Archive

Archive for the ‘financial crime and fraud’ Category

USPS OIG — eCommerce Customer Registration

August 28, 2014 Comments off

eCommerce Customer Registration (PDF)
Source: U.S. Department of Health and Human Services, Office of Inspector General

Background
The U.S. Postal Service’s Customer Registration application allows customers to create accounts through USPS.com to purchase products and services through over 40 eCommerce applications such as Every Door Direct Mail, Premium Forwarding Service, Click-N-Ship, and the Postal Store. Customers must provide personally identifiable information to create an account. There were over 24 million Customer Registration users as of June 2014 and revenue totaled about $1.2 billion in fiscal year (FY) 2013.

Our objective was to determine the effectiveness of controls used to safeguard the eCommerce Customer Registration process and reduce online credit card fraud.

What the OIG Found
Controls used to safeguard the eCommerce Customer Registration process and reduce online credit card fraud need improvement. Management has not established a threshold for fraud-related chargebacks (transactions rejected by credit card companies) for the four eCommerce applications in our review. As a result, management cannot objectively measure when to increase oversight and controls to reduce fraud.

Of the four applications, Click-N-Ship’s credit card fraud-related loss of $4.6 million was above the industry’s recommended threshold for acceptable levels of credit card fraud in FY 2013. In addition, management did not always ensure all credit card company chargebacks were validated.

Further, seven of the eight Customer Registration controls we tested worked as management intended. However, we identified one vulnerability that could permit a cyber criminal to impersonate a valid user and obtain postage using stolen credit card data. Finally, we did not identify any critical or high-risk vulnerabilities when conducting over 3,000 additional tests of the USPS.com login page.

What the OIG Recommended
We recommended management establish a threshold for credit card fraud and develop a policy defining chargeback roles and responsibilities. We also recommended management maintain chargeback research results from all eCommerce managers and configure eCommerce applications to prevent the noted security vulnerability.

About these ads

TIGTA Issues Report on the IRS’s External Leads Program

August 28, 2014 Comments off

TIGTA Issues Report on the IRS’s External Leads Program
Source: Treasury Inspector General For Tax Administration

Participation in the Internal Revenue Service (IRS) External Leads Program is growing, resulting in the receipt of a significantly larger volume of leads about questionable tax refunds, but the IRS is not always verifying the leads timely, according to a new report by the Treasury Inspector General for Tax Administration (TIGTA).

The IRS’s External Leads Program receives leads about questionable tax refunds identified by a variety of partner organizations that include financial institutions, brokerage firms, government and law enforcement agencies, State agencies and tax preparers. The questionable tax refunds include Treasury checks, direct deposits, and prepaid debit cards.

The overall objective of this review was to assess the effectiveness of the IRS’s External Leads Program in recovering questionable tax refunds.

Since taking over the External Leads Program in January 2010, the IRS’s Wage and Investment Division has performed outreach in an effort to continuously increase the number of organizations participating in this program, TIGTA found. Participation and the number of questionable refunds returned and dollars associated have grown significantly. The IRS measures the External Leads Program’s success by volume and dollars associated with questionable returned refunds.

The program has grown from 10 partner financial institutions returning $233 million in 2010 to 258 partner financial institutions and partner organizations returning more than $576 million in 2013.

“The IRS’s External Leads Program has more than doubled the amount of questionable refunds returned over the past three years, thus saving tax dollars,” said J. Russell George, Treasury Inspector General for Tax Administration. “However, opportunities exist to improve the program,” George added.

According to the report, the IRS is not always verifying leads timely, and verification time frame goals differ significantly based on the lead type. The timely verification goals do not take into consideration the burden on legitimate taxpayers whose refund is being held until the verification is completed.

In addition, leads are inconsistently tracked in multiple inventory systems, and the inventory systems do not provide key information such as how the lead was resolved.

TIGTA recommended that the IRS establish more consistent time frames to verify leads; communicate these verification time frames to external partners; develop a process to ensure that leads are verified timely; consolidate the current lead inventory tracking systems into a single tracking system; and ensure that key information is captured as to how each lead is resolved.

The IRS agreed with TIGTA’s recommendations and is evaluating the treatment streams and work processes associated with the various types of referrals received in the External Leads Program to identify appropriate time frames; working to improve the effectiveness of existing reporting capabilities in evaluating program quality and timeliness; and evaluating the feasibility and potential benefits of consolidating the independent inventory tracking databases into one system.

New From the GAO

August 21, 2014 Comments off

New GAO Report
Source: Government Accountability Office

Supplemental Nutrition Assistance Program: Enhanced Detection Tools and Reporting Could Improve Efforts to Combat Recipient Fraud. GAO-14-641, August 21.
http://www.gao.gov/products/GAO-14-641
Highlights – http://www.gao.gov/assets/670/665382.pdf

Survey: lawyers ready to join in major push to spot and report financial fraud targeting older Americans

August 12, 2014 Comments off

Survey: lawyers ready to join in major push to spot and report financial fraud targeting older Americans (PDF)
Source: Investor Protection Trust (IPT), the Investor Protection Institute (IPI), and the American Bar Association (ABA)

Nine out of 10 practicing attorneys surveyed by the Investor Protection Trust (IPT), the Investor Protection Institute (IPI), and the American Bar Association (ABA) are willing to take part in a new campaign to address the estimated 20 percent of older America ns who have been the victims of investment fraud and financial exploitation.

In releasing the survey findings, the three groups announced that they are launching the Elder Investment Fraud and Financial Exploitation (EIFFE) Prevention Program Legal. The EIFFE Prevention Program Legal will develop, test, and implement a model national continuing legal education (CLE) program to teach lawyers to: (1) recognize clients’ possible vulnerability to EIFFE due to mild cognitive impairment (MCI); (2) identify EIFFE in their clients; and (3) report suspected instances of EIFFE to appropriate authorities. In June 2010, the Investor Protection Trust released a national survey showing that one out five older Americans are victims of financial swindles.

+ Survey Results (PDF)

Digital Forensics in the Mobile, BYOD, and Cloud Era

August 1, 2014 Comments off

Digital Forensics in the Mobile, BYOD, and Cloud Era
Source: Deloitte

Quick, decisive action is often crucial to determining the facts and protecting an organization’s interests, whether the impetus is suspected fraud, a whistleblower claim, a lawsuit, or a regulatory inquiry.

Organizations can strengthen their ability to address this diverse array of risks by establishing digital forensics as a standard procedure very early in internal investigations and making sure investigations encompass all possible data sources, while avoiding some potential pitfalls in forensics application.

“Digital forensics in the mobile, bring-your-own-device and cloud era” talks about the 3 potential pitfalls in digital forensics and how important it is to regard digital forensics as a standard procedure, and scope it in as early as possible in an internal investigation.

EU — Fighting fraud: Major progress in anti-fraud policy but Member States must do more to combat fraud

July 31, 2014 Comments off

Fighting fraud: Major progress in anti-fraud policy but Member States must do more to combat fraud
Source: European Commission

Member States must step up their work to prevent, detect and report fraud affecting EU funds, according to the Commission’s annual report on the protection of financial interests (PIF report). The report sets out detailed recommendations on areas that national authorities should particularly focus on in this respect. The report finds that detected fraud in EU spending accounts for less than 0.2% of all funds. Nevertheless, the Commission believes that greater efforts at national level both on combatting and detecting fraud should be deployed. The annual PIF report therefore recommends, amongst other things, that Member States review their controls to ensure they are risk-based and well-targeted.

On the positive side, the report notes that good progress is being made at national level to implement new rules and policies which will strengthen the fight against fraud in the years ahead. Moreover, at EU level, the past 5 years have seen major advances in shaping a stronger anti-fraud landscape. These initiatives can have a marked impact on fraud levels, once they are fully implemented.

Approaches for Establishing Fraud Risk Assessment Programs and Conducting Fraud Audit Risk Assessments Within the Department of Defense

July 25, 2014 Comments off

Approaches for Establishing Fraud Risk Assessment Programs and Conducting Fraud Audit Risk Assessments Within the Department of Defense
Source: U.S. Department of Defense, Office of Inspector General

Objective
The objective of the review was to identify approaches for establishing fraud risk assessment programs and conducting fraud risk assessments within the DoD. The review focused on various DoD activities including procurement, retail, and financial operations.

What We Found
We identified numerous innovative approaches for conducting fraud risk assessments. Of the 33 DoD organizations we interviewed,* 13 were conducting entity-wide risk assessments, 26 were conducting fraud risk assessments when performing audit-related work, 23 were providing fraud awareness training, and 3 were concentrating on internal control evaluations.

DoD entities are encouraged to modify any of the described approaches to suit their specific mission, size, and fraud vulnerabilities. The approaches were developed through research and interviews with 100 subject matter experts representing DoD organizations, academic institutions, private companies, and nonprofit organizations.

Fraud risk assessment approaches developed by the Marine Corps Nonappropriated Funds Audit Service; Army and Air Force Exchange Service, Audit Division; and the Army Audit Agency are highlighted within this report. Additionally, entity-wide fraud risk assessment approaches developed by the DoD Investigative Organizations; Naval Exchange Service Command, Office of Internal Audit; and the Naval Sea Systems Command Office of the Inspector General are also discussed in detail. The report also contains information on auditor and entity-wide fraud risk assessment approaches developed by external DoD organizations.

We used documentation obtained from the subject matter experts to develop example documents included in the report Appendixes. Example documents include audit organization fraud risk assessment policies, financial statement audit fraud interview questionnaire, and an entity-wide fraud risk assessment report. The report also provides information on auditor fraud brainstorming and interviewing techniques and DoD fraud case study examples.

Management Comments and Our Response
We have incorporated draft report comments received from the Commander, Naval Sea Systems Command; Naval Audit Service; Defense Health Agency; Defense Information Systems Agency, Office of the Inspector General; Air Force Office of Special Investigations; and Board of Regents of the University System of Georgia. No further comments are required.

Follow

Get every new post delivered to your Inbox.

Join 899 other followers