Let’s define the concept of hard and soft anti-fraud methods. What does it mean? We have a number of technical tools that detect fraud attempts and respond.
The first type of reaction is hard anti-fraud measures where, for example, the user’s app is blocked and he can't continue working. It can occur when the user's own GPS (which transmits fake geolocation data) is working, or, for example, there is no way to save a photo that looks like a picture of another device's screen. On one hand, this hard scenario is good because it is preventive, i.e., the system doesn’t let a person do something wrong. On the other hand, it can be bad because the system can make mistakes. If a neural network is used to analyze a photo or do anything else, there is always a chance of error. What is the cost of a mistake in identifying fraud? If we don't let a person work because he has a bad phone that takes poor quality photos that are classified as fraud, it’s a serious issue.
The second type of response is soft anti-fraud measures. It works like this: a person can continue working, but the system marks that this case, for example, with a photo, looks like fraud and suggests retaking the photo. But it doesn’t block the app; it notes attributes of fraud and saves them for the reports generated for Eyrene's clients. In the report, it may be stated that 90% of a particular employee’s visits were recorded as fraud. The system is able to generate negative personnel ratings according to the fraud attributes. Then the client, as the final authority, decides whether or not the specific case should be marked as fraud or not.
At Eyrene, we had one negative case many years ago. We started one project and 2-3 months later, fraud was detected. The employee was accused of using fake pictures from the store, but in fact, he had an old phone that actually took those pictures. It was an extremely unpleasant situation. Since then we have always kept in mind this negative experience and tried to convince our customers to use a soft anti-fraud option at first. It is better to record suspicious cases and then deal with them on an individual basis. After all, most people work honestly and don’t lie, so it’s better to proceed with the presumption of innocence. This is very important.
If hard methods to fight against fraud are used, then employees who want to cheat the system will use more time-consuming methods. However, personnel who want to work honestly will face difficulties and even unfair accusations. An unfair accusation can have serious blowback, depending on which particular person it happens to. The important thing is not to accuse unreasonably. And when it comes to choosing between banning or allowing something to be completed, with the possibility of further analysis and decision making, the latter should be given preference. We at Eyrene prefer to leave the final decision to the customer. We're a technology provider and not a judge of personnel who cheats. After all, they're not cheating us, they're cheating their employer.
In the Eyrene system, there is a technical possibility to change the threshold for each individual indicator of fraud and use either soft or hard mode. For example, let’s look at the case with GPS; it seems to be obvious that if an employee is far away from the store, he can’t work. But as our experience shows, if there are many stores in the database, there are probably ones with the wrong coordinates, where the latitude and longitude can be easily mixed up. Also, there are places where GPS doesn’t work at all. Therefore, errors may occur at a large scale, so we advise using the soft mode. As we previously mentioned, we give the final decision to our clients. Also, clients can change settings on the fly, switching from hard to soft modes and vice versa, but the question of whether to use a soft or hard mode is a serious one. Most people are conscientious, and anti-fraud methods are not ideal and can be wrong. That's why we recommend soft mechanics in general.
The second issue we want to talk about is even more slippery but needs attention as well. It is how a corporate culture deals with fraud. We often see that companies that are similar in scale and business processes and identical in geography have very different levels of fraud. We even have an example of one company where different subdivisions have very different levels of fraud. It can happen that one part of the team has a low level of fraud and the other has a high level. That's why we think that corporate culture plays an important role.
It's important to take into account that field personnel rotates fairly quickly. This is the reality of most clients. These people don’t get paid a lot, and the work is hard. Companies rarely invest in training such personnel. Therefore, such employees very quickly start doing things the way they've done in the company. If it’s okay to cheat on a computer, everybody does it. Many times, we have seen groups on WhatsApp on a national scale, where participants discuss possible ways to cheat a company. Some people are very inventive in creating ways to cheat. In such groups, there are even professional IT specialists.
In general, the main role in the spread of fraud is played by the tolerance of fraud at higher levels of the hierarchy. In large companies, the hierarchy is quite strong. If there is tolerance for fraud or someone's desire to tweak something to make a profit at intermediate levels of the hierarchy, then of course the end-users, who are field employees, will also be engaged in fraudulent activities. We see it in the numbers of fraud indicators and the percentage of fraud.
What conclusions can be drawn from all this? If a company has a tolerance for fraud, or people prefer to ignore individual or permanent cases at any level of the hierarchy, then individual cases quickly become systematic and fraud just increases. No technical measures can help here, simply because that's how it's done. Moreover, not only are field personnel interested in high results, but also the departments, supervisors, etc., and fraud can occur there as well. If different levels are tolerant of fraud or do it themselves, then fraud will be widespread for sure at the lower level. Again, we believe that the existence or lack of fraud is a huge issue in the corporate culture.
We think that there are a number of attributes that define customers who have low levels of fraud and those who have high levels. First, these companies have zero tolerance for fraud at the level of the company values and at all levels of the hierarchy. There is a little fraud in the companies where it is not ignored, where people understand that it is unacceptable. The values of the company are clear. Secondly, the most successful cases are those where it is legally stated that falsification of data is unacceptable and is subject to disciplinary action and fines, up to and including termination of employment. Thirdly, detecting and reporting fraud is systematic work, and there should be employees responsible for decisions on controversial cases. And then it must be implemented in practice. Fraud is not where people are caught, but where people are not used to it.
Is it possible to completely defeat fraud? A person will always find a way to cheat a computer, especially when there is a strong motive to do so and the risk of getting caught does not outweigh the benefit a person gets. It is possible to make fraud technically more time-consuming. We want the effort of cheating to be harder than doing quality work. In general, much depends on the company culture, whether it is tolerant of fraud or not.