Turning the tide against fraud

Fraudsters are evolving, and so must our defences. In today's changing business environment, it's essential for Canadian organizations across all sectors, large and small, to enhance their fraud prevention strategies, particularly as technology like generative artificial intelligence (generative AI), and other key factors outlined below transform the fraud risk landscape.

To stay ahead, organizations must understand their risk exposures, both internal and external, and equip themselves with the right tools, skills, and partnerships to navigate the evolving risk landscape.

Read ahead for a view into pressing fraud risks and actions organizations can take to better secure their business.

Fraud, by definition, is the act of deceiving for financial or personal gain. It can be carried out externally by threat actors across the globe or internally via your own employees seeking to take advantage of their access. Moreover, in today’s age of digital currencies, virtual communications and generative AI, the act of fraud itself can take increasingly deceptive forms.

Consider crypto fraud, for example, where digital con artists are wooing unsuspecting victims into bogus investments (e.g., Romance Scams, rug pulls, pig butchering, etc.). In 2023 alone, US$24.2 billion of funds were received by illicit cryptocurrency actors*. These attacks leave victims with little or no recourse to recover their losses.

The days of cheque fraud may be fading as fewer consumers use cheques. Nevertheless, online payment frauds (e.g., account takeovers, data theft, chargeback fraud, etc.), social engineering attacks (e.g., phishing, whaling, elder fraud, honey traps), “man-in-the-middle” attacks (e.g., stealing personal and financial data), and other more sophisticated scams are filling the void.

Environmental, Social and Governance (ESG) fraud is another key area of concern. It occurs when an organization misrepresents its ESG activities and outcomes to satisfy various stakeholders, including investors, customers, partners and regulators (this is sometimes labelled as "greenwashing"). An example of ESG fraud is misrepresenting greenhouse gas emissions. These types of misrepresentations can lead to severe reputational and financial damage. Other types of fraud fall under the ESG umbrella, such as bribery and corruption, money laundering, and other unethical activities.

The mounting pressure on businesses to meet stakeholder expectations and regulatory requirements can inadvertently lead to ESG fraud if not properly managed. Naturally, this can have a damaging effect, eroding trust among customers, industry partners, regulators, and the broader public.

With the advent of new regulations like Canada's Fighting Against Forced and Child Labour in Supply Chains Act, it's essential for organizations to accurately gauge risks in their operations, such as sourcing from conflict areas and implement rigorous anti-fraud program and internal controls. These measures ensure reliable ESG disclosures and reporting and can help to mitigate other types of ESG fraud.

We cannot discuss the fraud landscape without addressing AI and its dualistic role in this space. On one side, AI – and now generative AI, is equipping fraudsters with profound new abilities to circumvent traditional security controls and trick their way into an organization's inner workings. Headlines about fraudsters using deepfake audio or video to "trick" organizations into transferring money or enabling access to vital data and systems are becoming more frequent. At the same time, AI is being used to take age-old scams (e.g., phishing, identity theft, etc.) to new levels.

On the other hand, AI is fast becoming a staple of fraud prevention. Many large institutions have already been using AI to automate their threat detection, provide real-time alerts, and reduce the time and resources spent on manual monitoring. In fact, 67% of Canadian SMB leaders whose organizations have experienced fraud indicate they're using AI and/or Machine Learning in their anti-fraud defences, demonstrating the growing reliance on these technologies. Partnering with trusted vendors and emerging technology specialists is key to helping to ensure AI models are well-tuned, trustworthy, and aligned with the organization’s security objectives.

Accurately verifying and managing digital identities is key to combating many forms of modern fraud. And yet, this is easier said than done because many SMBs lack the resources, specialized skills, and customer identity and access management (CIAM) tools to keep fraudsters at bay, increasing risk for identity theft and account takeover attacks. Larger organizations with these resources might be better equipped but challenged to scale their identity-proofing processes and technologies effectively. 

Establishing effective CIAM and identity proofing can be daunting, especially as fraudulent actors can come from inside or outside an organization's walls. Fortunately, organizations have access to supports, technologies, and specialists throughout their community who can help in establishing bespoke CIAM solutions, assessing and enhancing data security management, and embedding extra layers of security (e.g., multi-factor authentication or MFA) to fill their security gaps.

The Canadian fraud scene may be shifting but organizations can take definitive measures to navigate it effectively. At the core of these efforts should be the continuous education of employees, customers, and other stakeholders, with the aim of creating (and sustaining) a culture of security.

Beyond this, there are a few other significant steps to consider when developing strong anti-fraud programs, including:

As technology advances, fraudulent scams will persistently evolve and become more intricate. KPMG specialists are ready to assist in managing risks and setting up controls to help organizations thrive and be trusted by their stakeholders.

Our teams consist of specialists in forensic accounting, investigations, generative AI, cybersecurity, law, CIAM, identity access management, compliance, and other related disciplines. Together, we are committed giving organizations the insights, technology, and strategies needed to stay one step ahead of internal and external fraud risks.

This article was produced with the valuable input of:

Marylin Abate, Partner, Forensic & Financial Crimes risk services
Kunal Bhasin, Partner & Co-Lead, Cryptoassets & Blockchain CoE
Enzo Carlucci, National Service Line Leader, Forensic
Conor Chell, Partner, ESG Legal services, KPMG Law

Amrit Dev, Senior Manager, Forensic risk services
Nisal Samarakkody, Partner, Cybersecurity services
Becky Seidler, Partner, Forensic & Dispute Advisory Services
Serena Tejani, Partner, Customer Identity Access Management services