Technology fraudsters slipping through the net

Chris Budge deals with a wide range of devices in his searches for wrongdoing. Picture / Mark Mitchell

While police crime statistics show a decrease in fraud, technology-based theft in the workplace is becoming easier and potential losses are growing, says forensic IT expert Chris Budge, of PricewaterhouseCoopers.

"I don't think fraud has necessarily increased because of electronic transactions, but the ease of the activity has and the dollar amounts involved are rising. An employee sitting at a computer can access a company's finances much easier now."

Worryingly, he believes many offenders will ultimately get away with technology-based fraud in the workplace.

"The bottom line is that if you have a confirmed fraudster with a premeditated plan who understands the system they may never get picked up."

Generally if they are picked up it is in an external audit, when someone comes in and looks at the situation with no preconceived idea of trust, he says.

The other way workplace fraud is usually detected is when the offender gives themselves away by getting greedy and reckless.

Budge's experience conducting investigations within the armed forces has proved valuable during his six years in forensic IT work.

His 20-year military career included stints as media spokesman during Army deployments in global troublespots such as Somalia and he also served with the Military Police.

Between leaving the Army and joining PWC in February, he worked in computer forensics with Maarten Kleintjes at the Police E-crime Lab.

At PWC he employs police E-crime methodology in his work for the company's investigations and forensic services department. Clients include the Serious Fraud Office, the Securities and Commerce commissions and law enforcement agencies.

Much of Budge's work is making forensic copies of data - "sucking out the evidence from essentially any device that can electronically store data" - for use in a criminal investigation, liquidation or receivership work "or whatever".

He says New Zealanders' love of new products and gadgets means the range of devices he deals with is wide and includes PDAs, iPods, hard drives in photocopiers, memory sticks in cameras and even phone Sim cards as well as desktop and laptop PCs.

Apart from fraud, Budge also investigates inappropriate staff activity.

This is more than just downloading pornography and has included abusive emails and employees accessing company data they are not entitled to see, such as their colleagues' pay details.

Budge estimates that more than half of the thefts or inappropriate activity he has uncovered during his career - where law enforcement was not involved from the beginning - did not reach criminal court.

It is more common for employers to take internal action.

Often that is not always straightforward as difficulties can emerge, especially in cases where employment contracts do not provide for action to be taken over technology-based matters.

For that reason Budge recommends employers have contracts checked by an employment law specialist periodically to ensure problems that emerge can be dealt with.

Meanwhile, he says there appears to be a general reluctance among employers to take preventative measures.

"If you try to market something pro-active, nearly everybody will say no.

"They don't want to spend money on something that isn't yet a problem.

"One client said they didn't want to move the rock because they didn't want to see what was under it."

However, the risks of not doing anything are considerable and often underestimated. The lawyers' fees, the process of dealing with issues, the downtime.

But there are some relatively inexpensive and effective steps employers can take such as background checks on employees. "Never underestimate the deterrence factor."