Thai citizens who have tried to download a COVID-19 contact tracing app found that, in some cases, hackers were trying to lure them to fake versions of the app launched by the government last week. Thailand moved immediately to warn citizens of the cyber-crime, but more broadly observers are not optimistic that cyber and other economic fraud is on the decline.
Of companies surveyed in Thailand 33% reported having experienced economic crime and fraud, compared with 48% in 2018, according to the survey released by PwC, a business consulting firm, last week. However, pollsters do not see that as the good news it might appear to be. More likely there is still fraud but less of it is being reported, argues Shin Honma, a partner for forensic services at PwC Thailand.
“We believe that when reported incidences in Thailand are higher, as they were in 2018, this indicates that companies are investing more in fraud detection programs, specialized staff and technology needed to detect crime,” he said. “When reported incidences fall, like they did this year, this could mean fraudsters are winning the war, evolving their methods and using new technologies to breach defenses undetected.”
That analysis leads to the counterintuitive idea that as firms get safer, there should be more crime recorded.
Skeptics like UK security official Ian Levy have said cyber security firms in general exaggerate threats and sell services to combat them.
In Thailand firms appear vulnerable to crime because, among those that have programs to fight fraud, less than 10% follow best practices, PwC said.
COVID-19 further complicates the situation. As the pandemic led to Thailand’s economy shrinking 2% in the first quarter of 2020, less corporate income means firms will have less money to invest in services like fraud detection.
Cost is already a factor. Three in five Thai firms that did not upgrade their technology to fight fraud cited cost as the reason, according to the PwC survey report.
“The number of respondents that struggled to see how technology could help them fight crime was surprising,” the report said. “No single tool or technology will replace a comprehensive anti-fraud program, so technology is no magic solution, but there is no doubt it has an important role to play if the basics are already in place.”
Some ways firms can deal with fraud are to have a tip line for whistleblowers, conduct internal and external audits, do a risk assessment, respond quickly to signs of a crime, and apply technology when appropriate, such as using communications monitoring software that would alert managers to suspicious content.
Economic crime covered in the survey included asset misappropriation, cyber crime, bribery, corruption, procurement fraud and customer fraud. Of those, asset misappropriation was the most common crime reported.
“Our experience suggests this could be because fraud schemes involving theft of assets are evolving and becoming more complicated and difficult to detect,” the survey report said, “with internal staff colluding with suppliers or vendors to hide their tracks under multiple layers of fraud.”
PwC said its advice is based on consulting it has done for firms on misappropriation, cyber crime, kickbacks, bribery, money laundering, financial statement fraud and other crimes.