Maite Muñiz
Co-Founder
Truora
/
Startup Contributor

The Fight Against Fraud within the Corporate Ecosystem of Latam

By Maite Muñiz | Fri, 12/11/2020 - 09:00

When talking about corporate fraud in Latin America, it should be mentioned that the accelerated digital transformation of organizations plays a fundamental role. The greater the distance between the actors of a company and the accessing and downloading of information in the cloud increases, the less the power of control over the employees who manipulate the company's data.

Social distancing exposed many companies in this region to trouble when they recognized the imperative to do recruitment, onboarding, sales, compliance and even IT work from a personal computer at home. However, and perhaps due to the lack of specialized professionals in the field, preventing corporate fraud seemed to have lost relevance. That was when attacks such as Email Business Compromise began to rise in alarming numbers.

Although the situation is not new, it is clear that the impact of this new normal has been negative for the security of companies. In fact, a study launched by the consultancy BTR in October of this year reported that just in the first half, 130 new forms of scams were detected in Latin America and the Caribbean.
In the case of Mexico, the e-commerce industry alone reported an increase of 40 percent in attacks coming from consumers as of August. That is a difference of 15 percent if we compare it with the same period last year. 

WHAT ARE THE MOST COMMON ATTACKS?

Without a doubt, the most-reported attack is phishing, in which fraudsters pretend to be someone else to get the victim’s personal information. For example, an attacker might pretend to be a health authority and contact the victim through an email containing malicious attachments or links purporting to be information about the virus. When the link is clicked, it infects the victim’s computer and exposes personal information, such as credit card details.

Identity theft and account takeovers occupy second place in terms attacks. These happen when, with the help of techniques such as social engineering, fraudsters obtain the access credentials to the accounts of a certain official with authorization to handle the data of a company.

During social distancing, and from my position as product manager in a company that fights fraud on a daily basis, I have seen that companies are much more vulnerable than previously thought. They have shown that it is urgent to focus more resources on prevention tools and protocols that allow the employees to continue to have secure operations even when working at home. 
The recommendation that I always give to my clients is to educate employees; human error or simple carelessness are related to 95 percent of the security breaches that I encounter daily, so it is essential to know the tactics used and be suspicious of everything that comes to us, especially when it seems "too strange to be true."

Improving corporate fraud prevention practices is a joint task between the officials of a company and experts in the field who will carry out an in-depth analysis of the operation of the company to help make decisions based on the specific needs demanded by the sector.

WHAT TECHNOLOGIES CAN HELP?

Preventing the greatest number of threats is the best tool, and this starts from the moment candidates are recruited, to the training of all areas of the company and the creation of an expert team dedicated exclusively to prevention and counterattacking.

In the case of financial entities, marketplaces, recruitment agencies, banks, governmental and nonprofit entities, doing background checks of their stakeholders will indicate if there is a history of behavioral habits that will prevent them from interacting with suspicious agents.

Finally, another option is the creation of machine learning models, which will determine, for example, an anomaly in an email, thus preventing the entry of any type of malware that can even lead to the loss of data trusted by clients. If this happens, it would imply legal and economic consequences for the company due to the data protection laws in force in countries such as Mexico, Colombia and Argentina.

Photo by:   Maite Muñiz
Tags: