69% of fraud-related losses in 2023, even though external threats typically receive more attention.  

Marius: Big events like sports tournaments or the COVID-19 pandemic draw public attention and open up new scenarios and motives for fraudsters to exploit for their own purposes. Yet we have rarely seen a direct link between these events and a spike in fraud cases, presumably because criminal intentions are always present and seek their ways. Still these events do raise awareness of potential fraud threats and present new stories and schemes to be prepared for.

Ernst Atisme: Let’s take the example of a major sports event. The excitement surrounding such a large event could lead an organization’s employees to overlook standard security measures when corresponding with someone who purports to be involved with it. It’s crucial for companies to adopt robust fraud prevention policies during such events.

Vikshay: Deepfakes and AI are becoming more common tools for fraudsters. A deepfake is a fake video, audio clip or image that seems real but was actually created with AI. I’ll give a recent real-life example: a criminal created deepfake video and audio content impersonating an organization’s Chief Financial Officer (CFO) , asking an employee to transfer funds to a certain account. Truly believing they were talking to the CFO, the employee transferred a staggering 25 million dollars. These scams are highly effective because they play on employees’ trust of leadership.

Ernst: Additionally, generative AI, which produces complex content, is revolutionizing fraud. Fraudsters today can use it to industrialize external fraud, launching numerous scams simultaneously. With just one AI system, criminals can target many organizations at once while still getting the right tone for the respective organization, or coming very close.

Ernst: At the moment, in many countries, the economic situation is difficult, with inflation and high energy costs. The corresponding financial instability may increase people’s motivations to commit fraud.

Marius: Internal fraud doesn’t necessarily change much over time because human behavior remains largely constant. Statistically, we haven’t seen an increase in internal fraud linked to global events like the pandemic or inflation. However, the rise in remote work since the pandemic has created new opportunities for internal fraud, as dispersed teams are harder to monitor. Also, the variety we continue to see in motives and proceeding is very high, especially in these internal fraud cases – our claims team has some of the most thrilling stories to tell.

Marius: To prevent fraud, companies need to adopt creative and sophisticated measures. Implementing a whistleblowing policy to allow employees to report suspicious activities, as encouraged by the European Union’s recent whistleblowing directive, is a good start. However, companies must also foster a culture where employees feel safe to report suspicious activities or simply use a direct communication channel to confirm a potential request with the Board of Management. Regular awareness training and addressing individual motivations for fraud are essential steps. Finally, companies must ensure multiple levels of instruction for financial transactions to ensure comprehensive protection. For example, if an employee receives a call from their boss asking them to transfer funds, it’s crucial they verify the request through an additional channel, like an email.

Vikshay: Hiring a Certified Fraud Examiner (CFE) or outsourcing to a fraud prevention agency can be highly effective. All major Fortune 500 companies have recognized CFEs, for good reason. Using modern technology like multi-factor authentication for account access and closed-circuit television (CCTV) can also help prevent fraud. Other best practices include double-checking with superiors on money transfers and cross-referencing transactions.

Ernst: Even with highly trusted employees, companies must remain vigilant to the risk of internal fraud. Employing a risk manager to conduct audits can help identify potential risks and implement necessary measures like training and control systems. These proactive measures are key to preventing internal fraud. Having said this, fraud insurance remains the best way for companies to protect themselves. After all, why take on all the risk when you can entrust it to a specialized partner?

Ernst: Even with preventive measures in place, there is always a risk of fraud – and the resulting financial loss or reputational damage. Adding insurance coverage is indispensable for financial protection.

Vikshay: Fraud insurance is essential for any business that wants to grow. In the UK, where I’m based, nearly two in three companies have been victims of fraud in the last few years.  To ensure comprehensive protection and support business growth, fraud insurance is a must.

Marius: At Allianz Trade, we advise companies to obtain a 360-degree insurance protection against human error and willful illegal acts, in addition to their internal security setup: Fidelity insurance (or fraud insurance) is as vital a safeguard as a D&O insurance and relevant for companies of basically any size.