Detecting complex account fraud in the enterprise: The role of technical and non-technical controls

Complex fraud, involving heightened offender knowledge of organizational processes, can be especially damaging to the firm. Much research has focused on technical, quantitative detection methods. This paper uses multidimensional scaling of empirical fraud event data from a large telecommunications firm to illustrate how technical and socio-technical fraud controls are used to detect fraud at varying levels of time exposure and dollar loss. The evidence suggests that technical controls only detect one third of fraud cases with zero time exposure and loss. More complex fraud is detected with a range of technical and socio-technical controls from inside and outside the firm. Interviews with twelve fraud managers and investigators are used to confirm the findings.