Fraud management teams need to work with a variety of departments within an organization to prevent fraud. People are a key part of this strategy, in addition to technology tools. That’s why the function that deals with people issues — human resources (HR) — is a key partner in the anti-fraud effort.
Partner: Human Resources
Main responsibilities: The HR department is responsible for managing virtually all issues and processes related to personnel within an organization.
This group oversees many aspects of employment — before, during and after an individual’s time at a company. These include recruitment and hiring, training and career development, administration of employee payroll and benefits, employee relations, compliance with labor laws and employment standards, performance evaluation and management, health and safety, and maintaining employee records.
Whom you should be working with: Fraud leaders need to collaborate with the executives who oversee HR operations and systems, people who hold titles such as:
- Chief HR officer (CHRO)
- Chief human capital officer
- Chief people officer
- Vice president of HR
- Vice president of strategy and culture
- Director of employee engagement
- Director of talent and organizational development
How fraud can impact this function: HR departments, staffers and systems are increasingly the targets of fraud, including business email compromise. Incidents can take the form of payroll fraud, recruitment scams, corporate espionage, expense reimbursement fraud, workers’ compensation fraud and health insurance fraud.
One increasingly common form of fraud is a request to change employee information via a business email compromise involving sophisticated phishing attacks. This allows scammers to gain access to and steal salary data and other personally identifiable information of employees. Such scams can cost companies millions of dollars.
Because HR deals with sensitive information, it is often the target of such attacks. If fraudsters gain access to HR accounts, they can seize information on virtually every employee in the organization. This includes highly paid executives who could end up as targets of phishing attacks or, worse, high-profile ransomware scams, which compromise data, extort funds and create a public relations crisis.
Solutions to consider: Fraud and risk management executives can work with HR departments in a number of ways to help reduce or eliminate fraud or to minimize its impact. Here are some best practices:
- Leverage tools such as Email Risk Score to confirm user identity and reduce fraud losses related to HR.
- Tap into a global intelligence network that provides instant access to fraud signals associated with more than 40 million unique email addresses connected to IP addresses, domain names, phone numbers and more.
- Track fraud directed at HR in all its forms, both successful and prevented attempts, to measure the full scope of risk and to respond accordingly.
- Deploy a multilayered approach to fraud that addresses both identity authentication and transaction verification.
- Train staffers to spot potential fraud via email and to take necessary steps to address these incidents.
- Bring in outside expertise with deep data and analytics resources to help identity HR-related fraud.