Professional Documents
Culture Documents
1, January/February 2012
A P UB L I CAT I ON OF T HE AS S OCI AT I ON OF CE R T I F I E D F R AUD E X AMI NE R S
THE
Tell-Tale Signs
of
Deception
PLUS Fraud in Houses of Worship, PG. 18 Collegiate Athletics Fraud, PG. 24 Overachieving Fraud, PG. 36 Data Breaches, Part 3, PG. 40
If Every Employee and Supplier
Displayed Model Behavior
ACFE 2010. All Rights Reserved
In a perfect business world, every employee and third-party supplier would display model business behavior, and there
would be little need for anti-fraud programs. But, in the real business world, occupational fraud and abuse are prevalent.
So, businesses must implement anti-fraud programs to protect themselves from financial, legal and reputational harm.
Tips are the leading source of fraud detection and fraud hotlines are a leading source of tips. So, turn to EthicsLine
,
the official hotline of the ACFE.
The EthicsLine package includes:
Hotline (telephone, web, mobile) for report intake
Case Management (web and mobile) for online
investigation management
Analytics for tracking and trending
Communications Campaign Materials to communicate
when and how to report observed business misconduct
EthicsLine is now powered by Global Compliance
888-782-4769 info@ethicsline.com www.EthicsLine.com
* 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Where a fraud hotline was in
place, the average duration of
a fraud scheme was reduced by
7 months, and the median loss
was reduced by 59%.*
1
JANUARY/FEBRUARY 2012 | VOLUME 27 | NO. 1
30
The 10 Tell-Tale Signs of Deception
The Words Reveal
By Paul M. Clikeman, Ph.D., CFE
Suspects and witnesses often reveal more than they
intend through their choices of words. Here are ways
to detect possible deception in written and oral
statements.
COVER STORY
FEATURED ARTICLES
Fraud in Houses of Worship
What Believers Do Not Want to Believe
By Robert M. Cornell, Ph.D., CMA, Educator
Associate; Carol B. Johnson, Ph.D., Educator
Associate; and Janelle Rogers Hutchinson
Houses of worship are particularly vulnerable to fraud,
but most feel they are impervious. The authors provide
reasons why churches feel so bulletproof and seven
practical steps fraud examiners can use to help
churches stop fraud in its tracks.
Fraud in Collegiate Athletics
When Major League Money
Meets Lit tle League Controls
By Herbert W. Snyder, Ph.D., CFE; and
David OBryan, Ph.D., CFE, CPA, CMA
A major, multimillion sports ticket fraud at the
University of Kansas highlights how CFEs can help
convince administrators and boards to reassert control
over their athletics departments. The answer could be
independent oversight.
18
24
2 Fraud-Magazine.com
Overachieving Fraud Wolves
in Sheeps Clothing
Targeting Top-Performing Employees
Gaming the Bonus System
By Jeffrey Horner, CFE, CRCMP
Follow this CFE consultant as he uncovers top collection
reps at a business call center who inated their
performances for more money and job advancement.
Breaking Breach Secrecy, Part 3
Analysis Shows Entities Lack
Strong Data Protection Programs
By Robert E. Holtfreter, Ph.D., CFE, CICA; and
Adrian Harrington
The authors analysis of data-breach statistics shows
that organizations poorly protect personal data. Pos-
sible solution: U.S. federal rules for guidance in devel-
oping comprehensive data protection programs.
36
40
COLUMNS & DEPARTMENTS
4 From the President & CEO
Supporting Our International Chapters
By James D. Ratley, CFE
6 Digital Fingerprints
Anything You Say Can and
Will be Used Against You!
By Jean-Franois Legault
8 Frauds Finer Points
Using an Organizations Credit
to Commit Fraud, Part 1
By Joseph R. Dervaes, CFE, ACFE Fellow, CIA
12 Fraud EDge
Get Involved in Higher Education:
Opportunities for CFEs in Educating
Future Fraud Fighters
By Gerhard Barone, Ph.D.; Sara Melendy, Ph.D.,
CFE, CPA; and Gary Weber, Ph.D. Edited by Richard
Dick A. Riley, Ph.D., CFE, CPA
16 FraudBasics
Check 21 Can Make Fraud Easier:
Be Alert to Changes in Technology
By Linda Lee Larson, DBA, CFE, CPA, CISA
52 Case in Point
He Milked it For All it Was Worth:
A Dairy Farm Bankruptcy Fraud
By Roger W. Stone, CFE
56 Taking Back the ID
Fraudsters Claiming Victims Via
Payday Loan and LinkedIn Scams
By Robert E. Holtfreter, Ph.D., CFE, CICA
58 Global Fraud Focus
Chinese Stock Investment Fraud?
Separating Fact from Fiction
By Tim Harvey, CFE, JP; and Richard Hurley, Ph.D.,
J.D., CFE, CPA
60 Meet the Staff
Improving Members Lives
By Cora Bullock; Photo by Christi Thornton-
Hranicky, CFE
62 ACFE News
70 CPE Quiz
Earn CPE Toward Renewing Your CFE Credential.
January/February 2012 3
EDITORIAL ADVISORY COMMITTEE
Jonathan E. Turner, CFE, CII, chair; Larry Adams,
CFE, CPA, CIA, CISA, CQA, CSP, CCP; Emmanuel
A. Appiah, MBA, CPA, CFE; Richard Brody, Ph.D.,
CFE, CPA; Jean-Pierre Bruderer, Ph.D., CFE; Jeimy
J. Cano, Ph.D., CFE, CAS; Linda Chase, CPA, CFE;
Franklin Davenport, CFE; David J. Clements, CFE;
Craig Ehlen, Ph.D., CFE, CPA; Ellen Fischer, CFE,
CIA; Peter D. Goldmann; Allan F. Greggo, CFE, CPP;
Robert Holtfreter, Ph.D., CFE; Peter Hughes, Ph.D.,
MBA, CFE, CIA, CPA; Cheryl Hyder, CFE, CPA,
CVA; Robert Kardell, CFE, CPA; Thomas Cheney
Lawson, CFE, CIA; Philip C. Levi, CFE, CPA, FCA;
Larry Marks, CFE, CISA, PMP, CISSP, CSTE; Michael
A. Pearson, D.B.A., CFE, CPA, CMA; Marilyn
Peterson, CFE, CCA; Laura M. Preston, CFE; Herbert
Snyder, Ph.D., CFE; Scott Strain, CFE; Karen Forrest
Turner, Ph.D., Educator Associate
2011-2012 BOARD OF REGENTS
Johnnie R. Bejarano, DBA, CFE, CPA; Lt. Col. Robert
J. Blair, CFE, CGFM; Cynthia Cooper, CFE, CISA;
Bruce Dorris, J.D., CFE, CVA, CPA; Joseph L. Ford,
CFE; John Warren, J.D., CFE
Fraud Magazine (ISSN 1553-6645) is published bimonthly
by the Association of Certied Fraud Examiners, 716 West
Avenue, Austin, TX 78701-2727, USA 2012 All rights
reserved. Periodical Postage Paid at Austin, TX 78701
and at additional mailing ofces.
POSTMASTER: Please send address changes to:
Fraud Magazine
ACFE World Headquarters The Gregor Building
716 West Avenue Austin, TX 78701-2727, USA
(800) 245-3321 +1 (512) 478-9000
Fax: +1 (512) 478-9297
Subscriptions: ACFE members: annual membership dues
include $20 for a one-year subscription. Non-members in
U.S.: one year, $55. All others: one year, $75. Member-
ship information can be obtained by visiting ACFE.com
or by calling (800) 245-3321, or +1(512) 478-9000.
Change of address notices and subscriptions should be
directed to Fraud Magazine. Although Fraud Magazine
may be quoted with proper attribution, no portion of
this publication may be reproduced unless written per-
mission has been obtained from the editor. The views
expressed in Fraud Magazine are those of the authors
and might not reect the ofcial policies of the Associa-
tion of Certied Fraud Examiners. The editors assume
no responsibility for unsolicited manuscripts but will
consider all submissions. Contributors guidelines are
available at Fraud-Magazine.com. Fraud Magazine is a
double-blind, peer-reviewed publication.
To order printed or electronic reprints, visit
fraud-magazine.com/reprint-request.aspx or
email reprints@fraud-magazine.com.
ADVERTISING COORDINATOR
Ross Pry
(800) 245-3321 rpry@ACFE.com
Association of Certied Fraud Examiners, ACFE, Certied Fraud
Examiner (CFE), the ACFE Seal and Fraud Magazine
are trade-
marks owned by the Association of Certied Fraud Examiners Inc.
Dick Carozza
Editor-in-chief
Cora Bullock
Assistant Editor
Katie Ford
Contributing Editor
Helen Pryor
Art Director
Aimee Jost
Circulation Manager
Mark Scott, J.D., CFE
Legal Editor
Journal of the Association of Certied Fraud Examiners
Volume 27, No. 1, January/February 2012
John D. Gill, J.D., CFE
Publisher
23rd Annual Fraud & Exhibition
Juhe 17-22 , 2012 Orlahdo, FL
Advanced Fraud Examination
Techniques
Scptc|c| 21-2o, 2012 /ust|r, I/
Auditing for Internal Fraud
/uust 7-8, 2012 |cw Yc||, |Y
CFE Exam Review Course
Scc p. 27 lc| ccu|sc datcs
Conducting Internal Investigation
|c||ua|] 28-29, 2012 C|a||cttc, |C
Ju|] 2012 Was||rtcr, DC
Contract and Procurement Fraud
Jarua|] 2J-21, 2012 ||ccr|, /Z
NEW! Data Analytics
Va|c| 19, 2012 |cw Yc||, |Y
Digital Forensics Tools &
Techniques
Va] 7-8, 2012 C||cac, |l
Financial Institution Fraud
/uust 2012 las Vcas, |V
Financial Statement Fraud
/p||| 2o-27, 2012 Cc|u||a, SC
Fraud Prevention
|c||ua|] 29, 2012 Ba|t|c|c, VD
Fraud Related Compliance
Va|c| 5, 2012 lcu|sv|||c, KY
/uust o, 2012 |cw Yc||, |Y
NEW! Fraud Risk Management
|c||ua|] 2-J 2012 lcs /rc|cs, C/
/uust 1J-11, 2012 ||||adc|p||a, |/
Healthcare Fraud
Va|c| o-7, 2012 lcu|sv|||c, KY
Interviewing Techniques for Auditors
|c||ua|] 27-28, 2012 |t. laudc|da|c, |l
Ju|] 2o-27, 2012 Dcrvc|, C0
Scptc|c| 2012 /t|arta, C/
Introduction to Digital Forensics
|c||ua|] 1J-11, 2012 |cw 0||cars, l/
Investigating Conicts of Interest
|c||ua|] 1, 2012 lcs /rc|cs, C/
Investigating on the Internet
Va|c| 20-21, 2012 |cw Yc||, |Y
Legal Elements of a Fraud
Examination
|c||ua|] 27, 2012 C|a||cttc, |C
Money Laundering: Tracing Illicit
Funds
Va|c| 1-2, 2012 Ba|t|c|c, VD
Mortgage Fraud
Va] 10-11, 2012 Sar D|cc, C/
Principles of Fraud Examination
/p||| J0 - Va] J, 2012 /ust|r, I/
Professional Interviewing Skills
Va] 10-11, 2012 ||cv|dcrcc, R|
/uust 9-10, 2012 Sar ||arc|scc, C/
UPCOMING CONFERENCES
2012 ACFE European
Fraud Conference
25-27 March 2012 Lohdoh
TRAINING
EVENTS
Register at ACFE.com/Training
UPCOMING COURSES
COMBO EVENT
SAVE $100 by registering for both events!
'Evcrts su|jcct tc c|arc.
4 Fraud-Magazine.com
t the end of October and beginning of November, I
spent a whirlwind two weeks attending our Asia-
Pac Conference in Singapore and meeting with
our chapters in Singapore, Jakarta, Hong Kong,
Shanghai, Beijing and Mexico City. I thor-
oughly enjoyed getting to know many of you and learning about
your unique fraud-related issues.
HOPPING CONTINENTS
International chapter members put Southern hospitality to
shame. Everywhere I went I met extremely gracious people who
did everything they could for us. My job was to listen carefully
to their suggestions for improving our services.
The rst stop was to vibrant and beautiful Singapore my
rst visit and also the rst time the city has hosted our 2011
Asia-Pacic Fraud Conference (formerly known as the ACFE
Pacic-Rim Fraud Conference). Nearly 200 attendees net-
worked and attended workshops and panel discussions. (Please
see page 68 for more on this exciting conference.)
I enjoyed meeting Gatot Trihargo, CFE, president of the In-
donesia Chapter (established in 2002), who provided the same
generous hospitality I encountered with other chapters. He was
appreciative of the ACFEs effort to send me there. I presented
to nearly 80 members and public- and private-sector guests.
Chapter activity has become very intense since 2010, by
us conducting monthly discussions/workshops for the members
and other practitioners, Trihargo said. The chapter also suc-
cessfully conducted two annual congresses and seminars in 2010
and 2011, which gathered more than 200 participants for each
session, with both domestic and international speakers.
After Jakarta, I jetted off to Hong Kong, with its exotic mix
of the old and new., Were excited that the ACFE is turning its
attention to Asia, said Hong Kong chapter president Penny Sui-
Ping Fung, CFE. Jims visit to Hong Kong no doubt has helped
to reinforce this message and reminded people of the role of pro-
fessional fraud examiners in a robust and sustainable economy.
Prof. Yiu Wai Andy Kwok, CFE, vice president of the Shang-
hai Chapter and also president of the Beijing Chapter, called my
visit a stunning pleasure. He had this to say about Chinas grow-
ing pains: Chinas high growth rates have encouraged foreign
investment, which have in turn helped fund Chinas incredible
growth, he said. However, such large capital inows are bound
to give way to sector imbalances and fraudulent behavior.
I told the attendees at the rst Corporate Anti-Fraud Semi-
nar in China, how fraud can occur in any industry and at any
level. I also gave suggestions on how CFEs can advise their cli-
ents in their battles against fraud, including setting the proper
tone at the top. Mr. Ratley mentioned that anti-fraud measures
do not get proper attention since they cost money while the
benets cannot be seen in a short-term period, Kwok said. As
a consequence, most companies are not willing to make any
expenditure regarding this issue. However, establishing efcient
and effective anti-fraud mechanisms will generate huge benets
from the long-term perspective.
The ACFE is striving to do all it can to help our interna-
tional chapters grow and thrive. We are excited to announce our
plan to open a regional call center in Singapore and host a CFE
Exam Review Course there March 26 - 29. Chapters, acting as
local ACFE representatives, provide continued support for mem-
bers worldwide through networking opportunities, CPE training,
leadership development and promoting local fraud awareness.
As always, please let me know how we can help you
support our all-important mission. (And please check out
Fraud-Magazine.com/LetterFromthePresident for more photos.)
James D. Ratley, CFE, President and CEO of the Association of
Certied Fraud Examiners, can be reached at: jratley@ACFE.com.
From the PRESIDENT AND CEO
By James D. Ratley, CFE
Supporting Our
International Chapters
A
6 Fraud-Magazine.com
uring an investigation, we scour the web and
social networks for employment backgrounds,
contacts, education history, past behavior
and so on. However, we should be concerned
about information we are posting that the bad
guys can use against us.
Arthur Hulnick, a former CIA ofcer, estimates that open-
source intelligence (a form of intelligence collection manage-
ment that involves nding, selecting and acquiring information
from publicly available sources) accounts for as much as 80
percent of the entire intelligence database. (See Sailing the
Sea of OSINT in the Information Age, by Stephen C. Merca-
do, http://tinyurl.com/2sj5vy.) This is possible, in part, because
organizations and their employees freely publish information
online they probably should keep to themselves. And those
loose lips can lead to outright fraud. (Also see NATO Open
Source Intelligence Reader, http://tinyurl.com/7crt7ug.)
JOB POSTINGS
Before you continue reading this, look at your organiza-
tions job postings and ask, What are we telling the
competition about us?
Imagine a software company with a strong presence in
Asia Pacic that posts a public job offer for a sales manager
in North America. What are they telling the competition?
Think of the recruiting process in your organization and how
long it can take to staff a position. Is that enough time for the
competition to adjust to the arrival of this new sales manager?
Your competitors nd or infer from your job postings
the technologies your organization uses, expansion into new
areas and territories, market growth, change in structure,
structural growth, etc.
What does this mean for fraud examiners? Make sure
you run proper background checks on potential hires! Why?
Because some job descriptions are so detailed that someone
wishing to be hired for fraudulent purposes can customize
his or her rsum. I just worked a case in which a candidate
found a company he believed would be a good target and
redesigned his rsum to boost his employment chances. The
company hired him, and he then proceeded to steal intellec-
tual property during his employment.
WEB 2.0 AND SOCIAL NETWORKS
Employees are likely to reveal valuable information to the
competition on professional or personal networking sites.
Fraudsters can make conclusions about a companys expan-
sion by studying comments about new connections and
relationships plus repeated trips to a city or country.
Through investigations, I have found nurses sharing
concerns about care in neo-natal intensive care units, law en-
forcement personnel sharing sensitive assignments and sales
managers claiming their stakes on new territories. Profes-
sional social networking sites tell the world about new hires
and those who are leaving employers.
Employees posting information online is nothing new.
In one case I worked nearly 12 years ago, a call-center
employee leaked sensitive information on a web forum. This
employee, who was privy to upcoming promotions offered
by a telecommunication provider, would repost information
online prior to a promotion launch. The companys call cen-
ter then would be ooded with requests for promotions and
packages that did not exist yet.
Did this employee access highly sensitive documents?
Did he gain access to someones email account? No. He sim-
ply reposted information he learned in training sessions. We
had a difcult time tracking him down because back then we
did not log everything. Even today, we nd organizations that
do not store online access information, which would allow
them to adequately investigate leaks.
MARKETING DOCUMENTATION
Documents that an organization provides its clients to market
its services often end up in competitors hands. Find ways to
Anything You Say Can and
Will Be Used Against You!
By Jean-Franois
Legault
Digital Fingerprints
A Closer Look at Technology and Fraud
D
January/February 2012 7
securely communicate information that you
do not want the competition obtaining.
I was involved in a recent case in
which a competitor was able to reverse-
engineer a product (take it apart and
analyze it) by simply using the information
in product brochures and documenta-
tion. Imagine your competition not only
knowing your products but how you are
manufacturing them. That is a serious loss
of competitive advantage!
I have also been involved in cases in
which individuals used marketing infor-
mation to create fake companies to try to
defraud possible clients. The schemes were
simple: reuse information to make the com-
panies look legitimate, solicit clients, get
paid and then never deliver anything.
AS AN EXPERT WITNESS
Whatever you write, post and/or commu-
nicate may allow you to build eminence
as an expert. However, opposing counsel
could also use that public information to try
to disqualify you as an expert or to cross-
examine you in court.
AS AN INVESTIGATOR
Open-source intelligence can help you
discover valuable information about play-
ers in an investigation. In one case, I found
some undocumented aliens involved in
a fraud scheme because they gave some
prime evidence via their social media pro-
les, including their geographic locations.
In another example, we tracked down
vehicles purchased with embezzled funds
simply based on suspects photos that had
been posted online.
When I begin a background investiga-
tion into a company, one of the rst things I
do is seek information through press releases
and trade publications. Companies love to
tell the world about what they are doing
right. However, the competition will always
seek out this valuable market intelligence.
If you want to know more about
leveraging business intelligence techniques
in your fraud examinations, I strongly
encourage you to check out anything
fellow ACFE faculty member Cynthia
Hetherington teaches.
WHAT TO DO
So do you cut yourself off from the world
and go off grid? Absolutely not. But make
sure your organizations policies strictly
control information that its employees can
release through all open-source channels
but especially online. When it comes to
social media, establish a think before you
post mentality.
Jean-Franois Legault is a senior manager
with Deloittes Forensic & Dispute Services
practice in Montreal. Canada. His email
address is: jlegault@deloitte.ca.
Digital Fingerprints
A Closer Look at Technology and Fraud
I was involved in a recent
case in which a competitor
was able to reverse-engineer
a product (take it apart and
analyze it) by simply using
the information in product
brochures and documenta-
tion. Imagine your competi-
tion not only knowing your
products but how you are
manufacturing them. That is
a serious loss of competitive
advantage!
Google search directives will add
power to your searches.
Searching for a specic phrase
using quotations:
nd this specic phrase
Searching a specic domain or
website:
site:targetdomain.com or
site:www.targetdomain.com
Searching for specic le type:
letype:extension
You can use the minus sign (-) as an
exclusion operator. For example, you
can use this search directive to exclude
a specic website from your search:
-site:www.excludeddomain.com
Here are some Google searches
that you can run against yourself to see
what could be available to fraudster.
Finding PowerPoint documents on
your site:
site:www.yoursite.com letype:ppt
site:www.yoursite.com letype:pptx
Finding Word documents on your
site:
site:www.yoursite.com letype:doc
site:www.yoursite.com letype:docx
Finding condential documents on
your site:
site:www.yoursite.com condential
site:www.yoursite.com not for
distribution
Use These Queries to Examine Your Online Exposure
8 Fraud-Magazine.com
raud by using an organizations credit is a type of
ctitious expense scheme. In the ACFEs fraud tree,
the crime is a subset of fraudulent disbursements,
which is a subset of cash schemes.
There are many types of fraud involving an employees
use of the organizations credit to purchase assets (i.e., goods
and services) for personal benet. Unauthorized use of the
organizations general credit cards, purchasing credit cards,
travel credit cards or business charge accounts are some of the
most common fraud schemes I have encountered during my
career. Unscrupulous employees cause victim organizations
to order and pay for assets they do not really need. Obviously,
the damage to a victim organization is the money lost in
purchasing these unnecessary items.
The individuals who commit these crimes are usually
responsible for approving and processing transactions for pay-
ment. They may rely on the inexperience of their supervisors
(or their organizations governing bodies) to unknowingly
process their fraudulent transactions in the disbursement
cycle. Victimized organizations then issue checks for un-
authorized business purposes, and the wayward employees
receive personal benets.
We begin this three-part series with employee abuses of
general organization credit cards.
GENERAL ORGANIZATION CREDIT CARDS
Commercial banks issue credit cards to organizations (and
individuals) to aid them in conducting ofcial business.
Banks and organizations enter into agreements specifying the
terms of use for the credit cards. Some banks charge an an-
nual fee; others do not. Banks make their money for process-
ing your transactions by charging a fee to vendors who accept
the cards and by charging you an interest rate on the unpaid
account balance when the full amount due is not paid each
month. The primary responsibility for charges on these credit
cards rests with the organizations.
THE BUSINESS OF CREDIT CARDS
An organization that authorizes company credit cards for its
employees use should maintain formal logs of all cards issued
and require all employees to sign agreements stating that they
have received a copy of the organizations usage policies and
have been trained on the proper procedures for using the cards.
These agreements provide the foundation that employees un-
derstand that they can use the cards for ofcial business only.
Written company policies should require employee
training, prohibit cash advances, restrict purchases of un-
authorized items (such as alcohol), require receipts for all
charge transactions and specify disciplinary actions for any
unauthorized or personal use of the cards. Organizations
never should pay for employee charges shown on the banks
monthly statement without accompanying receipts. It is the
descriptions of the items shown on the receipts that deter-
mine if the expenses are for ofcial business purposes.
UNAUTHORIZED CARDS
Employees who have stolen company credit cards or who
have obtained unauthorized company credit cards through
other means (such as ordering them directly from banks
without approval) will circumvent organizations incoming
mail to snag the monthly credit card statements. They usually
make personal payments on the credit card account balances
to conceal their unauthorized purchases.
However, if employees submit unauthorized expenses
for payment by their companies, management and audi-
tors will have at least some documents they can review to
Using an Organizations
Credit to Commit Fraud
Part 1
By Joseph R. Dervaes,
CFE, ACFE Fellow, CIA
Frauds Finer Points
Case History Applications
F
January/February 2012 9
Frauds Finer Points
Case History Applications
detect fraud. While the supporting documents for credit card
payments should include the statement and all purchase re-
ceipts, fraudsters who choose this latter process usually only
submit statements for payment purposes. In many cases, their
supervisors or the governing bodies of the organizations may
unknowingly approve these fraudulent payments.
Employees may periodically use an organizations credit
card for unauthorized purposes or personal benet, but man-
agers who are assigned to monitor the credit card program
can resolve these minor infractions promptly according to
policies and procedures.
Companies should publicize employee disciplinary ac-
tions in their internal publications to deter future problems.
Unfortunately, even this method is not fraud-proof because
often the very managers who are charged with monitor-
ing the system are the ones who abuse it. These individuals
may be able to hide their unauthorized activities from other
employees and their supervisors, but most of the time they
should not be able to conceal their actions from organi-
zations governing bodies and their internal or external
auditors. However, when their misdeeds are detected, the
fraudsters usually attempt to get organizations to pay from
monthly credit card statements by indicating that receipts for
individual transactions were not available or were inadver-
tently misplaced or lost.
Case No. 1 Personal use of an authorized
general organization credit card
In the November/December 2009 Frauds Finer Points, I
discussed a credit card case that involved missing support-
ing documents. This concept emphasized why organizations
should never pay the balance due on monthly credit card
statements without seeing the supporting receipts for the
purchases rst.
Sarah was the clerk-treasurer responsible for processing
all of the citys disbursement transactions, including all pur-
chases on its credit card. The city rst detected irregularities
in accounts receivable and contacted its external auditor to
investigate the case.
The subsequent audit detected multiple fraud schemes,
which totaled $49,894.88 in losses over 2 years. These
schemes included payroll fraud, accounts receivable fraud,
municipal court revenue fraud, unauthorized use of the citys
business charge account and overpayments to a cleaning
contractor. The clerk-treasurer performed many tasks in a
variety of functions at the city, and no one monitored her
work to ensure the citys expectations were being met.
The clerk-treasurer purchased $5,319.16 in assets for
personal benet using the citys credit card. I detected this
scheme by scanning the citys disbursement les to deter-
mine other risks. I quickly noted that the city was making
its monthly credit card payments using only the statements.
There were very few purchase receipts available for review
and audit. For example, credit card purchases from a local
computer store were almost always missing from the les. I
contacted the citys computer consultant who was responsi-
ble for all information technology issues. However, he wasnt
aware of any ofcial purchases from the computer store.
A computer store representative faxed documents to
me that showed Sarah had signed for a computer, monitor,
software and games on many occasions through the period of
this loss. City staff members conducted a search of city hall
but were unable to locate any of these assets.
Sarah had made all credit card payments on time, but
she had destroyed all the supporting documents that listed
the details of the purchases from the computer store. She
hoped that retaining only the monthly credit card statements
on le for the citys governing body and its external auditors
would be sufcient to conceal her irregular activities. She
was wrong. The governing body did not notice this irregu-
larity, but her fraud did not escape the watchful eye of the
external auditors. In my experience dealing with fraud cases
in state agencies and local governments in the state of Wash-
ington, governing bodies rarely detect fraud in the transac-
tions they are reviewing and approving, primarily because no
one took the time to properly train them for this task.
The clerk-treasurer demanded a trial to resolve the is-
sues in this case. She hired a prominent regional lawyer for
her defense and agreed to a bench trial. (There was no jury.)
After all the evidence was heard during a week of testimony,
the judge rendered a guilty verdict in the case and ordered
Sarah to make restitution of the loss amount, plus audit
costs. He also sentenced her to three months in a work-
release program.
Case No. 2 Personal use of an unauthorized
general organization credit card
A small water district in the state of Washington had three
employees, operated on an annual budget of $466,000 and
served approximately 1,000 customers. Jackson, the ofce
manager, was responsible for practically all nancial opera-
tions; his supervisor, the district superintendent, did not
monitor his work. These are the two most common internal
control weaknesses I have found in small organizations.
While Jackson had no prior criminal history, he appar-
ently came to work for the district with ill intentions. He
sent a memorandum on ofcial letterhead to the districts
bank shortly after being hired requesting that the bank issue
10 Fraud-Magazine.com
a credit card in the districts name and assign it to him. The
credit limit on the card was initially set at $5,000, but Jack-
son subsequently sent a facsimile to the bank one month later
requesting an increase to $20,000. Of course, the districts
governing body did not authorize either of these requests.
Later, when the case was under investigation, the district
stated that someone had forged the authorizing signatures on
the documents.
As the ofce manager, Jackson was responsible for open-
ing the mail and processing invoices for payment. Thus, he
was able to remove the monthly bank credit card statements
from the incoming mail before anyone else saw them. One of
the interesting facts of this case is that Jackson did not submit
any of the credit card statements to the district superinten-
dent or the governing body for approval or payment. Perhaps
Jackson was not quite bold enough. While it would have
been prudent to do so, Jackson did not make any personal
payments to the bank on the card balance either. Because
neither the organization nor Jackson made any payments on
the credit card balance, the monthly expenses and interest
charges continually increased until the balance became delin-
quent and approached the credit limit on the card.
Jackson misappropriated $19,454.84 from the district
in 3 months, with $18,284.03 of this amount representing
his unauthorized use of the districts credit card for personal
benet. Personal charges included the purchase of a used
pickup truck, frequent stays at a motel while traveling to his
favorite casino, thousands of dollars in cash advances at the
casino, Internet and telephone use and other miscellaneous
purchases. Jackson also misappropriated $1,170.81 in utility
revenue from the district.
The district rst detected irregularities in its checking
account and petty cash fund and requested an external audit.
Jackson was placed on administrative leave and subsequently
terminated for a wide variety of managerial shortcomings.
Shortly thereafter, the district received a monthly statement
for the unauthorized credit card. In a plea-bargaining agree-
ment, the court ordered Jackson to make restitution for the
loss amount plus audit costs. It also sentenced him to less
than one year in county jail for this crime.
Case No. 3 More personal use via an unauthorized
credit card
James, the chief of a small re district in the state of Wash-
ington, obtained an unauthorized credit card in the districts
name. He circumvented the districts internal controls by
intercepting the mail, removing the monthly credit card
statement and making personal payments on the account to
conceal his unauthorized purchases. He basically used the
districts credit card as his own by charging $7,797 in personal
purchases for more than a year. He used the card to make
unauthorized cash advances and also incurred nance charges
when he did not make monthly payments on time.
When the district nally discovered the unauthorized
card, there was a $1,599 unpaid balance on the account.
The district found out about the card while making a change
in signatories on all of its bank accounts after the re chief
resigned for unrelated personal reasons. The chief reimbursed
the district for this amount when questioned about the
unauthorized purchases on the credit card. The district paid
the balance due on the account and canceled the credit card.
The county prosecutor declined to criminally prosecute the
case because the district had been made whole.
LESSONS LEARNED
Let us review some of the ner points of fraud detection from
these general organization credit card fraud schemes.
Organizations should:
Establish written policies and procedures for credit card use
and train their employees to ensure they use the cards only
for ofcial business purposes.
Always obtain purchase receipts from employees and never
pay bills using only the monthly credit card statements.
Properly train employees and governing bodies on the
authorization and approval procedures for all
disbursements.
Appropriately segregate employee duties and periodically
monitor the work of key employees to ensure its
expectations are being met.
Once fraud examiners detect fraud, they should assess
what else is at risk of loss within an organization.
MORE CREDIT CARD MISUSE
In part two of this series, we will discuss the use of purchasing
credit cards and travel credit cards. Stay tuned.
Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE
Fellow, is retired after more than 42 years of government service.
He is the president of the ACFEs Pacic Northwest Chapter. His
email address is: joeandpeggydervaes@centurytel.net.
Frauds Finer Points
Case History Applications
2012 CFE Exam Prep Course
See more information about the CFE Exam Review Course at ACFE.com/CFE-Exam
UPCOMING COURSES:
January 30 February 2, 2012
Dallas, TX
NEW LOCATION!
March 26 29, 2012
Singapore
April 16 19, 2012
Las Vegas, NV
July 23-26, 2012
Boston, MA
August 27 30, 2012
Chicago, IL
September 17 20, 2012
Washington, DC
October 15 18, 2012
New York, NY
November 5 8, 2012
Austin, TX
Benets of Attending the CFE Exam Review Course:
Structured Learning Learn how to prepare for the CFE Exam
Fast Track Immerse yourself in an intense, 3 day
preparation period
Instructor-Led Receive guidance from experienced instructors
Interactive Sessions Participate in open discussions on a
variety of topics in fraud prevention
Team Environment Meet others preparing for the CFE
Exam and practicing CFE instructors to help you organize study
sessions to review materials, and provide you with tips and
processes designed for the working professionals busy schedule
When you are able to set some time aside and take away all the distractions, its
amazing what you can learn. The CFE Exam Review Course offers you four days of
guidance from experienced instructors, giving you all the tools you need to
prepare for and pass the CFE Exam.
According to the 2010/2011 Compensation Guide for Anti-Fraud Professionals,
CFEs earn nearly 22% more than their non-certied colleagues.
Distinguish yourself as an expert in the eld by attending our CFE Exam Review Course.
28 Fraud-Magazine.com
le annual reports with the U.S. Department of Education.
However, compliance requires only six areas of expense an
overly broad set of categories that allows wide variation among
institutions. The situation is a bit ironic when we consider that
many Division I schools such as The University of Texas with
yearly athletic revenues of $44 million, or Alabama, with an an-
nual athletic budget of $126 million rival or exceed for-prot
rms but without the same reporting requirements imposed by
the U.S. Securities and Exchange Commission or IRS, accord-
ing to Lavignes 2010 ESPN article.
Frequently, a single individual controls the daily nancial man-
agement of an athletic department and is not subject to nancial
controls and oversight normally found in prot-making entities.
This trend to place all the power in one person often be-
gins at schools with highly successful coaches. According to the
Knight Commissions 2009 review of college presidents, a ma-
jority believes that the inuence of outside money has eroded
their ability to control coaches and their programs. (Quantita-
tive and Qualitative Research with Football Bowl Subdivision
University Presidents on the Costs and Financing of Intercol-
legiate Athletics, http://tinyurl.com/yjvr9kp)
The trend has continued from coaches to omni-competent
athletic directors. John Gasaway, in his blog, Basketball Prospec-
tus, has gone so far as to christen this effect, the Lew Perkins
Fallacy. (He takes the name from the former KU athletic director,
who resigned in the wake of the ticket scandal, but the phenome-
non is by no means limited to the KU program.) The fallacy is that
presiding over an operation that generates an enormous amount of
revenue justies an enormous salary: $65 million and $4 million
for KU and Lew Perkins, respectively. (Jayhawks see through the
Lew Perkins Fallacy. Will others? http://tinyurl.com/3vrok9d)
Apart from the pressure that large salaries place on univer-
sity nances, they create two additional but related problems.
Winning athletic events does not necessarily translate into
managerial or nancial competence. Winning may actually con-
tribute to nancial mismanagement because it promotes an aura
of invincibility, which could lead to lax oversight. Who wants
to kill the proverbial goose that is laying the golden eggs? KUs
athletic director, according to Gasaway, lost millions of dollars
in potential revenue for the university.
A second problem is that private sources often pay the large
salaries. A number of college presidents noted in the Knight
Commission study that they are losing control over athletics as
schools are accepting more outside sources of income, such as
television contracts or private fundraising, to pay athletic salaries.
Ticket audits may require specialized testing
Most colleges provide free or reduced-price tickets to major or
prospective donors. That group changes from game to game. So,
athletic departments need to test internal controls and reconcile
actual game attendance with revenues to ensure that the ticket
ofce is not overly generous with its donor tickets.
As the KU scandal illustrates, it is absolutely critical that
someone independent from the athletic department perform
timely reconciliations after each event to ensure adequate seg-
regation of duties.
Schools that provide free tickets to employees need addi-
tional controls and tests. In most cases, complimentary tickets
should be reported as part of employees taxable income. Simi-
larly, controls need to be in place to make sure that employees
do not receive more tickets than they are allowed by their em-
ployment contracts. (Regardless, it seems to be more than a lack
of specialized training that caused Kansas auditors to overlook
the scandal during their periodic reviews of the ticket sales as
shown by the multiple front organizations using the ticket direc-
tors home address.)
REASSERTING CONTROL OVER COLLEGE ATHLETICS
Whether big-money sports are appropriate for universities is a
topic beyond the scope of this article. However, large revenue
streams are likely to remain an integral part of intercollegiate
FRAUD IN COLLEGIATE ATHLETICS
Winning may actually contribute to
financial mismanagement because it
promotes an aura of invincibility,
which could lead to lax oversight.
Brandon Laufenberg/iStockphoto
January/February 2012 29
athletics. The obvious course for universities, barring reducing
sports, is to become better stewards of their athletic resources.
More specically, the same aspects of college sports that spawned
the scandal at KU and other universities should be the focus of
improvements, including better transparency and oversight.
Transparency
Public disclosure of an organizations nances is a powerful de-
terrent to numerous types of fraud. Although the U. S. Depart-
ment of Education requires universities to report some data for
athletic programs, it is difcult to compare these disclosures
among institutions because the law requires reporting only in
very broad categories. The NCAA requires reporting with great-
er detail. However, the public rarely sees such data. Moreover,
the NCAA allows much leeway on the ways universities can
categorize such data.
A uniform system of accounts and reporting would promote
comparability and consistency among programs. To increase ac-
curacy and reliability, information provided to external parties
should come from universities central nancial administrations,
not directly from their athletic programs. A university inter-
nal audit function should be actively involved to enhance the
quality of reported information. The external agencies receiv-
ing these reports should post them on the Internet to promote
openness and transparency and so independent watchdogs can
scrutinize them for evidence of wrongdoing.
Oversight
As with any other organization, simply installing better anti-
fraud controls is not sufcient to deter fraud. A standard of fraud
prevention is that controls are only as effective as the people
who use them. A lesson from the KU case is that athletic depart-
ments require independent oversight.
If it is true, as the Knight Report suggests, that university
presidents feel they are unable to do this directly, then universi-
ties must seek other bodies to provide the oversight. Potential
candidates include private university accrediting bodies, state
boards of higher education or a universitys board of governors.
Together with improved reporting standards, the move to inde-
pendent review would remove the process from the more political
atmosphere of university presidents and their competing needs to
run their schools, raise funds and have winning athletic programs.
KU EPILOGUE
Since the scandal broke at KU, federal and state authorities
have continued their investigation, which as of press time has
thus far resulted in seven indictments and seven guilty pleas:
Jason Jeffries, assistant athletic director for ticket opera-
tions, pled guilty to one count of misprision and was sentenced
to two years of probation and $56,000 restitution.
Brandon Simmons, assistant athletic director for sales and
marketing, pled guilty to one count of misprision and was sen-
tenced to two years of probation and $157,840 restitution.
Both Jeffries and Simmons cooperated in the investigation
from an early stage and received relatively light sentences.
Kassie Liebsch, athletic department systems analyst, pleaded
guilty to one count of conspiracy to commit wire fraud and was
sentenced to 37 months and $1.2 million restitution. Liebsch was
not identied as a co-conspirator in the spring 2010 investiga-
tion. She continued to work at KU until the day of her indict-
ment, Nov. 18, 2010.
Rodney Jones, assistant athletic director for development,
pleaded guilty to one count of conspiracy to commit wire fraud
and was sentenced to 46 months and $1.2 million restitution.
Charlette Blubaugh, associate athletic director for the ticket
ofce, pleaded guilty to one count of conspiracy to commit bank
fraud and was sentenced to 57 months and $2.2 million restitution.
Tom Blubaugh, paid consultant to KU and husband of
Charlette Blubaugh, pled guilty to one count of conspiracy to
commit wire fraud and was sentenced to 46 months and nearly
$1 million restitution.
Ben Kirtland, associate athletic director for development,
pleaded guilty to one count of conspiracy to commit wire fraud.
He was sentenced to 57 months and nearly $1.3 million resti-
tution, including about $85,000 to the U.S. Internal Revenue
Service and the balance to Kansas athletics.
After the story broke, Athletic Director Perkins announced
he would retire in September 2011 and then abruptly retired on
Sept. 7, 2010. KU has since replaced him with a new athletic
director who makes roughly 10 percent of his predecessor.
An Aug. 10, 2011, court ling indicates that the U.S. attor-
neys ofce had collected only $81,025 from the ve individuals
convicted of conspiracy.
As Ben Franklin was quoted as saying, It takes many good
deeds to build a good reputation, and only one bad one to lose
it. It may be easier to recover the money than the damaged
reputation. Supporters of college athletics have asserted that the
KU ticket fraud represents a crime by employees and not a fail-
ure of college athletics. However, any enterprise that generates
millions and has so little internal control is inviting fraud.
Effective control of intercollegiate athletics will require
broader social and cultural changes that include good student
outcomes over a win-at-all costs mentality. Until that occurs,
anti-fraud professionals can best serve universities by helping
them ensure they receive the revenue they are entitled to for all
athletic events for advancing the institutions goals.
Herbert Snyder, Ph.D., CFE, is a professor of accounting in
the Accounting, Finance and Information Systems Department
at North Dakota State University in Fargo. His email address is:
herbert.snyder@ndsu.edu.
David OBryan, Ph.D., CPA, CFE, CMA, is a professor in the
Department of Accounting and Computer Information Systems in
the College of Business at Pittsburg (Kansas) State University. His
email address is: obryan@pittstate.edu.
FRAUD IN COLLEGIATE ATHLETICS
THE
Tell-Tale Signs
of
Deception
The Words Reveal
Suspects and witnesses often reveal more than they intend through their choices of
words. Here are ways to detect possible deception in written and oral statements.
By Paul M. Clikeman, Ph.D., CFE
January/February 2012 31
he manager of a fast food restaurant calls the po-
lice late at night to report that an armed robber
had entered the restaurant while the manager was alone
in the ofce nishing some paperwork. The manager said
the gunman had stolen the entire days cash receipts
a little more than $4,000. The manager had reported a
similar robbery at the restaurant about six months earlier.
No other witnesses were present at either alleged robbery.
The restaurant owner learns from police investigators that
armed robbery is extremely unusual in the surrounding
neighborhood. Also, the owner knows that the managers
wages have been garnished for the last year for nonpay-
ment of child support. The owner hires you, a CFE, to in-
vestigate whether the manager is ling false police reports
to cover his thefts. You begin your investigation by asking
the manager to write a description of the evenings events.
Detecting Anomalies
Linguistic text analysis involves studying the language,
grammar and syntax a subject uses to describe an event to
detect any anomalies. Experienced investigators are accus-
tomed to studying interview subjects nonverbal behavior,
such as eye contact and hand movement. Text analysis,
on the other hand, considers only the subjects verbal be-
havior. Because text analysis evaluates only the subjects
words, investigators can apply it to written as well as oral
statements. In fact, many investigators prefer to analyze
suspects written statements for signs of deception before
conducting face-to-face interviews.
Text analysis is based on research originating in the
1970s. Psychologists and linguists studied the language and
word choices of subjects in controlled experiments and
found predictable differences between truthful and decep-
tive statements. Susan Adams, an instructor who taught
text analysis (which she called statement analysis) at the
FBI Academy for many years, described it as a two-part
process (Statement Analysis: What Do Suspects Words
Really Reveal? FBI Law Enforcement Journal, October
1996). First, investigators determine what is typical of a
truthful statement. Secondly, they look for deviations from
the norm.
The following section describes deviations that sug-
gest a subject may be withholding, altering or fabricat-
ing information.
Ten Signs of Deception
1. Lack of self-reference
Truthful people make frequent use of the pronoun I to
describe their actions: I arrived home at 6:30. The phone
was ringing as I unlocked the front door, so I walked
straight to the kitchen to answer it. I talked to my mother
for 10 minutes before noticing that my TV and computer
were missing from the living room. This brief statement
contains the pronoun I four times in three sentences.
Deceptive people often use language that minimizes
references to themselves. One way to reduce self-referenc-
es is to describe events in the passive voice.
The safe was left unlocked rather than I left the safe
unlocked.
The shipment was authorized rather than I autho-
rized the shipment.
Another way to reduce self-references is to substitute
the pronoun you for I.
Question: Can you tell me about reconciling the
bank statement?
Answer: You know, you try to identify all the out-
standing checks and deposits in transit, but sometimes
when youre really busy you just post the differences to the
suspense account.
In oral statements and informal written statements,
deceptive witnesses sometimes simply omit self-referenc-
ing pronouns. Consider this statement by a husband who
claims his wife was killed accidently: I picked up the gun
to clean it. Moved it to the left hand to get the clean-
ing rod. Something bumped the trigger. The gun went off,
hitting my wife. The husband acknowledges in the rst
sentence that he picked up the gun. But the second sen-
tence is grammatically incomplete; I has been omitted
from the beginning of the sentence. In the third sentence,
something rather than I bumped the trigger. The state-
ment also contains few personal possessive pronouns. The
witness refers to the gun and the left hand where we
might expect my to be used.
2. Verb tense.
Truthful people usually describe historical events in the
past tense. Deceptive people sometimes refer to past
events as if the events were occurring in the present. De-
scribing past events using the present tense suggests that
people are rehearsing the events in their mind. Investiga-
tors should pay particular attention to points in a narra-
tive at which the speaker shifts to inappropriate present
tense usage. Consider the following statement made by an
employee claiming that a pouch containing $6,000 in cash
was stolen before she could deposit it at the bank (I have
emphasized certain words.):
After closing the store, I put the cash pouch in my
car and drove to the Olympia Bank building on Elm Street.
It was raining hard so I had to drive slowly. I entered the
parking lot and drove around back to the night depository
slot. When I stopped the car and rolled down my window,
T
32 Fraud-Magazine.com
a guy jumps out of the bushes and yells at me. I can see
he has a gun. He grabs the cash pouch and runs away.
The last I saw him he was headed south on Elm Street.
After he was gone, I called the police on my cell phone
and reported the theft.
The rst three sentences describe the employees
drive to the bank in the past tense. But the next three
sentences describe the alleged theft in the present
tense. An alert investigator might suspect that the
employee stole the days cash receipts, then drove to
the bank and called the police from the bank parking
lot to report a phony theft. (See another example in
Antics with Semantics on page 35.)
3. Answering questions with questions
Even liars prefer not to lie. Outright lies carry the risk
of detection. Before answering a question with a lie, a deceptive
person will usually try to avoid answering the question at all.
One common method of dodging questions is to respond with a
question of ones own. Investigators should be alert to responses
such as:
Why would I steal from my own brother?
Do I seem like the kind of person who would do something
like that?
Dont you think somebody would have to be pretty stupid to
remove cash from their own register drawer?
4. Equivocation
The subject avoids an interviewers questions by lling his or her
statements with expressions of uncertainty, weak modiers and
vague expressions. Investigators should watch for words such
as: think, guess, sort of, maybe, might, perhaps, approximately,
about, could. Vague statements and expressions of uncertainty al-
low a deceptive person leeway to modify his or her assertions at a
later date without directly contradicting the original statement.
Noncommittal verbs are: think, believe, guess, suppose, g-
ure, assume. Equivocating adjectives and adverbs are: sort of,
almost, mainly, perhaps, maybe, about. Vague qualiers are: you
might say, more or less.
5. Oaths
Although deceptive subjects attempt to give interviewers as lit-
tle useful information as possible, they try very hard to convince
interviewers that what they say is true. Deceptive subjects often use
mild oaths to try to make their statements sound more convincing.
Deceptive people are more likely than truthful people to sprinkle
their statements with expressions such as: I swear, on my honor,
as God is my witness, cross my heart. Truthful witnesses are more
condent that the facts will prove the veracity of their statements
and feel less need to back their statements with oaths.
6. Euphemisms
Many languages offer alternative terms for almost any action or
situation. Statements made by guilty parties often include mild
or vague words rather than their harsher, more explicit synonyms.
Euphemisms portray the subjects behavior in a more favorable
light and minimize any harm the subjects actions might have
caused. Investigators should look for euphemistic terms such
as: missing instead of stolen, borrowed instead of took,
bumped instead of hit, and warned instead of threatened.
7. Alluding to actions
People sometimes allude to actions without saying they actually
performed them. Consider the following statement from an em-
ployee who was questioned about the loss of some valuable data:
I try to back up my computer and put away my papers every
night before going home. Last Tuesday, I decided to copy my les
onto the network drive and started putting my papers in my desk
drawer. I also needed to lock the customer list in the ofce safe.
Did the employee back up her computer? Did she copy her les
onto the network drive? Did she put her papers in the desk draw-
er? Did she lock the customer list in the ofce safe? The employ-
ee alluded to all these actions without saying denitively that
she completed any of them. An attentive investigator should not
assume that subjects perform every action they allude to.
8. Lack of Detail
Truthful statements usually contain specic details, some of
which may not even be relevant to the question asked. This
happens because truthful subjects are retrieving events from
long-term memory, and our memories store dozens of facts about
each experience the new shoes we were wearing, the song
that was playing in the background, the woman at the next table
who reminded us of our third-grade teacher, the conversation
that was interrupted when the re alarm rang. At least some of
these details will show up in a truthful subjects statement.
Those who fabricate a story, however, tend to keep their
statements simple and brief. Few liars have sufcient imagination
10 TELL-TALE SIGNS OF DECEPTION
S
t
e
p
h
a
n
Z
a
b
e
l
/
i
S
t
o
c
k
p
h
o
t
o
January/February 2012 33
to make up detailed descriptions of c-
titious events. Plus, a deceptive person
wants to minimize the risk that an inves-
tigator will discover evidence contradict-
ing any aspect of his or her statement;
the fewer facts that might be proved
false, the better. Wendell Rudacille, the
author of Identifying Lies in Disguise
(Kendall/Hunt, 1994), refers to seeming-
ly inconsequential details as tangential
verbal data and considers their presence
to be prime indicators that subjects are
telling the truth.
9. Narrative balance
A narrative consists of three parts: pro-
logue, critical event and aftermath. The
prologue contains background informa-
tion and describes events that took place
before the critical event. The critical
event is the most important occurrence
in the narrative. The aftermath describes
what happened after the critical event. In
a complete and truthful narrative, the bal-
ance will be approximately 20 percent to
25 percent prologue, 40 percent to 60 per-
cent critical event and 25 percent to 35
percent aftermath. If one part of the narra-
tive is signicantly shorter than expected,
important information may have been
omitted. If one part of the narrative is
signicantly longer than expected, it may
be padded with false information. The fol-
lowing statement, led with an insurance
claim, is suspiciously out of balance:
I was driving east on Elm Street
at about 4:00 on Tuesday. I was on my
way home from the A&P supermarket.
The trafc light at the intersection of
Elm and Patterson was red, so I came to
a complete stop. After the light turned
green, I moved slowly into the intersec-
tion. All of a sudden, a car ran into me.
The other driver didnt stop, so I drove
home and called my insurance agent.
The subjects statement contains
four sentences of prologue, only one sen-
tence describing the critical event, and
only one sentence of aftermath. The
prologue contains a credible amount of
detail: the day and time of the accident,
the drivers destination, and the location
JUNE 17- 22, 2012
For more information or to register,
visit FraudConference.com.
ACFE Fraud
Conference
and Exhibition
23
rd
ANNUAL
ORLANDO, FL
Gaylord Palms Resort & Convention Center
Dont Miss 2012s Largest Anti-fraud Event.
Join forces with thousands of anti-fraud
professionals at the 23rd Annual ACFE Fraud
Conference and Exhibition in the ght against
fraud. You will address the challenges and
critical issues faced by anti-fraud professionals
during top-level educational sessions and
participate in unmatched networking
opportunities with the premier practitioners
and thought leaders from all over the world.
34 Fraud-Magazine.com
of the accident. But the description of the critical event (i.e.,
the alleged accident) is suspiciously brief. The claimant did not
describe the other vehicle, which direction it came from, how
fast it was going, whether the driver braked to try to avoid the
accident or how the two vehicles made contact.
The aftermath is also shorter than one would expect from a
complete and truthful account of a two-car accident. The claimant
does not say which direction the other vehicle went after leaving
the scene of the accident. He does not mention getting out of his
vehicle to inspect the damage nor does he say whether he spoke
to any people in the area who may have witnessed the accident. A
claims adjuster receiving such a statement would be wise to inves-
tigate whether the policyholder concocted a phony hit-and-run
story to collect for damages caused by the drivers negligence.
10. Mean Length of Utterance
The average number of words per sentence is called the mean
length of utterance (MLU). The MLU equals the total number
of words in a statement divided by the number of sentences:
Total number of words / Total number of sentences = MLU
Most people tend to speak in sentences of between 10 and
15 words (ACFE Self-Study CPE Course, Analyzing Written
Statements for Deception and Fraud, 2009). When people feel
anxious about an issue, they tend to speak in sentences that are
either signicantly longer or signicantly shorter than the norm.
Investigators should pay particular attention to sentences whose
length differs signicantly from the subjects MLU.
The Words Reveal
Complete and accurate descriptions of actual events are usually
stated in the past tense and tend to have a predictable balance of
prologue, critical event and aftermath. Truthful statements gener-
ally contain numerous self-referencing pronouns and include at
least a few seemingly inconsequential details. Truthful statements
rarely contain oaths, equivocation or euphemisms. Investigators
should apply extra scrutiny to written or oral statements that de-
viate from these norms. Suspects and witnesses often reveal more
than they intend through their choices of words.
Paul M. Clikeman, Ph.D., CFE, is an associate professor in the
Robins School of Business at the University of Richmond. His email
address is: pclikema@richmond.edu.
10 TELL-TALE SIGNS OF DECEPTION
NEW COURSE!
Using Data Analytics
to Detect Fraud
Using Data Analytics to Detect Fraud will introduce
students to the basics of using data analytics techniques to
uncover fraud. Taking a software-independent approach,
this one-day course provides attendees with numerous
data analytics tests that can be used to detect various
fraud schemes. Attendees will also discover how to
examine and interpret the results of those tests to identify
the red ags of fraud.
March 19, 2012
New York, NY
For more information or to register, visit ACFE.com/DataAnalytics.
This event is held in conjunction with
Investigating on the Internet, March 20-21, 2012.
CPE Credit: 8
Course Level: Basic
Prerequisite: None
January/February 2012 35
10 TELL-TALE SIGNS OF DECEPTION
t may happen that you inherit a case that someone else
opened. Besides nancial documents, all you have are the
written statements from witnesses and suspects. Can you tell
enough from words alone to detect evasion, lack of cooperation
and the intent to deceive? Yes, you can.
Semantics is a discipline concerned with the meaning of
words and the ways that words combine to form meanings in sen-
tences. The noun rock, for example, can indicate a stone or a
type of music. As a verb, to rock indicates the action of causing
something to rock (rock the cradle) or to rock oneself in a chair
(rocking on the front porch) or a form of party-time behavior (we
were rocking last night).
Anytime you interpret someones words during a conversa-
tion, or as part of your professional duties you are practicing
semantics. Here is one example of semantic analysis:
Use of Present Tense when Describing a Past Occurrence
Sometimes deceptive individuals display a reluctance to refer to
past events as past, particularly if the past event is the subject of
investigation. They refer to past events as if they were occurring in
the present. You should pay particular attention to those points in
the narrative at which the speaker shifts to this inappropriate pres-
ent tense usage, as in the following example.
How many times in this written statement does this person
switch to the present tense? What seems signicant about the
points at which the switch occurs?
On December 15, 2009, in the late afternoon hours, Don L.
Harrington, wife Wanda, and friends Amy Barr, Judy Partin and
Myself, Bob Boone, went to Taylors to pick up some layaway
items. We used two cars because there was some bulky merchan-
dise such as bicycles and a battery-operated car. Don had just
gotten his paycheck so instead of making a trip to the bank he
would pay the balance of the layaway with his check. Wanda
usually handles the nances, so she had Dons check in her purse.
So Wanda hands Don his check, which in turn he gives it to the
layaway clerk. The clerk look at the check and said that she
couldnt accept it but it was obvious that clerk was inexperienced,
because in fact it was the other clerk working in layaway that
told the clerk that she would have to check with the manager rst.
So the clerk takes the check over to the manager, and we all see
the manager shake her head no. By this time Don sees that he
cant use his check, which was a surprise to us because it was a
payroll check instead of a personal check. But instead of causing
chaos, Don decided to pay for it in cash, which Wanda had in her
purse. So Don asked her for the money, gave it to the clerk, the
clerk gave him the receipt, and we went to the back to pick up the
merchandise. In all the confusion, Don thought that Wanda had
the check, and Wanda thought that Don had it, and by this time
we had gotten to Dons house. So Don called ABC Company and
told the payroll dept. that his check was lost.
Bob Boone uses the present tense in three sentences:
So Wanda hands Don his check which in turn he gives it to
the layaway clerk.
So the clerk takes the check over to the manager, and we all
see the manager shake her head no.
By this time Don sees that he cant use his check, which
was a surprise to us because it was a payroll check instead of a
personal check.
It is remarkable that the switch to the present tense occurs at
key moments in the exchange: as the check is handed over, as the
manager refuses to accept the check and as Don becomes aware
he will not be able to use the payroll check. This indicates the
person is sensitive about those moments.
Often, people use the present tense for past events when they
are rehearsing the events in their mind. It is a device for keeping
things straight. Maybe the person is just being careful, or maybe
he is being deceptive.
As an investigator, you should note the switches to the present
tense, and the point of the narrative at which these occur. From
there, you will decide how to explore the issues further.
Excerpted and adapted from the ACFE Self-Study CPE
Course, Analyzing Written Statements for Deception and Fraud,
2009. This excerpt is by Don Rabon, CFE.
Further Reading
Analyzing Written Statements for Deception and Fraud,
ACFE Self-Study CPE Course, 2009 (ACFE.com/
products.aspx?id=2809).
Investigating Discourse Analysis, by Don Rabon, CFE
(Carolina Academic Press, 2003).
Identifying Lies in Disguise, by Wendell Rudacille
(Kendall/Hunt, 1994).
I Know You Are Lying, by Mark McClish (The Marpa
Group, 2001).
Statement Analysis: What Do Suspects Words Really
Reveal? by Susan H. Adams, FBI Law Enforcement
Journal (October 1996).
Antics with Semantics
I
36 Fraud-Magazine.com
SOMETIMES WE FIND FRAUDULENT ACTIVITY OCCURRING
IN THE MOST UNSUSPECTING PLACES. What started out
as a routine examination into a tip from an anonymous
call-center employee who was concerned with the large
number of suspicious credit card payments a few fellow
employees were processing, turned out to be the discovery
of a whole new area of call center fraud operating right
under the noses of management, compliance, internal au-
dit, quality assurance and even fraud committee members.
A call center environment can foster many credit
card processing scams. The most popular is for call cen-
ter agents to retain credit card account numbers, expira-
tion dates and security codes for themselves or to sell to
fraudsters. We also see this scam in restaurants and other
retail industries. Fortunately, in this case, the employee
who called the hotline supplied the locations and names
of the suspicious employees and claimed that the number
of payments they processed was far beyond the norm.
As an outside consultant, I rst had to become famil-
iar with the work of the business unit and the group in
which the suspected employees worked. That unit han-
dles inbound and outbound phone calls with customers
who are past due on delinquent accounts. The collectors,
who use dened call scripts, process payments through
a number of payment options for consumers, including
mailing payments, self-performed Internet payments,
check by phone, automatic account debit and, naturally,
credit card and debit card payments processed over the
phone. The company provides exceptional training ser-
vices for the employees and monitors their work so they
comply with company policies, procedures and applicable
federal, state and even some local statutes. An automated
account management system documents all work, and the
company records all phone calls.
Next, I zeroed in on the accused employees because
the tipster had not provided specic details of the al-
leged fraudulent conduct. I listened to call recordings,
reviewed the corresponding accounts associated with
calls and sat in on some blind monitoring of the col-
lectors live calls. Nothing seemed out of the ordinary.
The targeted collection representatives were very pro-
fessional, positive and helpful to consumers.
I expanded the investigation to several previous
months and increased the sampling of calls and ac-
counts. I reviewed consumer complaints containing
allegations of unauthorized charges to see if these col-
lectors had handled them. I still found no question-
able conduct. As a nal part of the examination, I in-
terviewed the entire business unit staff to uncover any
other employee suspicions of fraudulent activities. I im-
mediately saw that the group members were extremely
competitive, but management encouraged this through
bonuses and advancement to high achievers.
After six or eight interviews, I believed I discovered
the employee who led the anonymous report to the ho-
tline. She made remarks that those who know how to
work the system are the ones who make bonuses and ad-
vance, while those who play by the rules are stuck, live
paycheck to paycheck and are passed over for promotions.
She struck me as either a disgruntled employee or some-
one tired of seeing cheaters prosper. After a few additional
probing questions, I had what I needed to develop a theory
for what may be the most unsuspecting fraudulent activity
I have ever uncovered. I tore into the historical perfor-
mance measurements, metrics, reports and employee les
of the business unit. What I found was shocking.
Overachieving Fraud Wolves
in Sheeps Clothing
Targeting Top-Performing Employees Gaming the Bonus System
Follow this CFE consultant as he uncovers top collection reps at a business call center who inated their
performances for more money and job advancement. Lesson? Do not always follow the money.
By Jeffrey Horner, CFE, CRCMP
January/February 2012 37
My interviews with the business units
management and review of historical docu-
mentation showed clearly that the top col-
lection representatives processed over the
phone as much as two to three times the
number of credit card and debit card pay-
ments as the average collector. Incentives for
the number of credit card payments allowed
representatives to earn bonuses.
After I traced the payments to the ac-
counts, I noticed that some collection rep-
resentatives would set up customers on pay-
ment plans to charge their credit cards once
or even twice a week, instead of the typical
payment plan for once every two weeks or
monthly. The total amount the customer
paid was the same, but it was broken down
into smaller amounts and processed regu-
larly to increase the number of payments
per week. Ironically, these top-performing
employees appeared to be the most talented,
dedicated, hardest-working phone represen-
tatives in the business unit.
As I reviewed the employment records
and performance reviews of the current and former supervisors
and managers of the business unit, I found it crystal clear that
they had all worked their way up in similar fashion. They rou-
tinely outscored their peers at the performance metrics. I ex-
panded my investigative analysis to other call center business
units and found the same conduct.
DRIVING EMPLOYEES TO CHEAT
Much has been written, preached and practiced in the area of em-
ployee motivation, especially for those directly interacting with
customers. Management drives them to shatter sales and service
records, surpass customer satisfaction standards, hit key perfor-
mance indicators, out-hustle the competition and nd ways to
do more with less. We set goals and budgets, apply performance
metrics, and offer various bonuses and creative incentives.
Organizations monitor and evaluate employee performance,
and top achievers climb up corporate ladders. If you are passed
over too many times you are branded as stale, and you may lose
all hope to advance. Those who earn promotions then study the
playing elds and develop their strategies to move up the next
rungs of corporate ladders.
Capitalism through competition. So what is there to worry
about? Plenty. Let us take a deeper look into this activity.
Typically, CFEs, internal auditors, external auditors, and
risk and compliance managers will search for fraudulent em-
ployee activity by focusing on employee theft, embezzlement,
expense account fraud, larceny, fraudulent check writing or
cashing, vendor contracts and countless other schemes. They
follow the money and focus on nancial transactions and report-
ing as sources for discovery. But signicant fraudulent employee
activity can be occurring in the open, and we fail to recognize it
or the severity of the risks and potential losses.
We are familiar with criminologist Dr. Donald R. Cresseys
fraud triangle that denes fraud as the convergence of three
factors to set the climate for fraud: pressure, opportunity and
rationalization. CFEs are trained to focus their sights on the
business resources, processes, procedures, employee activities
and personnel to detect the potential for, and existence of, the
fraud triangle factors. Nevertheless, many fraud examiners do
not recognize the existence of these factors in the out-in-the-
open business environment because we are diligently sleuthing
for the not-so-obvious, hidden schemes buried deep in the orga-
nization. Is it possible that fraudulent activity is fully accepted
and expected? If so, where, and how do we identify it?
THE NUMBERS CAN LIE
In this case, the use of data was essential to steer the investi-
gation in the proper direction. Looking at the total payment
processed by the representatives in the group in Figure 1 (on
page 38), we see no signicant variance. In fact, the highest pro-
ducers of total payments are reps 112 and 117. However, drilling
into the number of debit card and credit card payments pro-
cessed quickly reveals a statistical anomaly. Reps 114 and 118
clearly processed a disproportionately higher number of these
payments than the others in the group. Because the company
incents reps with bonuses and awards to obtain these payments,
Reps 114 and 118 benetted.
This information caused us to review the details of payments
and customer accounts. We were alarmed to see that these reps
were breaking policy by processing payments as often as two
times per week on the same customer account to articially in-
ate the number of payments and earn bonuses. The consumers
agreed to this practice when the reps told them it was necessary
Juan Darien/iStockphoto
38 Fraud-Magazine.com
to keep activity occurring on their accounts so
no additional collection action was taken.
In another group, we found that manage-
ment was looking at a standard call center Key
Performance Indicator (KPI) to identify any em-
ployee that may not be in line with performance
standards. Figure 2 below shows that the average
handle time seems consistent across all employ-
ees. However, upon closer examination, we no-
tice that Reps 223 and 226 have extremely short
rst contact and inbound call times.
We decided to monitor calls and found that
these reps would not thoroughly and adequately
address customers questions, disputes or requests
for documentation, as required by company pol-
icy. They were cutting corners to handle more
calls. You will not be surprised to learn that the
monthly incentives in the group were based on
the average number of calls handled per day. By
cutting these calls short and telling customers
that someone would get back to them on their
issues or concerns, they were able to make more
calls than other reps.
RISK AND COMPLIANCE
According to The Committee of Sponsoring
Organizations of the Treadway Commission
(COSO), Everyone in an organization has re-
sponsibility for internal control. (http://tinyurl.
com/4y24k9n) It starts with the CEO, who
should ultimately assume ownership of the
system, COSO states. However, management
devises goals, targets, budgets and service stan-
dards and drives them to the production level. A
close examination of the conduct and behavior
at that level may reveal potential fraudulent ac-
tivity that standard business processes and pro-
cedures have cloaked.
We know that certain areas are ripe for em-
ployee fraud, such as expense accounts, com-
mission reports and vendor contracts. But does the denition
of fraud and Cresseys fraud triangle apply to activity and con-
duct related to employee performance metrics? We can build
the case that it does.
Employees, supervisors or managers who intentionally in-
ate performance metrics in daily job duties, or omit negative
information or activities, meet the rst part of the denition for
fraud. But what about the requirement for a victim suffering loss
by these actions? Again, the victim here is the employer organiza-
tion through the receipt of invalid performance metrics, delivery
and data, or the absence of these values from negative data that
could be used to improve the organization and its outcomes.
And nally, does the perpetrating employee receive gain?
This is where we make a critical mistake and overlook the ob-
vious. Up to this point, we are dismissing these acts and omis-
sions by employees as harmless, just seeking to look good to the
boss, avoid the consequences of missteps or failure, earn that
bonus or climb the ladder in the organization. Employees who
are evaluated by performance measurements, metrics, data,
etc. who manipulate these values are in essence causing their
performances to appear to be better/higher/more valuable to
OVERACHIEVING FRAUD WOLVES IN SHEEPS CLOTHING
0
20
40
60
80
100
120
140
160
Total
Debit Card
Credit Card
Rep 118 Rep 117 Rep 116 Rep 115 Rep 114 Rep 113 Rep 112 Rep 111
Figure 1: Employee Performance Anomoly
25
31
21
46
22
18
32
55
23
29
18
39
28
20
31
44
125
135
115
129
113
125
134
129
N
u
m
b
e
r
o
f
P
a
y
m
e
n
t
s
P
r
o
c
e
s
s
e
d
Representative
0:00
1:37
2:74
4:12
5:49
6:86
8:24
Average
Inbound
2nd Contact
1st Contact
Rep 229 Rep 228 Rep 227 Rep 226 Rep 225 Rep 224 Rep 223 Rep 222
Figure 2: Employee Performance Anomoly
6
:
2
6
2
:
4
1
7
:
0
2
6
:
3
2
3
:
0
7
6
:
1
2
6
:
2
1
6
:
5
4
3
:
3
5
1
:
4
1
3
:
4
84
:
0
4
2
:
1
2
3
:
5
74
:
0
8
3
:
5
9
3
:
5
8
3
:
5
9
3
:
5
5
4
:
1
1
3
:
5
5
4
:
2
1
4
:
1
1
4
:
3
1
3
:
5
7
3
:
1
2
4
:
1
9
4
:
2
5
3
:
2
6
4
:
2
8
4
:
2
8
4
:
3
8
C
a
l
l
H
a
n
d
l
e
T
i
m
e
(
m
i
n
:
s
e
c
)
Representative
Figure 1
Figure 2
January/February 2012 39
the organization than they would actually be otherwise. What
is the motivation? Clearly, for those who are compensated by
commission and bonuses the answer is obvious: money. But job
retention or advancement also constitutes personal gain.
The totality of the denition has been met in the descrip-
tion of employees who purposefully skew performance metrics.
It is not hard for frontline employees to cut corners, force orders,
shorten calls, bury complaints, etc., day after day to put up some
impressive numbers.
This environment is ripe with employee incentive/pres-
sure. The opportunity is present for front-liners to manipulate
the input, statistics, calls, paperwork and other job functions.
And rationalization is a personal psychological characteristic
that has been found to be present in 40 percent of employees,
according to Managing the Business Risk of Fraud: A Practical
Guide. And according to Freud, rationalization is a defensive
mechanism that seeks to offer acceptable reasons to others, or
ourselves, for unacceptable behavior. As stated by ACFE found-
er and Chairman, Dr. Joseph T. Wells, CFE, CPA, in his Corpo-
rate Fraud Handbook, For the purpose of detecting and deter-
ring occupational fraud, it does not matter whether employees
are actually justied, but whether they perceive that they are.
Now that we have seen that frontline employee conduct
may be an undetected area primed for fraud, we need to assess
the risk to the enterprise. According to the International As-
sociation of Risk and Compliance Management Professionals,
the risk and harm sustained by an organization are not limited to
the losses from employees who work the system to advance and
earn more money. Risk, cost and liability from damage to cus-
tomer goodwill, brand and exposure to regulatory actions may
be signicant once the missteps are revealed. When company
management is unable to obtain valid data from operations, the
impact can be devastating.
HELP THE COMPANY HELP THEMSELVES
The environments most susceptible to transparent frontline
fraud are those you would not normally suspect: service centers
within the enterprise with high-volume, measurable workload
functions. These include call center operations, inside order
processing, lead generation, online agent help desks, billing
and collection, telemarketing, mail processing, customer service
centers and back-ofce operations.
Once you recognize conduct as potentially fraudulent and
know where to focus efforts to discover the activity, you must ex-
amine what can be done to mitigate that risk. Often, process and
compliance reviews originate inside the same departments that
breed the culture of fudging the numbers. You must address it,
or it will continue. Because pressure from management to hit
the numbers will always be a source of temptation for all to look
the other way, the answer is to expand our reach to areas of the
enterprise that possess the resources and skill sets necessary for
independent examination.
In our case, once we showed executives the data for em-
ployee performance anomalies, management culture and per-
formance-based compensation and advancement history, it was
clear that change was required. After we developed and imple-
mented training programs to expose and address the conduct
as fraudulent behavior, we devised measurements and reporting
to display such activity to serve as deterrents. In a short period
of time, performance metrics reected true and clean data for
employee call statistics. With this information, we were able to
accurately identify problem employees and quash the culture
of working the system for bonuses and advancement. In just
three months we gained a 14 percent increase in KPIs and cus-
tomer satisfaction ratings! Only employees playing by the rules
earn bonuses for the right reasons.
Clearly the solutions are very simple, and if you take one
thing away from this article, this is it: The targets, goals, incen-
tives and bonuses are not the problem. We must focus investi-
gative principles and techniques on performance anomalies be-
cause they are ripe for frontline, transparent fraudulent activity.
It is critical that we segment employee production by tenure,
skill and past achievement variances.
A business environment probably already has all the neces-
sary tools, resources and historical data to assess the accuracy,
or lack thereof, of job performances at any level. Management
will need to develop controls, checks and balances, monitoring,
reporting, ethics training, employee hotlines and preventative
measures to reduce the risk for fraud.
We may nip and tuck around the edges to modify behavior,
and still the crafty employees nd ways to hit their numbers
and get the prizes. If we are not diligent in reviewing, reconcil-
ing and building operations-oriented analysis tools to identify
performance anomalies and investigate them unrecog-
nized fraudulent activity will occur before our eyes.
Jeffrey Horner, CFE, CRCMP, is chief development ofcer and
senior vice president of the Government Services Division of UCB
Inc. His email address is: jwhorner@ucbinc.com.
OVERACHIEVING FRAUD WOLVES IN SHEEPS CLOTHING
Risk, cost and liability from damage to customer goodwill, brand and exposure
to regulatory actions may be signicant once the missteps are revealed.
Data Breaches, a 3-Part Series
BREAKING BREACH
SECRECY, Part 3
BY ROBERT E. HOLTFRETER, PH.D., CFE, CICA; AND ADRIAN HARRINGTON
PN_Photo/iStockphoto
41
here are data breaches and then there
are data breaches. Hold on as we look
at two enormous cases reported by the
Privacy Rights Clearinghouse (PRCH)
in its Chronology of Data Breaches.
Even though the number of records compromised
in these two cases is atypical, it does illustrate the
problems consumers face when their personal data
is not protected by organizations that use it.
On Jan. 20, 2009, Visa and MasterCard
alerted Heartland Payment Systems, a credit and
debit card processor, of suspicious activity related
to card transactions. After the company inves-
tigated, it found evidence of malicious software
that compromised data on more than 130 million
cards. The incident may have been the result of a
global cyberfraud operation.
On June 16, 2005, hackers inltrated the net-
work of CardSystems a third-party processor of
payment card transactions and exposed names,
card numbers and card security codes of more
than 40 million card accounts, including 68,000
Mastercard accounts, 100,000 Visa accounts and
30,000 accounts from other card brands. On Feb.
26, 2006, CardSystems agreed to settle charges
with the Federal Trade Commission that it failed
to have in place the proper security measures to
protect sensitive personal information. CardSys-
tems notied affected consumers and offered them
one year of credit monitoring services.
Data breaches that lead to identity theft
have affected the lives of individual consumers,
businesses, nonprot organizations and govern-
ments at all levels throughout the world, espe-
cially in the past decade. Security companies are
constantly working to develop better products for
individuals and organizations to protect personal
information. Many organized cybercriminals work
as successful prot-making businesses, constantly
developing new fraudulent schemes to look for
system weaknesses and collect personal identi-
able information (PII).
However, as our new report and analysis in
this article show, it is not just blatant hacker ef-
forts that cause data breaches. Organizations and
individuals who do a horrible job protecting per-
sonal data, of course, create conditions that lead
to the majority of data breaches.
TRACKING THE PESKY BREACHES
Though not all organizations report data breaches
publicly, at least three independent groups track
and analyze breaches and publish them in reports:
the Privacy Rights Clearinghouse (PRCH), Veri-
zon and the Identity Theft Resource Center
.
Privacy Rights Clearinghouse
PRCH describes itself as a nonprot consumer edu-
cation and advocacy project whose purpose is to ad-
vocate for consumers privacy rights in public policy
proceedings. From Jan. 1, 2005, through press time,
it has tracked, analyzed and classied 2,752 data
breaches and more than 542 million compromised
records for inclusion in its Chronology of Data
Breaches, which is updated daily (www.privacy-
rights.org/data-breach) from these sources:
The Open Security Foundations DATALOSSdb.
(www.datalossdb.org)
Databreaches.net, a spinoff from www.PogoWas-
Right.org, has compiled a wide range of breach
reports since January 2009.
Personal Health Information Privacy (www.
phiprivacy.net/), afliated with Databreaches.
net, is a database that compiles only medical
data breaches. Many of these are obtained from
Analysis Shows Entities Lack Strong
Data Protection Programs
The authors analysis of data-breach statistics shows that organizations
poorly protect personal data. Possible solution: U.S. federal rules for
guidance in developing comprehensive data protection programs.
42 Fraud-Magazine.com
the U.S. Department of Health and Human Services medical
data breach list.
National Association for Information Destruction Inc. (www.
naidonline.org) provides monthly newsletters that include a
number of data breaches largely resulting from improper docu-
ment destruction.
The PRCH classies data breaches as:
Unintended disclosure: sensitive information posted publicly
on a website, mishandled or sent to the wrong party via email,
fax or mail.
Hacking or malware: electronic entry by an outside party.
Payment card fraud: fraud involving debit and credit cards
that is not accomplished via hacking. For example, skimming
devices at point-of-service terminals.
Insider: someone with legitimate access such as an employee
or contractor intentionally breaches information.
Physical loss: lost, discarded or stolen non-electronic records,
such as paper documents.
Portable device: lost, discarded or stolen laptops, PDAs,
smartphones, portable memory devices, CDs, hard drives,
data tapes, etc.
Stationary device: Lost, discarded or stolen stationary electronic
devices such as a computer or server not designed for mobility.
Unknown.
Verizon Business
For the past six years, the Verizon Business Risk Team, in con-
junction with the U.S. Secret Service (since 2009) and the
Dutch National High Tech Crime Unit (starting in 2010), has
prepared the annual Data Breach Investigations Report (http://
tinyurl.com/3votjlj) based on its analysis of more than 900 data
breaches representing more than 900 million compromised re-
cords. The Verizon study classies the breach types as from ex-
ternal agents, insiders, business partners and multiple parties.
Identit y Theft Resource Center
(ITRC) (www.idtheft-
center.org) describes itself as a nonprot, nationally respected
organization dedicated exclusively to the understanding and
prevention of identity theft.
The ITRC list is a compilation of data breaches conrmed
by various media sources and/or notication lists from state
governmental agencies. The group updates the list weekly. To
qualify for the list, breaches must include PII that could lead
to identity theft, especially SSNs. Since Jan. 1, 2005, and up
to press time, the ITRC has tracked and analyzed 2,852 data
breaches and more than 496 million compromised records.
The ITRC classies its types of data breaches as from: data
on the move, accidental exposure, insider theft, subcontractors
and hacking.
These organizations use differing methodologies to select
and classify data breaches, which allow us to view the data from
different perspectives. Data breaches are not all alike, accord-
ing to the ITRC. Security breaches can be broken down into a
number of categories. What they all have in common is that they
usually contain personal identifying information in a format eas-
ily read by thieves, in other words, not encrypted. That is true,
but a lot of personal information included in data breaches is
encrypted. If organizations use the 56bit Data Encryption Stan-
dard rather than the 128-bit Advanced Encryption Standard,
then hackers can normally break key codes and return encrypted
data to plain text so they can use it for identity theft.
HOLTFRETER/HARRINGTON DATA BREACH ANALYSIS REPORT
We decided we wanted to compile a data breach report for the
public and anti-fraud professionals using a different classica-
tion system to provide additional breadth and depth.
Methodology
We analyzed 2,278 data breaches and 512,289,000 compromised
records reported by the PRCH for a six-year period of 2005
through 2010 Jan. 1, 2005 through Dec. 31, 2010. (Beth
Givens, PRCHs director, granted us permission to use its data.)
We developed our classication system by conducting an
analysis of a large sample of 300 data breaches to initially clas-
sify each of them into three broad categories: internal, external
and non-traceable. We used this initial broad approach because
data breaches and related comprehensive data protection legis-
lation are typically viewed by the public and identity theft ex-
perts from an internal/external perspective. Internal and exter-
nal data breaches are dened, simply, as those originating from
within or outside an organization, respectively.
In the second phase of our analysis we examined all the
sampled breaches included in the internal and external catego-
ries to look for useful patterns for determining specic subtypes.
BREAKING BREACH SECRECY
Gualtiero Bof/iStockphoto
Te ACFE Career Center
More than just a Job Board.
The ACFE Career Center has resources and advice for
anti-fraud professionals at every stage of their career, from
entering the workforce to mentoring the next generation.
Even if youre currently employed, the Career Center can
help you chart your path with:
Career advice from HR experts, hiring managers,
self-employed fraud examiners and more.
Proles of ACFE members who share how they charted their
career path, what worked and what didnt.
Valuable web resources including checklists, articles and
career-planning tools.
The ACFE Job Board, where job seekers go to nd job
postings targeted to their skill set.
Dont forget to check out job listings and network with
colleagues on the ACFE LinkedIn group.
Invest in your career. Visit the ACFE Career Center at ACFE.com/Career.
44 Fraud-Magazine.com
We then completed the classication process by placing all
2,278 data breaches for the six-year period into the following
subtype categories, which we dened and used for the analysis:
IIPD: Internal improper protection or disposal of data:
For example, on Sept. 4, 2007, the University of South Caro-
lina exposed online a number of les containing Social Security
numbers, test scores and course grades.
ITF: Internal theft of data by a current or former em-
ployee with absolute or high probability of fraudulent intent:
For example, on Feb. 5, 2009, a Mooresville, N.C., dry cleaner
skipped town with her clients credit card numbers.
ITNF: Internal theft of data by a current or former
employee with low or no probability of fraudulent intent:
For example, on April 27, 2007, an employee at the Caterpillar
Corporation stole a laptop computer containing personal data of
employees, including SSNs, banking information and addresses.
IH: Internal hacking or unauthorized intrusion of
a network by a current/former employee: For example, on
March 21, 2010, a 21-year-old former Evergreen Public School
employee Vancouver, Wash., pulled off a computerized payroll
security breach that put more than 5,000 current and former
Vancouver district school employees at risk for identity theft.
IL: Internal loss of data: For example, on Oct. 15, 2009,
the Virginia Department of Education reported that a ash drive
containing 103,000 student names, SSNs, and employment and
demographic data was misplaced.
XP: External partner/third-party theft or loss of data
by improper exposure or disposal: For example, on April 27,
2007, the Long Island Railroad reported that, while in transit,
its delivery contractor, Iron Mountain, lost data tapes contain-
ing names, addresses, SSNs and salary gures of virtually all the
employees who worked for the company.
XTF: External theft of data by a non-employee with ab-
solute or high probability of fraudulent intent: For example, on
Feb. 2, 2009, a school volunteer at the Irving Independent School
District in Texas, stole information including SSNs and birth
dates of school employees and tried to buy tires at a local Sears
store after opening up a line of credit using the name of one of the
school teachers. A suspicious, alert employee called the police.
XTNF: External theft of data by a non-employee with
low or no probability of fraudulent intent: For example, on
Aug. 1, 2009, Williams Companies Inc., in Tulsa, Okla., report-
ed that a laptop containing personal information of 4,400 cur-
rent and former employees was stolen from a workers car.
XH: External hacking or unauthorized intrusion of
network by a non-employee: For example, on June 23, 2010,
Anthem Blue Cross WellPoint of California reported that
hackers may have compromised customers personal informa-
tion after gaining access to the companys web-based tool for
tracking pending insurance applications.
NA: Non-traceable unable to determine as internal or
external: For example, on June 22, 2009, numerous folders con-
taining medical records and SSNs from Baptist Medical Center
were found in a landll.
Results? Entities Have Some Explaining to Do
Bear with us on the detailed results. Getting through these sta-
tistics will pay off. Figure 1, Record Breach Sum (above), shows
the percentage of the 581,289,000 compromised records for the
six-year period. As shown, approximately 13 percent were traced
to the internal category, 86 percent to external and 1 percent
to non-traceable. Most individuals believe that the majority of
compromised records and related breaches are externally driven
an opinion probably shaped by media outlets, which tend
to focus their reporting on data breaches of large organizations.
Figure 2, Record Breach Types (above), shows the percent-
ages of the total compromised records traced to each of the
ve internal (IIPD, ITF, ITNF, IH, IL), four external (XP, XTF,
XTNF, XH) and non-traceable (NA) subtype categories.
In the internal subtype categories, IIPD or the improper
protection or disposal of data, accounted for approximately 3
percent of the total compromised records; ITF or theft of data
by a current or former employee with absolute or high prob-
ability of fraudulent intent, accounted for about 6 percent; IH
or hacking or unauthorized intrusion of network by a current/
former employee, was about 1 percent; IL or loss of data, was
about 4 percent, and ITNF or theft of data by an employee
with low or no probability of fraudulent intent theft, was about
BREAKING BREACH SECRECY
1%
Non-traceable
86%
External Sum
13%
Internal Sum
Figure 1: Record Breach Sum
2%
External-XTF
0%: Internal-IH
0%: Internal-ITNF
0%: Non-traceable
59%
External-XH
18%
External-XP
8%
External-XTNF
6%
Internal-ITF
4%
Internal-IL
3%
Internal-IIPD
Figure 2: Record Breach Types
January/February 2012 45
1 percent. There is no dominant internal breach type, but this
is somewhat expected because the total compromised records
in this area accounted for only 13 percent of the overall total
compromised records.
In the external subtype categories, XP or partner/third party
theft or loss of data by improper exposure or disposal, accounted
for approximately 18 percent of the total compromised records;
XTF or theft of data by a non-employee with absolute or high
probability of fraudulent intent, accounted for about 2 percent;
XH or hacking or unauthorized intrusion of network by a non-
employee, was about 59 percent; XTNF or theft of data by a
nonemployee with low or no probability of fraudulent intent,
was 8 percent, and NA or non-traceable unable to trace to
internal or external, accounted for approximately 3 percent.
External hackers caused most of the compromised records,
which is expected because they get more bang for the buck by
gaining access to more data when inltrating the networks of
larger organizations. But another serious problem exists with
some partners and third-party contractors who seem to be ir-
responsible when entrusted with the data of other organizations.
Figure 3, Case Breach Sum (above), shows the percent-
ages of data breaches for the general internal, external and
non-traceable categories. Of the 2,278 data breaches, internal
accounted for 39 percent, external for 56 percent and 5 percent
for non-traceable. These results are quite different when com-
pared to the number of compromised records for internal, ex-
ternal and non-traceable categories, which were noted above at
13 percent, 86 percent and 1 percent, respectively. This strongly
indicates that the external hackers are getting access to more
records per breach than those stealing internal records.
Figure 4, Case Breach Types (left), shows the percentage of
the 2,278 data breaches for the ve internal (IIPD, ITF, ITNF,
IH, IL), four external (XP, XTF, XTNF, XH) and non-traceable
(NA) subtype categories. For internal, XP or the improper pro-
tection or disposal of data, accounted for approximately 24 per-
cent; XTF or theft of data by a current or former employee with
absolute or high probability of fraudulent intent, accounted for
about 8 percent; XH or hacking i.e. unauthorized intrusion of
network by current or former employee, was about 1 percent;
XL or loss of data was 7 percent, and XTNF or theft of data
by a current or non-current employee with low or no probability
of fraudulent intent, was about 1 percent.
Improper protection or disposal of data dominates this sub-
category, which again shows that some organizations need to
tighten up their controls.
In the external subtype categories, IIPD or partner/third
party theft or loss of data by improper exposure or disclosure,
accounted for approximately 7 percent of the total data breaches;
XTF or theft of data by a non-employee with absolute or high
probability of fraudulent intent, accounted for about 6 percent;
XH or hacking or unauthorized intrusion of network by a non-
employee, was about 18 percent; XTNF or theft of data by a
non-employee with low or no probability of fraudulent intent,
was 24 percent, and NA or non-traceable unable to determine
as internal or external, accounted for approximately 5 percent.
The pattern that exists among the total compromised re-
cords and data breaches for the general internal, external and
non-traceable categories seems to be true for the subtypes. For
internal types, NC or the improper protection or disposal of re-
cords, accounted for about 24 percent of the total breaches but
3 percent of the total compromised records. XTF, or the theft of
data by a current or non-employee with absolute or high prob-
ability of fraudulent intent, accounted for about 8 percent of
the data breaches and about 6 percent of the compromised re-
cords. In addition, the subtype IL, or the internal loss of data,
accounted for about 5 percent of the total data breaches but only
4 percent of the total compromised records.
The above results are similar for the external subtypes. For
example, XP, or the partner/third party loss of data by improper
exposure or disposal, accounts for about 18 percent of the to-
tal compromised records but only 7 percent of the total data
breaches. XH, or hacking or unauthorized intrusion of network
by a non-employee, accounts for 18 percent of the data breach-
es but a whopping 59 percent of the total compromised records.
XTF, or the theft of data by a non-employee with absolute or
high probability of fraudulent intent, accounted for nearly 6
BREAKING BREACH SECRECY
5%
Non-traceable
56%
External Sum
39%
Internal Sum
Figure 3: Case Breach Sum
2%
Internal-IH
5%
Non-traceable
0%: Internal-ITNF
24%
External-XTNF
24%
Internal-IIPD
18%
External-XH
8%
Internal-ITF
7%
External-XTF
7%
External-XP
5%
Internal-IL
Figure 4: Case Breach Types
ACFE BOOKS AND MANUALS
Fraud Fighter: My Fables and Foibles
By Dr. Joseph T. Wells, CFE, CPA
At a period when dishonesty at top U.S. companies is
dominating public attention, Fraud Fighter: My Fables
and Foibles is a surprisingly frank and gripping mem-
oir from an unsurprisingly effective fraud ghter. This
autobiography forms a full tapestry of a life, displaying
wit, intrigue, trepidation, regret and nally, victory (342
pages).
$25 Members / $39 Non-Members
Visit ACFE.com/FraudFighter for more details.
Internet Fraud Casebook (Audio CD Set)
This popular ACFE casebook is now available in a con-
venient audio CD set. Featuring 13 CDs with more than
10 hours of captivating fraud cases, the Internet Fraud
Casebook CD set allows you to listen to the war sto-
ries of more than 40 fraud examiners and learn from
their real-life investigations. Each case study walks
through the investigation step-by-step, presenting les-
sons learned and recommendations for preventing fu-
ture occurrences of fraud.
To download a sample chapter, visit ACFE.com/
FraudCD.
$59 Members / $79 Non-Members
NEW!
Corporate Fraud Handbook:
Prevention and Detection, Third Edition
By Dr. Joseph T. Wells, CFE, CPA
Fraud continues to be a serious and costly problem
for businesses. Now in its third edition, the Corporate
Fraud Handbook, written by the founder and Chairman
of the ACFE, is lled with real-world cases and statis-
tics on the various types of fraud and their real cost to
organizations.
It reveals the incredibly creative fraud schemes used by
employees, owners, managers and executives to de-
fraud their companies. Auditors, fraud examiners and
criminal investigators will discover how to spot the red
ags of fraud and prevent it from happening in the rst
place (456 pages).
$49 Members / $75 Non-Members
Social Engineering: The Art of Human
Hacking
By Christopher Hadnagy and Paul Wilson
From elicitation and pretexting to inuence and manipu-
lation, all aspects of social engineering are picked apart,
discussed and explained by using real world examples,
personal experience and the science behind them to un-
ravel the mystery of social engineering. This indispens-
able book examines a variety of maneuvers that are
aimed at deceiving unsuspecting victims, while it also
addresses ways to prevent social engineering threats
(408 pages).
$24 Members / $35 Non-Members
NEW!
A Guide to Forensic Accounting
Investigation, Second Edition
By Steven Skalak; Thomas Golden, CFE, CPA;
Mona Clayton, CFE, CPA; Jessica Pill
Recent catastrophic business failures have caused
some to rethink the value of the audit, with many de-
manding that auditors take more responsibility for fraud
detection. This book provides new coverage on the
latest PCAOB Auditing Standards, the Foreign Corrupt
Practices Act and on options fraud, as well as on fraud
in China and its implications. This book equips auditors
with the necessary practical aids, case examples and
skills for identifying situations that call for extended
fraud detection procedures (622 pages).
$129 Members / $175 Non-Members
NEW!
The Fraud Audit: Responding to the
Risk of Fraud in Core Business Systems
CBy Leonard W. Vona, CFE, CPA
The 2010 Report to the Nations found that the typical
organization loses 5 percent of its annual revenue to
fraud and abuse. Discover fraud within your business
before yours becomes another fraud statistic. The Fraud
Audit provides a proven fraud methodology that allows
auditors to discover fraud versus investigating it (378
pages).
$54 Members / $75 Non-Members
ACFE.com/Shop
(800) 245-3321 / +1 (512) 478-9000
CFE Exam Prep Course | Books and Manuals | Self-Study CPE | Software | Merchandise | Toolkits
Ordering is Easy!
Course
Formats
CD DVD Online Workbook
NEW!
NEW!
NEW!
NEW!
NEW!
NEW!
E-Workbook
Interviewing and Interrogation Toolkit
Unfortunately, Interviewing Techniques 101 is not a course most of
us took in school. As a fraud examiner, however, you are challenged
with the task of interviewing on a regular basis. This toolkit includes
four resources to help you improve your interviewing skills and ensure
you become a more effective interviewer:
Finding the Truth: Effective Techniques for Interview and
Communication (20 CPE Credits)
Fraud-Related Interviewing
Interviewing and Interrogation, Second Edition
Report Writing Manual
Regular Price: $254 Members / $270 Non-Members
Bundle Price: $179 Members / $229 Non-Members
NEW!
FCPA Investigations: Combating
Corruption in International Business
(Online Self-Study)
Course Level: Intermediate
Prerequisite: None
FCPA Investigations: Combating Corruption in International Business
provides you with important information to help you, your company
and its employees avoid adverse consequences and combat bribery
in international business. This course offers an overview of the FCPA,
discusses how you should respond to evidence of corruption, presents
a roadmap that will help you conduct investigations of suspected cor-
ruption and discusses how to conclude an investigation.
NEW!
Fraud Risk Management
Course Level: Intermediate
Prerequisite: None
The eld of risk management has attracted in-
creased attention in the wake of the economic
meltdown as the public comprehends the negative effects of uncon-
tained risk. This course explains why managing fraud risk is important for
organizations and the steps to develop an effective fraud risk manage-
ment program.
Highlights Include:
The business case for managing fraud risk
Objectives of a fraud risk management program
The components of a fraud risk management program
A discussion of COSO and other risk management frameworks
BEST SELLER!
Making Crime Pay: How to
Locate Hidden Assets
Course Level: Basic
Prerequisite: None
Every anti-fraud professional needs the tools to
pursue an investigation that involves a search for
concealed assets. This course gives you insight
on how to locate hidden assets and how to iden-
tify and trace hidden payments and sources of
income. Hear from fraudsters about how to hide
assets and from anti-fraud experts on how to nd
them.
NEW!
Ethical Issues for Fraud
Examiners (Online Self-Study)
CPE Credit: 2
Course Level: Basic
Prerequisite: None
Ethical Issues for Fraud Examiners will help you understand what con-
stitutes an ethical dilemma and develop an awareness of ethical is-
sues faced by fraud examiners. The course also presents six ctional
scenarios that illustrate potential ethical situations that pertain to fraud
examinations. The purpose of these scenarios is not to provide you
with solutions, but rather to familiarize you with some types of ethical
dilemmas that might arise in a fraud examination.
NEW!
Inside the Fraudsters Mind
(Fullls 2 hours ethics CPE requirement)
CPE Credit: 8 (Fullls 2 hours of required Ethics CPE)
Course Level: Basic
Prerequisite: None
Understanding the thoughts and feelings of a
fraudster can provide valuable insight to enhance
an organizations anti-fraud efforts. This course
will explore psychological information that is key
to the successful development of a fraud preven-
tion and detection program. In the accompanying
training video you will hear ten convicted fraudsters explain directly
what they were thinking when they decided to commit fraud and how
they nally got caught.
Order online at ACFE.com/Shop
Where the Experts Shop.
SELF-STUDY CPE
The ACFE has the highest quality CPE
of any organization that I belong to!
Avery Hudson, CFE, CPA
Internal Auditor, Liberty Bank
CPE Credit: 16
$59 M
$79 NM
$139 M
$159 NM
$159 M
$179 NM
CPE Credit: 16
$59 M
$79 NM
$109 M
$129 NM
$129 M
$179 NM
CPE Credit: 4
$119 M
$159 NM
CPE Credit: 2
$59 M
$79 NM
CPE Credit: 3
$89 M
$109 NM
48 Fraud-Magazine.com
percent of the total data breaches but only 2 percent of the total
compromised records. Lastly, XTNF, or the theft of data by a
non-employee with low or no probability of fraudulent intent,
accounted for only 8 percent of the total compromised records
but an amazing 24 percent of the total data breaches.
Analysis? Numerous Data Compromises Without Controls
The results strongly indicate that the organizations experi-
encing these data breaches lack strong comprehensive data
protection programs. As a result, the personal data that or-
ganizations should control and safeguard more easily is being
compromised in many ways.
For example, 26 percent of the total breaches result from
the internal improper protection and disposal of data. Exam-
ples include posting data online including SSNs on mailing
labels giving documents or hard drives to recyclers that in-
clude personal information (how about destroying them inter-
nally?) and leaving documents containing personal data unat-
tended in the workplace.
Do we know if any of the compromised records in this cat-
egory of data breaches were used for identity theft purposes? No,
but the opportunity exists. As we know, closing the door on op-
portunity is one of the best methods for fraud prevention.
The protection and disposal of data category is also direct-
ly linked to two other internal data breach and three external
subtype categories. For example, if companies properly protect-
ed and/or disposed data by securing physical facilities, software
and hardware, then less data, such as employee SSNs, would be
lost or misplaced. And employees or non-employees would be
stealing less internal and external data, such as customer debit
card numbers and other personal data. Also, as we wrote earlier,
organizations could better control internal and external hacking
and resulting identity theft if they were required to encrypt all
sensitive data with the use of the 128-bit encryption standard.
SELF-REGULATION NOT WORKING
It is obvious that many organizations need guidance in develop-
ing comprehensive data protection programs. Self-regulation has
not worked; maybe federal rules might help. Because of recent na-
tional exposure on data breaches, the U.S. Congress is considering
legislation on this topic. But do not hold your breath because they
have been considering legislation on notication of data breaches
for the past three sessions and have not passed any law. (The 2007
U.S. Red Flags Rule does require many business and organiza-
tions to implement a written identity theft prevention program
designed to detect the warning signs of identity theft in their daily
operations. See http://tinyurl.com/d6de4y.)
The state of Massachusetts, on the other hand, has re-
cently passed a comprehensive data protection law (201 CMR
17.00) containing standards and requirements directly related
to the types of internal and external data breaches described
and analyzed in this article.
The Massachusetts law is considered one of the strictest
in the U.S. The standards and precise requirements that are
paraphrased and listed below might be a model for other U.S.
states, the U.S. Congress and perhaps some foreign countries
for developing comparable legislation. They will also provide
valuable guidance for organizations and consultants who advise
them about specic elements that should be addressed in setting
up a comprehensive data protection program.
The law states that every person that owns or licenses per-
sonal information about a resident of the Commonwealth shall
develop, implement, and maintain a comprehensive informa-
tion security program. That includes the following standards
and requirements briey outlined by InstantSecurityPolicy on
its website at: http://tinyurl.com/4xnnoky.
In the section of the Massachusetts law, 17.03: Duty to
Protect and Standards for Protecting Personal Information, ev-
ery comprehensive information security program shall include,
but not be limited to:
a. Designating one or more employees to maintain a compre-
hensive information security program.
b. Identifying risks to the security, condentiality, and/or integrity
of records containing personal information, and improving cur-
rent safeguards where necessary, including 1) ongoing employee/
contractor training, 2) employee compliance with policies, and
3) means for detecting and preventing security system failures.
c. Developing policies relating to the storage, access, and trans-
portation of personal information outside of business premises.
d. Imposing disciplinary measures for violations of the security
policy.
e. Preventing terminated employees from accessing records
containing personal information.
f. Oversee service providers by 1) selecting and retaining service
providers capable of securing personal information and 2) re-
quiring service providers by contract to implement and main-
tain appropriate security measures for personal information.
BREAKING BREACH SECRECY
For example, if
companies properly
protected and/or
disposed data by
securing physical
facilities, software
and hardware, then
less data, such as
employee SSNs,
would be lost or
misplaced.
Ivelin Radkov/iStockphoto
January/February 2012 49
g. Placing restrictions on physical access to records containing
personal information and securely storing of this information.
h. Regular monitoring to ensure the security program is op-
erating in the intended manner and upgrading safeguards
where necessary.
i. Reviewing security measures at least annually or whenever it
is reasonably necessitated by a change in business practices.
j. Documenting actions taken in response to any incident in-
volving a breach of security, and a post-incident review of
events and actions taken. 17.04
Computer System Securit y Requirements
(1) Secure user authentication protocols including:
a. Control of user IDs and other identiers.
b. A reasonably secure method of assigning and selecting pass-
words or other unique identiers.
c. Control passwords to ensure that the location and/or format
does not compromise data security.
d. Restricting access to active user accounts only.
e. Blocking access after multiple unsuccessful logon attempts.
(2) Secure access control measures that:
a. Restrict access to les containing personal information to
those who need such access.
b. Assign non-vendor-supplied, unique identications and pass-
words to each person with computer access that are designed
to maintain the integrity of the security of the access controls.
(3) Encryption of all transmitted les containing personal
information when traveling across a public network or a wireless
connection.
(4) Monitoring of systems for unauthorized use of or access
to personal information.
(5) Encryption of all personal information stored on laptops
or portable devices.
(6) Use rewall protection and reasonably up-to-date
patches on Internet-connected systems that contain personal
information.
(7) Use anti-virus/anti-malware software with reasonably up-
to-date patches and virus denitions on Internet-connected systems
that contain personal information.
(8) Education and training of employees of the proper
use of the computer security system and the importance of
information security.
Earn 10 fraud-related credits with
Fraud Magazine
CPE Quizzes!
Time running out
to earn your CPE?
Is your deadline for CPE fast-approaching? All Certied Fraud Examiners must earn
the required 20 Continuing Professional Education (CPE) credits to remain in good
standing. If you are a CFE and want to make sure you have your 10 required fraud-
related credits, then take advantage of ACFEs Fraud Magazine CPE quizzes.
Take this issues Fraud Magazine CPE Quiz on pg. 70,
or download archived quizzes at Fraud-Magazine.com/CPE-Quiz-Archive.aspx
Fraud Magazine
doesnt
constitute an endorsement of the product or service by Fraud
Magazine or the Association of Certied Fraud Examiners Inc.
ADVERTISERS INDEX
Ashly Worsham
P
h
o
t
o
b
y
C
h
r
i
s
t
i
T
h
o
r
t
o
n
-
H
r
a
n
i
c
k
y
,
C
F
E
62 Fraud-Magazine.com
MCFADYEN REVEALS TULSA CHAPTERS SECRETS
OF RITCHIE-JENNINGS SCHOLARSHIP SUCCESS
R. Cameron McFadyen, CFE, longtime Tulsa fraud examiner
and accountant and active ACFE member, recently spoke with
Fraud Magazine about his participation in the ACFEs Ritchie-
Jennings Memorial Scholarship program, the Oral Roberts
University (ORU) scholarship process and his work in the
fraud examination eld. McFadyen is the founding president of
the ACFEs Tulsa Area Chapter and chairman of the Ritchie-
Jennings Memorial Scholarship Committee. (See ACFE.com/
scholarship.aspx.)
How long have you been associated with ORU and how have
you served in the scholarship process?
The Tulsa Area Chapter began participating in the annual
Ritchie-Jennings Memorial Scholarship competition in 1996.
I began as the chapters committee chair and started talking
about the scholarship to professors at local universities. A friend
of mine, Terry Unruh, an assistant professor of accounting at
ORU, expressed real interest. From that point on, we worked
closely together, and, over time, we developed a process, which
has been very successful. Since being named to serve on the
Ritchie-Jennings Memorial Scholarship Committee last year, I
have removed myself from the process at the local level to avoid
any conict-of-interest issues.
ORU has had a number of candidates win the Ritchie-
Jennings Memorial Scholarship through the years.
The Tulsa Area Chapter established the R. Cameron Mc-
Fadyen, CFE, Scholarship Award beginning in the 1999-2000
competition year. This award provides additional scholarship
money to local winners.
How do you attribute ORUs success?
I believe there are four key reasons for the success of this pro-
gram. First, the chapter scholarship chair maintains a close rela-
tionship with ORU professors and ofcials. Second, the chapter
sponsors events throughout the year, such as photo shoots and
congratulatory meetings for the winners and presentations to
recipients of the Fraud Magazine issue containing the scholarship
article. Third, the chapter evaluates students regularly to deter-
mine those who would make the best candidates for endorse-
ment. And fourth, the selection interviews are always in person
and designed to reveal as much as possible about each student:
who they are, what they want to do and how they view their fu-
tures. Those interviews are major components when the chapter
decides who to put forward as Ritchie-Jennings applicants.
What steps can educa-
tors take to help
students submit a
worthy application?
Educators can make all
the difference. They
are on the front lines
and know better than
anyone those students
who would make the best
scholarship applicants.
They can introduce their
students to the scholar-
ship program and tell
them about its back-
ground. Educators can
spur students to work their hardest and, hopefully, steer them to
the fraud examination profession and the CFE credential. Dedi-
cated educators can mentor students through the application
processes and assure that they meet all requirements. Educators
also can help students present themselves in the best possible
way by highlighting achievements, experiences and honors that
differentiate them from the pack.
What motivated you to become a fraud examiner?
During my years as director of corporate internal audit, I came
across inappropriate actions by individuals in various parts of
our global operations. Finding this was a shock because you
just dont start into an audit project expecting to uncover
fraud. Over time, in discussions with other audit professionals,
there was growing concern about fraud and the risks that came
with it. More and more forums about it became part of auditor
meetings to allow a sharing of experiences, and these provided
some education about how to deal with it. The subject matter
really intrigued me, and the interest grew to the point where I
just decided that I wanted to learn as much as possible and then
help others either through education or by helping them deal
directly with these very trying, difcult situations. More to the
point, I hate to see the bad guys win.
Your ACFE number is 300; youve been a member since
1989. Why did you decide to become a member and then a
CFE? What do you enjoy the most about the ACFE?
Prior to the ACFE, there was no authority to specically address
these issues for professionals. When the ACFE began in 1988, I
saw some literature about this new organization. So I contacted
ACFE News
R. Cameron McFadyen, CFE
January/February 2012 63
tacted the Austin headquarters to ask some questions and learn
what I could. I remember sitting in my ofce a few days later
and receiving a call from [now ACFE President and CEO] Jim
Ratley asking if I needed additional information. We had a very
nice conversation during which he said he hoped that with my
accounting background, combined with the interest I expressed
in fraud issues, I would seriously consider membership. And as
they say, that was that!
(Thanks to Lupe DeLeon, ACFE membership coordinator,
for assistance with this interview. ed.)
CFE TAKES THE BLOWS AND GETS BACK UP IN WIPEOUT
Wilson Kennedy holds two distinctions as a City of San Diego
employee: He is the rst to become a CFE and the rst to be a
contestant on ABCs summer Wipeout obstacle course TV
Wilson Kennedy, CFE, swings with gusto during the trials of a
summer Wipeout TV show.
Visit ACFE.com/AutoDues to enroll today.
Automatic Dues Renewal Service
Cost effective. Time saving. Convenient.
The key to saving time and money on your ACFE dues
Receive a 10% discount on your dues
each year you are enrolled in the service.
Get $75 off a live ACFE training event.*
Environmentally friendly - paper state-
ments and postage are eliminated.
Your dues are automatically paid
each year no need to write a
check or pay online.
No interruption of member benets
and services.
*Offer expires December 31, 2012. ACFE webinars, online learning and one-day seminars are excluded.
C fff ii TTii i C i CCCCCCCCCCooooooooosssssssssttttttttt eeeeeeeeeeffffffffffffffffffffeeeeeeeeeeeeccccccccccccctttttttttttttiiiiiiiiivvvvvvvvvveeeeeeeee TTTTTTTTTTTiiiiiiiiiimmmmmmmmmeeeeeeeeee sssssssssssaaaaaaaaaaavvvvvvvvvviiiiiiinnnnnnnnnggggggggggg CCCCCCCCCooooooooonnnnnnnnvvvvvvvvveeeeeeeennnnnnnniiiiiieeeeeeeeennnnnnntttttttttttttt.... Cost effective. Time saving. Convenient Cost effective. Time saving. Convenientt. t.
64 Fraud-Magazine.com
show. The credential has helped his career, and the program has
tested his resolve.
I wanted the opportunity to experience the worlds most
entertaining and challenging obstacle course while appearing
on prime-time TV, said Kennedy, the supervising management
analyst for the San Diego Public Utilities Department.
You have probably seen this wildly popular show when
channel surng: Contestants move through a course of twirl-
ing and thrusting padded plastic wheels, giant balls, platforms
and mazes as they are shot with water cannons, pummeled with
exploding airbags and often ungracefully y into pools of water.
From my couch, being on the show looked like it would be
fun, exciting and easy, Kennedy said. After all he was young,
had played college and semi-pro football and was still relatively
t. It was one of the most physically exhausting things I have
ever done in my life!
He auditioned in four casting calls over 1 years, but he
was ready when he got the call. More than 75,000 applied for
season four, and he nally was in the 1 percent that made the
cut. Now ironically nicknamed Sewer Rat by the shows pro-
ducers he is a self-described germophobe who helps secure
funding for San Diegos water and wastewater projects he
worked out frenetically for three months before the shows tap-
ing in May of last year. He ran, biked, swam, jumped rope and
lifted weights. Still, after completing the qualifying run, it must
have taken almost an hour before my heavy breathing stopped!
During the taped competition, Kennedy fought his way to
the top six of 24 contestants in the seminals, but he just missed
the nal push for the $50,000 prize.
Throughout the ordeal, his family, friends and co-workers
cheered him on. Many of them, including members of his
churchs youth ministry, gathered at a pizza parlor to watch the
show last summer. He had told the church kids during his audi-
tions that he would buy a at-screen TV, an Xbox and a Wipeout
video game for each of the three youth classrooms if he won.
Although I didnt win, I didnt have the heart to not get
them anything after they had been looking forward to celebrat-
ing with me for almost two years, Kennedy said. So at the end
of the viewing party he presented all those fun items for one of
the three classrooms. Then daughter Zaria, 11, Kennedys big-
gest fan, led her Pop Warner cheerleading squad in a cheer.
He is not ready to retire from the punishment. He wants
to appear on future all-star shows with other contestants who
also did not quite make it to the nals. Kennedy denitely is
not wiped out.
Dick Carozza
ACFE News
Major Karl J. Flusche, CFE,
USAF, Ret., passed away on
Nov. 16. He was director
and manager of all elec-
tronic evidence collection
activities for Fios Inc.
ACFE President and
CEO James D. Ratley, CFE,
said, Karl was a true profes-
sional. He personied what
we wanted in a CFE.
Flusche was a federal
agent for the Air Force Of-
ce of Special Investigations
for 25 years, specializing in
computer systems analysis,
computer crime investiga-
tions and forensic analysis of computer systems and associated
storage media. He pioneered innovative ways for conducting
forensic analysis of computer-related evidence and was credited
in 1984 with nding the rst-ever use of a computer to hide a
suicide letter. In U.S. vs. Peri (1989), he was able to successfully
recover hundreds of electronically stored pages of classied war
plans that a defecting U.S. soldier had passed on to the East
German Intelligence Service via electronic media the rst
computer spy case in U.S. history.
His father, Don Flusche, was a sergeant with the Dallas Po-
lice Department when Ratley was a police ofcer with the force.
Ratley said Don Flusche had a profound inuence on him. Don
was the nest man I have ever known, and Karl was a chip off
the old block, said Ratley.
Karl Flusche is survived by his wife, Cindy; a son, Karl Jr.;
and a daughter, Lorrie. He enjoyed spending time with their
three grandchildren, and he loved family genealogy, and stamp
and coin collecting.
In Memoriam
Karl was a true professional. He personied what
we wanted in a CFE.
Karl J. Flusche, CFE
January/February 2012 65
Last summer, the General Forum in the Members Only discus-
sion forums on ACFE.com contained a long conversational
stream on whether CFEs need private investigator licenses to
conduct fraud examinations. The consensus among the discus-
sants was a clear maybe. This unequivocal consensus was
based on the private investigator licensing laws and regulations
applicable in the relevant jurisdictions.
Most licensing laws dene the activities that constitute
private investigative work and state that only licensed persons
can engage in those activities. In the U.S., for example, private
investigator licensing is controlled by each state, and 42 states
and the District of Columbia have licensing requirements for
private investigators. (Alabama, Alaska, Colorado, Idaho,
Mississippi, South Dakota and Wyoming do not have statewide
licensing requirements.)
Basically, in most jurisdictions, the question as to whether
an individual must be licensed as a private investigator depends
on whether the individual engages in private investigative
work. And perhaps the most relevant factors in determining
this are how the relevant jurisdictions dene private inves-
tigative work
(or some variation of this term, such as private
detective business or private investigation service) and if the in-
dividual is an employee of an entity or is independent. (Check
out the thread PI Licensure in the General Forum.)
WHAT CONSTITUTES PRIVATE INVESTIGATIVE WORK?
The denition of private investigative work can vary from state to
state, but generally, private investigative work involves engaging
in the business to, or accepting employment to, obtain or furnish
information with reference to any number of matters, including:
Crime, criminals or rleated information.
The identity, habits, conduct, business, occupation, honesty,
integrity, credibility, knowledge, trustworthiness, efciency,
loyalty, activity, movement, whereabouts, afliations,
associations, transactions, acts, reputation, or character
of any person.
The cause or responsibility for res, libels, losses, accidents, or
damage or injury to persons or to property.
Evidence to be used before a court, board, ofcer or investiga-
tive committee.
Detecting the presence of electronic eavesdropping devices.
The truth or falsity of a statement or representation.
1
The above language, which is typical of some state laws,
is quite broad, meaning that it could encompass almost any
investigative profession, including the anti-fraud profession.
The general frameworks of state private investigation statutes,
however, regulate only those who are holding themselves out as
private investigators or conducting a business to perform those
functions. Indeed, these statutes typically exclude those em-
ployed exclusively and regularly by only one employer insofar as
their acts relate solely to the business of that employer.
DOES CONDUCTING A FRAUD EXAMINATION
CONSTITUTE PRIVATE INVESTIGATIVE WORK?
According to the ACFEs 2010 Fraud Examiners Manual, a
fraud examination is a methodology for resolving fraud allega-
tions from inception to disposition. More specically, fraud
examination involves obtaining evidence and taking state-
ments, writing reports, testifying to ndings, and assisting in the
detection and prevention of fraud.
Investigative work is one of many components in a fraud
examination, but it does not include the fraud prevention com-
ponent. That is, fraud examination involves activities outside
the scope of traditional types of investigative work.
While some types of private investigative work may be
limited to reviewing data and evidence for signs of wrongdoing,
most are much more detailed. They require routine investiga-
tive tasks, such as interviewing victims, witnesses and suspects,
and taking their statements. Typically, the private investigator
collects evidence and maintains a chain of that evidence so that
a court of law will not dismiss it. The private investigator writes
detailed reports indicating the chain of events and often testies
in court about that material.
Independent CFEs Need to Check Their
Jurisdictions on PI Licensure Laws
By James S. Peet, Ph.D., CFE
66 Fraud-Magazine.com
If a fraud examiner engages in the typical activities
of investigative work, a private investigators license
might be required. This is because many jurisdictions
have laws that dene investigative work broadly to
include the activities involved in fraud examinations.
Thus, if a CFE conducts fraud examinations or investi-
gations (separate, but similar activities), then this falls
under the purview of investigative work. It does not
matter if the investigations are of a criminal nature
or not; what matters is that the licensing jurisdiction
views them as investigative work.
But even if you engage in investigative work, it is
not denite that you are required to obtain a private
investigator license. Again, these statutes generally leave
free of regulation those employees acting on behalf of
their employers.
You likely will need a private investigators license
if you are an independent CFE (not a paid employee of a
corporation, organization, agency or any other entity).
An example of how an independent CFE could be
involved in investigative work is when a prospective cli-
ent contacts him or her about a possible case of occupa-
tional fraud. If the CFE speaks with the client, obtains
some cursory evidence that points to a particular employee, and
then decides to interview the employee and his co-workers, this
is the beginning of a formal investigation. If the CFE completes
the interviews, takes statements and collects further evidence,
he or she is now well into an investigation, which may lead to
the employees termination and possible arrest. And the CFE
may then testify in court.
In short, if you are paid as an independent CFE (not
employed by an entity) to investigate a crime, you interview
people, and you collect evidence, which may be used before a
court, you will likely be required to obtain a PI license.
Dr. Joseph T. Wells, CFE, CPA, founder and chairman of
the ACFE Board of Directors expresses his own opinion suc-
cinctly. If there is any chance at all that a state licensing board
could view you as holding out as an investigator, do yourself
a favor and get licensed, Wells said. Many of these state
boards are self-funding and actively look for anyone that can
be construed to be unlicensed because it adds to their coffers.
Moreover, if courts or opposing counsel can brand you as an un-
licensed investigator, your case will likely suffer severe damage.
FINER POINTS
Public employees conducting investigations on behalf of their
governmental organizations are exempt from state private
investigator licensing laws as long as the investigations are in
the performance of their ofcial duties.
Most CPAs are also exempt, as long as the work they do for
their clients does not extend beyond the services traditionally
offered by CPAs and into activities within the scope of tradi-
tional investigative work. In many jurisdictions, once someone
leaves straight accounting and begins forensic accounting, a PI
license may be required. This is most often the case when some-
one begins interviewing victims, witnesses and suspects. The
person is no longer just reviewing data or evidence but is con-
ducting a private investigation, as determined by law. Although
some CPA activities could fall within the broad denitions in
state private investigator licensing laws, the AICPA maintains
that CPAs should be exempt from state private investiga-
tor licensing laws.
2
Regardless of what the AICPA maintains,
though, jurisditional laws always take precedence.
Lawyers are also usually exempt from PI license require-
ments if they are acting in their capacities as attorneys. For
example, Nevada provides that [e]xcept as to polygraphic
examiners and interns, this chapter does not apply [t]o an at-
torney at law in performing his duties as such. Nev. Rev. Stat.
section 648.018.
If a lawyer decides to help another lawyer investigate
fraud who is not in his or her rm, then the exception might
ACFE News
Private Investigator Licensing in Canada and the United States
PI License Required:
Yes No
Note: Hawaii, Puerto Rico and the
District of Columbia require PI licenses,
but Guam and the U.S. Virgin Islands do not.
January/February 2012 67
not apply and that lawyer might need
a PI license.
As mentioned, those conducting
internal audits/investigations for corpo-
rations that employ them are generally
exempt from state private investigator
licensing laws. (These CFEs are usually
internal auditors or internal investiga-
tors.) A couple of jurisdictional excep-
tions mostly in Canada require
corporate CFEs to obtain PI licenses,
but this is not the norm.
What if you do not conduct actual
investigations but work as a consultant
to develop fraud prevention programs
or review materials for others, such as
law enforcement agencies or law rms?
There is a ne line between consult-
ing, reviewing and investigating, so you
should check with your licensing juris-
diction. Most jurisdictions do not require
a license if you are only a consultant and
do not engage in investigative work. Fur-
thermore, if you are a forensic accoun-
tant (one who reviews and analyzes data
for purposes of litigation but does not
collect data or interview individuals) or
a computer forensic consultant, you may
be exempt from licensing. Most state
laws are unclear on this matter. A few
states, such as Texas, specically require
computer forensic professionals to be
licensed as private investigators.
CROSSING JURISDICTIONAL BOUNDARIES
To throw yet another monkey wrench
into the gears, what if your work takes
you over jurisdiction lines? Some states
or countries do not have reciproc-
ity agreements with other states or
countries. A CFE may be legal in one
jurisdiction but not in another. Other
places grant reciprocity to PIs up to 30
days to investigate cases originating in
their home jurisdictions.
2012 Fraud Examiners Manual
NOW AVAILABLE
The essential resource for anti-fraud professionals
has been updated with even more information valuable to fraud
ghters worldwide. Stay up-to-date with latest changes in laws,
statistics, fraud examination techniques, methodology and
procedures with the new 2012 Fraud Examiners Manual. Because
no other works provides such a comprehensive guide for the
anti-fraud professional, every fraud ghter should keep a copy in
their library.
Important updates for 2012 include:
New chapter on Fraud Risk Management
New chapter on Corporate Governance
New coverage of the whistle-blower provisions of the Dodd-Frank Act
Updated Computer and Internet Fraud chapter, including expanded
material on:
Methods fraudsters use to gain unauthorized access to
computer systems
Data manipulation and data destruction, including a discus-
sion on some of the common methods used to destroy and
manipulate data
Ways organizations can prevent unauthorized access to their
computer systems
Log management and analysis as a means to detect unauthorized
access to computer systems
Conducting investigations regarding computer crimes, including
a new eight-step plan for responding to such issues
U.S. Edition Now Available. International Editions Coming Soon.
Visit ACFE.com/Shop to order your copy today
68 Fraud-Magazine.com
KEEP IT LEGAL
If you are an independent CFE, check with your jurisdictions
licensing agency and get its response in writing. Better to be
on the safe side than to have your credibility destroyed in court
because you were not legal.
Useful resources for checking out U.S. private investigator
licensing is the CrimeTime.com website linking all the states
licensing agencies, http://tinyurl.com/kqp6uj, and Michael
Kesslers website on forensic accounting licensing,
http://tinyurl.com/86q7z3s.
See the map on page 66 for those states and provinces in
North America that require PI licenses.
James S. Peet, Ph.D., CFE, is an instructor at Highline
Community College in Des Moines, Wash., and principal manager
at Peet & Associates LLC in Enumclaw, Wash. He is also a licensed
Washington State private investigator. His email address is:
jpeet@peetassociates.com.
1
This denition was taken from the Revised Code of (the state of )
Washington 18.165.10, the law regulating Private Investigators. Some
state statutes contain language that is more vague and open-ended. For
example under Nebraksas statute (Neb. Rev. Stat. 71-3201), a private
investigator is one who engages in the secret service or private policing
business, which shall mean and include: general investigative work,
non-uniformed security services, surveillance services, location of miss-
ing persons and background checks.
2
American Institute of CPAs. (2011). Digest of State Issues: For the CPA
Accounting Profession 2011. Retrieved from http://tinyurl.com/89bkarb.
ACFE Asia-Pacic
Conference a Hit
The rst-ever ACFE Asia-Pacic Conference held Oct. 23-25
in Singapore was a great success, with more than 200 attendees.
Speaker highlights included Aedit Bin Abdullah,
chief prosecutor of both the Criminal Justice Division and the
Attorney-Generals Chambers in Singapore; ACFE President
and CEO James D. Ratley, CFE; and Mark Steward, executive
director, Enforcement Division, of the Securities and Futures
Commission of Hong Kong. Attendees participated in educa-
tional workshops and lively panel discussions covering such
topics as anti-bribery efforts and corruption enforcement.
The ACFE Asia Pacic Fraud Conference in Singapore
was a real eye opener for me, said Kevin Taparauskas, CFE,
ACFEs director of events and marketing, who also attended.
I knew that the ACFE had loyal members in the region. But I
was extremely impressed with the enthusiasm of our attendees
and dedication to truly growing the profession that I witnessed.
I now understand why this has been our fastest-growing region
in the world for the last several years.
For our part, the ACFE intends to fully support and help
facilitate ongoing growth in the Asia Pacic, he continued.
I announced at the conclusion of the conference that the
ACFE would be holding our rst CFE Exam Review Course
in the area March 26-29, 2012. In addition, we are working
on a regional call center, based in Singapore, that will greatly
improve support all of our members in the Asia-Pacic region
and beyond.
ACFE News
Photos by Patrick Ong
January/February 2012 69
the name of the student; up came 25
individuals with the same name, along
with their proles. I contacted the
student and asked him for an explana-
tion. He said he never contacted me via
LinkedIn, but he had used his Gmail
account to email me throughout the
course. The only explanation I have is
that the hacker stole his Gmail account
from the LinkedIn website and used it
to capture a contact list, which included
my email address.
The fth suspect email included
a message, with an embedded link,
that read, Your LinkedIn account was
blocked due to inactivity. Please follow
this link to learn more. Thank you for
using LinkedIn! The LinkedIn Team.
I do not have a LinkedIn account,
so I can only assume it was another
fraudsters attempt to install the ZenuS
malware on my computer. If you receive
a similar message, do not click on the
embedded link. If you know the indi-
vidual, contact that person to see if he
or she sent it, and if they did not, alert
LinkedIn. I am sure that LinkedIn is
doing an excellent job trying to prevent
this type of fraud. However, its website is
a gold mine of personal information for
fraudsters to exploit with their schemes.
MORE FOR THE COMMUNITY
To help prevent identity theft, share
these scams with your friends, family and
colleagues. Contact me if you have any
identity theft issues that I might be able to
research and report back. Stay tuned!
Robert E. Holtfreter, Ph.D., CFE,
CICA, is distinguished professor of ac-
counting and research at Central Washing-
ton University in Ellensburg, Wash. His
email address is: holtfret@cwu.edu.
TAKING BACK THE ID
cont. from page 57
Order your course today at ACFE.com/compliance.
CPE Credit: 4
Course Level: Intermediate
Prerequisite: None
FCPA Compliance:
Creating an Effective Anti-Corruption
Compliance
Program
FCPA Compliance:
Creating an Effective Anti-Corruption
Compliance
Program
NEW! ONLINE SELF-STUDY
Since its enactment, the FCPA has had an enormous impact
on the way organizations around the world conduct business
domestically and abroad. As a result, it is important for you
and your company to understand the intricate and interlocking
network of criminal and civil laws designed to combat
transnational bribery.
FCPA Compliance provides relevant information on the current
legal and regulatory framework of the governments efforts to
combat bribery in international trade. More specically, this
course provides an overview of the FCPA and other international
anti-corruption initiatives, advises how companies can establish
compliance programs to detect and minimize violations of law
and examines bribery risk assessments.
What you will learn:
The principal components of the FCPA
14 essential elements of an effective compliance
program
Creating an FCPA Risk Assessment
The 7 core risk factors of FCPA
CPE QUIZ No. 100 (Vol. 27, No. 1)
Circle the correct answers and mail to the ACFE with four other completed quizzes
published within the last 24 months and the CPE Quiz Payment Form (see next page).
Name
ACFE Member No.
1. According to the opening case in the article, Fraud in Houses
of Worship, the perpetrator:
a. Was a former youth minister.
b. Had been defrauding the 2,000-member church for 36
months.
c. Was in nancial trouble.
d. Admitted everything in a teary confession.
2. According to the opening case in the article, Fraud in Houses
of Worship, the perpetrator had been defrauding the church by:
a. Writing herself duplicate paychecks.
b. Stealing cash from donation deposits.
c. Taking out credit card accounts in the church name.
d. All of the above.
3. According to the KU ticket scandal case in the article, Fraud in
Collegiate Athletics:
a. Ticket sales amounted to more than $2.5 million at face
value and could range as high as $3.7 million in market
value.
b. Athletic department members did not improperly use or resell
complimentary tickets reserved only for charitable organizations.
c. Evidence suggested that several coaches were involved in the
schemes.
d. The culprits concealed these thefts by simply charging tickets
to ctitious accounts and not recording the ultimate recipients.
4. According to the article, Fraud in Collegiate Athletics:
a. Part of the difculty in dealing with ticket sale frauds in
college athletics is that the sheer volume of money invites theft.
b. The U.S. Equity in Athletics Disclosure Act requires colleges to
le annual reports with the U.S. Department of Intercollegiate
Sports.
c. Frequently, two individuals control the daily nancial
management of an athletic department.
d. Winning often contributes to sound nancial management.
5. According to the article, The 10 Tell-Tale Signs of Deception,
linguistic text analysis involves studying the language, grammar
and syntax a subject used to describe an event to detect any
anomalies.
a. True.
b. False.
6. According to the article, The 10 Tell-Tale Signs of Deception:
a. Deceptive people often use language that maximizes
references to themselves.
b. In oral statements and informal written statements, deceptive
witnesses never omit self-referencing pronouns.
c. Truthful people usually describe historical events in the past tense.
d. Deceptive people never refer to past events as if the events
were occurring in the present.
7. According to the article, Overachieving Fraud Wolves in
Sheeps Clothing, the author in the case:
a. Was an in-house consultant.
b. Zeroed in on the accused employees because the tipster had
provided specic details of the alleged fraud conduct.
c. Expanded the investigation to several previous months and
increased the sampling of calls and accounts.
d. After reviewing consumer complaints, he found questionable
conduct.
8. According to the article, Overachieving Fraud Wolves in
Sheeps Clothing, CFEs are trained to focus their sights on the
business resources, processes, procedures, employee activities
and personnel to detect the potential for, and existence of, the
fraud triangle factors.
a. True.
b. False.
9. According to the article, Breaking Breach Secrecy, Part 3:
a. Organizations and individuals who do a horrible job
protecting personal data, of course, create conditions that
lead to the majority of data breaches.
b. The PRCH describes itself as a for-prot consumer education
and advocacy project.
c. The PRCH denes unintended disclosure as electronic entry
by an outside party.
d. For the past seven years, the Verizon Business Risk Team has
prepared the Data Breach Summary Research Report.
10. According to the Holtfreter/Harrington Data Breach Analysis
Report, described in the article, Breaking Breach Secrecy, Part 3:
a. Few individuals believe that the majority of compromised
records and related breaches are externally driven.
b. Internal hackers caused more of the compromised records.
c. The results strongly indicate that the organizations
experiencing these data breaches lack strong comprehensive
data protection programs.
d. Thirty-eight percent of the total breaches result from the
internal improper protection and disposal of data.
Fraud Magazine CPE Quiz Payment Form
READ the feature articles and columns in any ve issues of Fraud
Magazine published within the last 24 months.
CIRCLE the correct answers to the quizzes in the back of the issues.
REGISTER by completing the form below and mailing or faxing in your $69
fee and ve quizzes together.
1
2
3
3
EASY
STEPS:
PLEASE NOTE: The Fraud Magazine CPE Service CPE credits apply only
to the CFE status and not to any other professional designations. Fraud
Magazine CPE Service is not registered with the National Association of
State Board of Accountancy (NASBA).
Once youve passed all ve quizzes (with a score of 70% or better on each quiz), the ACFE will e-mail you a certicate
of completion. You will receive 10 of the 20 hours of CPE credit required annually to maintain your CFE credential.
YES! I want to register for the Fraud Magazine CPE Service to earn 10 hours of CPE for only $69. I have enclosed
payment along with my ve quizzes.
Name, rst and last ( Dr. Mr. Mrs. Ms.) Certied Fraud Examiner? Yes (if yes, member #) No Other designations (CPA, etc.)
Company Title
Home Work Address
City State/Province Zip/Postal Code Country
Phone number ( Home Work) Fax number ( Home Work)
Local Chapter E-Mail Address ( Home Work) Send me your FREE FraudInfo e-newsletter
METHOD OF PAYMENT
Charge my (check one). Cards charged in U.S. dollars. Name on Card Card Number
Expiration Date (month/year) V-Code (on back / front of AMEX)
Billing Address
City State Zip/Postal Code Country
Signature
Check or money order enclosed (made payable to the Association of Certied Fraud Examiners).
ASSOCIATION OF CERTIFIED FRAUD EXAMINERS
vorld Headquarlers The Cregor Building 7!6 vesl Ave Auslin, TX 7370!-2727 USA
|300) 245-332! / ! |5!2) 473-9000 ! |5!2) 473-9297 Fraud-agazine.con nenberservices_ACFE.con
Download archived quizzes and this payment form at
Fraud-Magazine.com/CPE-Quiz-Archive.aspx.
FRAUD MAGAZINE CPE QUIZ PAYMENT FORM
January
sun mon tues wed thurs fri sat
22 23 24 25 26 27 28
February
29 30 31 1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
March
26 27 28 29 1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Legal Elements
of Fraud
Examination:
Charlotte, NC
Conducting Internal Investigations:
Charlotte, NC
Fraud Related
Compliance:
Louisville, KY
Healthcare Fraud:
Louisville, KY
Data Analytics:
New York, NY
Investigating on the Internet:
New York, NY
Fraud
Prevention:
Baltimore, MD
Money Laundering: Tracing Illicit
Funds: Baltimore, MD
Interviewing Techniques for Auditors:
Ft. Lauderdale, FL
2012 ACFE European Fraud Conference: London
Introduction to Digital Forensics:
New Orleans, LA
Investigating
Conicts of
Interest:
Los Angeles, CA
Fraud Risk Management:
Los Angeles, CA
CFE Exam Review: Dallas, TX
Contract & Procurement Fraud:
Phoenix, AZ
ACFE Calendar of Events
For information or to register, visit ACFE.com/Training
April
15 16 17 18 19 25 21
22 23 24 25 26 27 28
May
29 30 1 2 3 4 5
6 7 8 9 10 11 12
June
17 18 19 20 21 22 23
July
22 23 24 25 26 27 28
August
5 6 7 8 9 10 11
12 13 14 15 16 17 19
26 27 28 29 30 31 1
Mortgage Fraud:
San Diego, CA
Early Registration
Savings
Find the events that you
want to attend. Register
and pay before the
Early Registration Dead-
line listed for the event
(generally one month
before event start date)
and SAVE $95 or more
off of the regular price
for the event.
Combo Event Savings
Register to attend two
events being held
consecutively in select
cities and receive $100
in savings! Combo
events are designated
with this icon:
Group Savings
Select the event that
best suits the learning
needs of your group.
Gather a team of at
least three or more
individuals to register
together. Call the ACFE
at (800) 245-3321 or
+1 (512) 478-9000 to
determine your savings.
Three ways
to save!
*Location and/or topic are subject to change.
Financial Statement Fraud:
Columbia, SC
Principles of Fraud Examination:
Austin, TX
CFE Exam Review Course: Las Vegas, NV
Digital Forensics Tools & Techniques:
Chicago, IL
Professional Interviewing Skills:
Providence, RI
23rd Annual Fraud Conference & Exhibition: Orlando, FL
Interviewing Techniques for Auditors:
Denver, CO
CFE Exam Review Course: Chicago, IL
Fraud Related
Compliance:
New York, NY
Auditing for Internal Fraud:
New York, NY
Professional Interviewing Skills:
San Francisco, CA
Fraud Risk Management:
Philadelphia, PA
CFE Exam Review Course: Boston, MA
Scan the QR code* with your mobile device to view a brief customer
video or visit sas.com/bankfraud for the complete success story video.
Stamp out fraud.
With SAS
Analytics, you can score millions of transactions a day in real time to detect fraud faster, reduce
risk, streamline investigations and prevent losses. Decide with confdence.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration. Other brand and product names are trademarks of their respective companies. 2011 SAS Institute Inc. All rights reserved. S76016US.0711
*Requires reader app to be installed on your mobile device
ANALYTICS