This has become a common question aimed in my direction over the last couple of decades from family, friends, customers, banks, processors, merchants, clients, trade bodies, regulators, law enforcement, and the media as each has sought to determine whether a certain action, engagement, or experience would constitute a criminal offence. Many are expecting a binary yes/no answer but often the answer, unless the circumstances are blatantly obvious, is a generally unsatisfactory “it depends”.
So why is it so difficult to confirm what is and is not fraud, and what exactly is it?
Fraud is one of the most commonly experienced offences across the globe, but its definition is shrouded in subtle differences meaning that in some jurisdictions a case may be considered fraud where the victim has suffered harm or loss as a civil wrongdoing or tort, whilst in other instances the case may be considered a criminal offence (bank and insurance related frauds most typically fall into the latter category).
Confusing, isn’t it?
There is then the added complexity of the fact that there are many different kinds of fraud: some related to who the perpetrator actually is; and others related to the type of offence committed.
And finally, there is the challenge of needing to prove whether something is fraud by means of establishing a clear intent on the part of the perpetrator. Mens rea as it is known in legal circles, representing planning or forethought.
If it sounds like a bit of a headache for anyone trying to deal with countering fraud, you would be right.
Let me try to break this all down a little, though, in the hopes that it will provide greater clarity, and perhaps even a better understanding of why most anti-fraud practitioners, myself included, can struggle to give you a definitive answer without greater consideration of the underlying facts and evidence.
Where a distinction applies in certain jurisdictions, the general differential between fraud as a civil wrongdoing and a criminal offence is whether the act of misrepresentation experienced is one where the victim is seeking personal redress for a loss actually incurred (civil), or where penalty and redress for the misrepresentation is being publicly pursued by prosecutors irrespective of losses actually incurred by individuals (criminal).
Most of us think of fraud as being something which someone else (a third party) inflicts on an unwitting victim, and this is certainly the case used in common parlance. However, there are several other, arguably more insidious, perpetrators, some of which (in value terms) are even more pervasive:
- there are those who are using their own credentials nefariously (a first party), or
- where they have created a wholly or partly fictitious credential series (synthetic identity fraud, where there is no actual consumer victim, and therefore also a type of “first party”); plus
- there are those who have colluded with a known perpetrator, often a family or friend (a second party); and
- there are those who are abusing a position of trust with their own organisation or a client/supplier with whom they are associated and have authority (insider fraud) who have specific bad faith or malintent in the actions they take in order to gain unfair or unlawful advantage.
There are also numerous flavours of fraud; but at its heart fraud constitutes a misrepresentation or deception intended to mislead others in order to effect financial or other gain from those who come to mistakenly rely on the representation.
Some of the most common types of fraud are:
- Counterfeit: This is where materials are falsified for the purposes of being used or traded with a view to obtaining money or advantage. Think about those ultra-cheap, and often poor quality, “designer goods” bought from a market stall; or about the falsification of identity or payment documents in order to gain access to goods or services or to effect a purchase for which the perpetrator is not entitled.
- Identity Fraud: Often, technically wrongly, referenced as “identity theft” (because in true theft a victim will be forcibly and knowingly removed of property), this is where a perpetrator acquires sufficient credentials about a true consumer to be able to pass themselves off as that person in order to gain money or advantage in that person’s name. This could include applying for financial instruments or other facilities using the victim’s credentials.
- Scam: This is a generic term for a variety of deceptive schemes where the perpetrator seeks to gain trust from or money out of the victim through a series of misrepresentations. Some of the more common schemes are: health, holiday, investment, ticketing, romance, pension, courier/delivery, advance fee or money transfer, authority, discount goods, invoice or mandate, insurance, maintenance, charity, etc. The basic rule of thumb is that if it looks too good to be true, or just “feels wrong”, it probably is!
- Account Takeover: This is where a perpetrator gains access to a consumer’s pre-existing personal (usually financial but could also be e-mail, social media, or any account where misrepresentation may lead to misrepresentation or wrongful gain) facilities in order to impersonate the victim and gain advantage by falsely using the account for their own purposes. This could arise where a perpetrator has intercepted or acquired financial instruments or authentication tokens by nefarious means.
- Social Engineering: These are instances where a perpetrator will manipulate and dupe a victim, often through the use of a confidence trick, into performing actions or disclosing confidential information in order to facilitate a fraudulent or deceptive scheme. This could include clicking on links or downloading applications which are laden with malware, leading to data breaches or facilitating unauthorised entry into systems; or involve the movement of funds by deception. These attacks are most often facilitated through e-mail (phishing), telephone (vishing), text messages (smishing) or social media networks (snishing).
- Concealment: This is the intentional withholding of facts or a failure to reveal salient information which has the effect of providing the perpetrator with direct or indirect unfair advantage, or misleads another party to their detriment. This can include things like mortgage or property fraud, false accounting and tax fraud, etc.
The above is in no way intended as an exhaustive list, and indeed the various types of fraud can be nuanced to include hundreds of subtly different fraud attack vectors, but these are some of the distinct kinds of fraud which will occur most frequently and the ones which we all – as aspiring savvy consumers – need to be aware of.
Fraud can be a civil or a criminal offence, or both; and it can be performed by all sorts of bad actors including the consumer themselves (with active bad faith), their friends of family (through collusion); a third party; or a trusted acquaintance or colleague at a business (insider); plus it exhibits itself in a whole variety of ways in terms of potential attack vectors….. Phew!
And so we come to the last element in the search for what can be considered fraud, and this is the need to prove malintent.
The challenge is in establishing what was in the perpetrator’s planning when the (potential fraud) incident occurred, and sometimes that is fiendishly difficult to determine definitively.
There is no Minority Report insight that can anticipate what a potential perpetrator was truly thinking or planning prior to or at the point of an incident, and unless the circumstances are abundantly clear, a fraudster when challenged may excuse their apparent misrepresentation as an innocent mistake or an unfortunate misunderstanding.
But surely, I hear you ask, if someone has made money or otherwise gained advantage from a victim because of what they purported then they are “bang to rights”!?
Well, not necessarily.
I remember, years ago, a case of someone advertising in the quality, broadsheet media in the UK and offering for sale a fully authorised colour print of the Queen, mounted and framed, and packaged and delivered to customers for £10. Thousands subscribed and received back an unused 1 penny stamp with monarch’s image on it, placed in a simple cardboard frame. The perpetrator argued that there was no actual misrepresentation in what had been offered (as ridiculous as it seems, he had a point!) and that the framing and packaging activity, which was all performed by hand, plus the associated postage for delivery meant that a £10 fee was not blatant profiteering and not meant to mislead.
The above is a highly exceptional case, and the reality these days is that the litmus test of what a “reasonable person” may construe a representation to mean would take centre stage in helping to determine what is fraud. But it highlights the need for all of us to be wary of inexact or generic or outlandish claims and to remember that rule of thumb I mentioned earlier…
If it looks too good to be true, it probably is.
GDS Link is expertly placed to assist those that need help with sorting the wheat of authentic activity from the chaff of fraudulent misrepresentation, whether at on-boarding (application) stage or through a consumer’s (transactional) lifecycle.
To learn more on how your organisation can implement these best practices with a seamless, customisable solution, click the link below to book a free demo.
This blog post was written by Brian Kinch, GDS Link’s Managing Director of Fraud Solutions.