India's High-Tech Fraud Busters

Companies from Bharti Airtel to ICICI Bank are moving aggressively to fight phishing and other menaces

Major telecom player Bharti Airtel, for one, has aggressive technology systems in place to check against fraudulent activities. For instance, every time a high-value call is made, the subscriber receives a phone call to ensure that particular call was indeed made by the mobile customer.

India's second-largest bank ICICI Bank also tackles the phishing menace through a complex IT setup that alerts the ICICI system every time someone puts up a Web site that looks similar to the bank's official site.

"The biggest branch of ICICI Bank is its server," said Salem Raveendhrun, the bank's head of risk containment unit. "It is open 24 by 7, and its watchmen are the firewalls."

"But firewalls are not the only watchmen ICICI Bank is relying on," he said. "A whole host of IT professionals and solutions are working overtime to combat fraud."

Raveendhrun was a participant in one of two recent panel discussions—held in Delhi and Mumbai—that were hosted by consultancy firm PricewaterhouseCoopers (PwC), and also included senior executives from sectors such as banking, FMCG (fast-moving consumer goods), travel, consultancy and telecommunications. PwC had gathered the panelists in a bid to understand the level of fraud risk Indian companies are facing, and found that each executive had fraud-related anecdotes to share.

"In India, the experience of fraud is going up significantly," Sunil R. Chandiramani, national director of risk and business solutions, Ernst & Young India, said in a phone interview with ZDNet Asia.

According to Chandiramani, the incidence of fraud is on the rise in almost every fast-growing industry or sector, fueled primarily by a company's inability to implement internal processes that keep pace with its high-growth rate.

Ernst & Young recently released the findings from its 9th Global Fraud Survey, which found that 42 percent of respondents in India—senior corporate professionals—said the incidence of fraud has increased over the last two years. Over 24 percent noted an alarming rise in the trend.

This was in sharp contrast to the global findings, where only 27 percent of the respondents felt fraud had increased in the last two years and only 7 percent said the increase was significant.

Another fraud survey conducted by consulting firm KPMG found that fraud risk was perceived to be highest in the financial sector, followed by the information, communication and entertainment sectors.

Chandiramani added: "[Another] three sectors that are growing very rapidly and experiencing high fraud rates are financial services, technology and capital projects or construction."

Deepankar Sanwalka, executive director and head of forensic at KPMG India, noted: "The threat perception for these sectors is generally higher mainly on account of two factors—the nature of their business, and the high growth rates achieved by these sectors.

"In the last two to three years, sectors like venture capital, private equity and telecom have witnessed tremendous growth," Sanwalka explained. "Consequently, the fraud risk threat in these sectors is perceived to be higher as opposed to sectors like retail, food and transportation."

Big fish, big target

And the bigger the company, the higher the risk of fraud.

"For a group the size of Bharti, the opportunities for fraud are huge," said Sarvjit Dhillon, CFO and director for strategy, Bharti Airtel, who was also a panelist at the PWC roundtable held in New Delhi. "Our turnover is around US$4.5 billion. So even at a modest risk factor of 5 percent, the opportunity for fraud—at US$223 million—is huge."

"On an average, we handle transactions worth US$1 billion a day through our 40 million subscribers," Dhillon said.

Most frauds the telecom industry currently faces occur at the subscriber end.

According to Rajashri Sengupta, executive director at PwC, "pseudo churn"—where the same customer signs up for a service under different names—is a very common type of fraud in the telecom industry.

"Defaulting individuals come back to the network, with different names," Sengupta explained. "For instance, Rajashri Sengupta could come back as a subscriber to the network as R. Sengupta or Rajashri S. These fraudsters make high-value calls and then default on their bills."

However, modern technology tools are quick in mitigating such fraudulent activities. According to data provided by Ernst & Young, three kinds of software are available today that help check against fraud:

— application fraud detection software;

— live analysis or incident response to frauds; and

— e-discovery software.

While application fraud detection software prevents fraud, the second category of software enables previewing, securing and preserving digital evidence at a crime scene. And e-discovery software is used for investigating fraud.

Today, Indian companies rely on an increasingly complex IT infrastructure to help fight against fraud.

KPMG's Sanwalka said: "IT systems often hold the answer to a number of questions which individuals fail to establish. According to KPMG's fraud survey, about 13 percent of respondents said they detected fraud through IT controls.

PwC's Sengupta added: "Technology can be used in various ways to prevent fraud." For instance, he said, there are technology tools that can help detect duplication of data.

Technology can also help evaluate internal measures in a company. "Firms can undertake drills to check whether someone can breakthrough their firewalls or not," he added.