The more you automate your critical business processes, the more vigilant you need to be about protecting against fraud

Reader ROI

• Why automating your business processes actually increases the likelihood of fraud
• How the move toward processing bank cheques digitally leaves online customers vulnerable
• What you can do to protect your business from theft by insiders and organized crime

Frank Abagnale has a messae for CIOs who think automation will save loads of money and protect their companies from fraud. Abagnale, the muse for the movie Catch Me If You Can, is the notorious con man who kept the FBI at bay for decades while he embezzled millions of dollars out of unsuspecting individuals. His message: Automation - business processes run automatically without human intervention - could actually make fraud easier and cost more in the long run.

"What I did 40 years ago as a teenager is 2000 times easier to do today," Abagnale says now. "Every day, criminals are realizing that crime is getting easier than the day before because corporations are going digital."

Why trust a former fraudster, you might ask? Because he and other fraud experts can prevent you from being defrauded by criminals who attack corporate networks for information that they can harness to steal on a large scale. And indeed, Abagnale is among a growing army of consultants who are working with CIOs at some of the US's largest banks to fight what many believe will be a surge in cheque fraud, already at $US19 billion a year, as banks move from processing paper cheques to transporting digital cheque images to other banks and customers.

And a key enabler of this rise in fraud - at least in the US - is the Check Clearing for the 21st Century Act (Check 21), a federal law that allows for the creation and processing of digital cheque images and substitute cheques. Check 21 is one of the more significant business process automation transformations in the private sector. It is expected to save the banking industry $US2 billion to $US3 billion a year in labour and transportation costs, which include flying 42 billion cheques around the country every year. Yet Check 21 also creates a higher risk of fraud and abuse. As banks make digital images of cheques available to customers online, criminals can more easily gain access to the information they need to create counterfeit cheques. All they have to do is obtain a customer's user name and password.

"While this law does not apply to Australian banks, many are moving towards online handling of cheque processing." says John Billington, managing partner of financial services Unisys Australia and New Zealand. "Once implemented, banks here will face the same increased risk and therefore need to undertake a similar approach to security." Unisys, which processes half the world's cheques, has conducted image exchange assessment sessions at several top 10 US financial institutions and has identified more than 100 bank business processes potentially affected by the new Check 21 regulations and image exchange.

Fraud is affecting not only the financial industry but other industries as well. Health- care, transportation, utilities, retail, government, entertainment and others are all vulnerable. Indeed, any business that operates a network to process payroll, employee personnel information, contracting or financial reporting could be a victim of fraud. And if you don't think it will happen to you, think again, warns Toby Bishop, president and CEO of the Association of Certified Fraud Examiners (ACFE). "This is only going to get worse," Bishop warns. "Pretty soon we will have war rooms with technologists working 24/7 fighting fraud."

The bad news is that completely eliminating fraud from business is impossible, experts say. The good news is that CIOs can minimize the potential for losses by developing antifraud strategies in the initial design phase of an automation project, and continuing to make it a high priority throughout daily operations. But this requires a revolutionary shift in thinking and culture for many organizations. That's because too many CIOs, including most of the executives we interviewed, don't consider fraud prevention a high priority. They tend to be much more focused on the ROI of business automation and the improved service to customers rather than the vulnerabilities a new electronic process creates.

As IT automation becomes more critical to corporate revenue, an entirely new mind-set is necessary. Mark Tizzard, vice president of strategic integration for Wachovia Bank, admits as much. "Sometimes you roll out programs and see what happens," Tizzard says. "But this is different. People need to be prepared."