A couple of Sunday’s ago, we were paid a visit at home by a police officer. Fortunately, I kept my (rather unique) sense of humour in check by not saying “I didn’t do it” when I opened the door – perhaps just as well as police officers do not always respond positively to such witticisms.
Anyway, it transpired he was looking for one of our neighbour’s houses (I always thought the public asked the police for directions, not the other way round), so we told him where he needed to go and sent him on his way. However, what struck me by this particular individual was his youthful looks – I was then reminded of the well-known line “you know you’re getting older when the police start to look younger”!
This reminded me of another incident from a few months ago, where I was out for dinner in New York with some of my UK and US colleagues, all of whom were of similar vintage to me. We were having a rather spirited discussion about younger people spending so much time staring at their phones while they are out with friends, rather than engaging each other in, shock horror, conversation. We realised that we had been perhaps a little too loud in our debate when the table of three women next to us put their phones away, muttering something about the content of our conversation!
This increasing use of smartphones as a means of communication, via an app rather than the more conventional use of a phone to speak to people, is something that many in the media have commented on in the last few years. This trend, which is increasingly considered a generational thing, is a factor that needs to be taken into account in the fight against fraud.
One of the more common frauds of late is “fake president” or business email compromise. In this type of fraud, someone in the finance department will receive an email that spoofs the CEO or CFO’s email address, requesting that the individual make a payment to a certain supplier, the payment itself being of an urgent nature. As we are all eager to please, the employee doesn’t challenge the request, makes the payment and then later realises that they have been the victim of fraud.
A variant to this is where the fraudster spoofs a supplier email account, advising the accounts payable team that the supplier bank account has changed. Accounts payable amend their records, making all future payments to the “new” account, only realising that they have been the victim of fraud when the supplier makes contact to find out why their invoices have not been paid.
In both of these scenarios, a simple phone call to the CEO/CFO/supplier to verify the legitimacy or otherwise of the emails received should ensure that the payments are not made and the fraudsters do not benefit. However, in an environment where fewer people are using phones for conversation, there is an increasing risk that this call is not made.
I therefore read with interest the results of Bottomline Technologies annual treasury fraud and controls survey. The number one finding of the survey indicates that corporate confidence in security controls has grown, even though companies believe that the fraud threat is increasing.
This increased confidence could lead to complacency if companies are not careful. It is pleasing to see that nearly two-thirds of respondents to the survey provide annual security training to staff. The survey also indicates that companies are increasingly aware that humans are the weakest link in the security chain, such that the level and sophistication of this security training is in need of further enhancement.
Any improvement in security training to address the fraud threat has to be welcomed. However, this training has to respond to the generational differences that now exist. While forty-somethings may pick up the phone to challenge the type of email request highlighted above, would a millennial do the same thing, given that they don’t even pick up the phone to speak to their friends?
While so much of modern life has changed, certain things from my youth still have a place in modern life. In the 1990’s, BT (the UK telecoms company) ran a series of advertising campaigns, fronted by the late Bob Hoskins, that used the tagline “it’s good to talk”. It seems to me to be an obvious line to use in this enhanced security training – the simple art of conversation with the CEO/CFO/supplier can prevent a significant fraud loss from occurring.
Given the above, it is good to know that even though I am getting older, my own life experiences mean I am not an irrelevance. Yet….