Employee fraud collusion is a serious and yet underestimated threat to businesses.

According to the latest Association of Certified Fraud Examiners study, occupational fraud cost organizations more than $7 billion in the past year. 22% of cases caused losses greater than $1 million and the median loss figures were always far larger when two or more employees colluded to commit fraud — $339,000 compared to $150,000.

It’s never pleasant to have to consider the possibility that employee fraud is taking place in your business. It’s even more disturbing to think about multiple employees colluding to rob you blind. But the simple fact is, employee fraud collusion could be taking place in your organization as we speak. Ignoring the possibility won’t make it go away, but if you take action now you can prevent an unfortunate (and unnecessary) financial loss from taking place.

The good news is that these 5 simple steps can go a long way in locking down the threat of employee fraud collusion:

Step 1: Monitoring user behavior

Monitoring user behavior seems like such a simple thing to do, but its importance as a first step in a comprehensive security strategy can’t be overstated. Only by monitoring employee activity is it possible to recognize the unusual behavior that’s indicative of a potential security problem, such as unexpected changes being made to information systems.

That being said, a monitoring system that simply tracks user activity only solves half the problem, catching issues after they’ve already occurred. To be truly effective, a monitoring system should also track data searches for early warning that employees could be planning inappropriate activity. For example, a bank employee interested in depleting a dormant account will first search for inactive accounts with high balances before taking any action.

With a monitoring system in place you’ll be well on your way to identifying and eliminating fraud collusion in your organization—but your mission shouldn’t stop there.

Step 2: Understand the context of employee behavior

Monitoring activity alone isn’t enough because employees who are intent on committing fraud quickly learn the limits of the safety controls that have been put in place and find a way to work around them. For example, bank employees know the transaction threshold that will set off red flags about potentially suspicious activity. To avoid detection they simply siphon off smaller amounts over a longer period of time. Devious—and very dangerous to your organization.

To more accurately identify fraud attempts it’s important to have context – and that’s where analytics come in. Employing an analytics engine in conjunction with monitoring will help you understand how the behavior of individuals compares to the normal behavior of other employees with similar roles. Take, for instance, a back-office employee who makes a query about accounts that have been inactive for 8-9 months (which is incidentally right before they’re automatically rendered dormant). In and of itself, that behavior seems reasonable enough. It’s not until you have a broader understanding of typical network traffic that you can see it as a potentially suspicious activity — someone with that role would never need to make that query.

Step 3: Correlate activities across the organization

While it’s typical for a business to segregate functions between roles to lessen the opportunities for collusion (e.g. only allowing back office clerks to reactivate dormant accounts but not transfer funds), these restrictions are easy enough to overcome when there’s a team effort to defraud. The back office clerk would only have to work with a teller who does have the authority to transfer funds (but cannot change account status) in order to liquidate dormant accounts. That connection would never be made unless there was an anti-fraud system in place that monitored and correlated all activities across back office, transactional systems, branch offices, e-channels and all other systems.

Step 4: Detecting commonalities in employee actions

There is a common sense element to defending against employee fraud which is as simple as “if it seems suspicious, it probably is.”

If two employees are conducting an excessive amount of activity on the same account (especially if they’re the only employees accessing that account), that’s a big red flag that collusion is taking place and it should be looked into by your fraud investigators.

Step 5: Connect all the dots

So at this point you’ve done all the dirty work necessary to (mostly) lock down your network.

Now it’s time to just take the last little step that will make all the difference in the success of your fraud collusion security strategy: connecting all of the dots. Since collusion involves multiple employees and suspicious events, visual link analysis is critical to uncovering the sophisticated scenarios that would be impossible to spot otherwise. Implement a tool that can cluster events and use visual displays to identify trends. Doing so will not only speed up your investigations, it will also lead to faster resolutions.

As you think about your security strategy for the coming year, make sure to include protection against employee fraud collusion. It may only make up a small portion of the overall fraud landscape, but it is nonetheless an invasive threat to the security of your organization.

Posted by Boaz Krelbaum

As the General Manager of Cyber Fraud & Risk Management for Bottomline Technologies, Boaz Krelbaum helps organizations reduce risk, prevent fraud and meet regulatory compliance requirements.