Nearly all employers say threat of deepfakes has increased risk of fraud: survey
The rise in artificial intelligence (AI)-generated deepfake scams is keeping Canadian business leaders up at night, according to a recent KPMG report.
Overall, 95 per cent of employers say that the threat of deepfakes has increased the risk of fraud at their companies.
And 91 per cent worry that generative AI will give criminals more opportunities to launch corporate misinformation and disinformation campaigns using deepfakes.
Many employers are currently experiencing or have experienced being a victim of fraud before, according to the report.
Source: KPMG
Overall, 31 per cent of Canadian companies that have experienced external fraud have been the target of misinformation or disinformation campaigns – where outsiders spread false or misleading information on social media.
"Respondents overwhelmingly told us the fraud landscape is becoming more complex, with 95 per cent saying generative AI and social engineering scams make it easier for fraudsters to deceive, manipulate, misrepresent and conceal their crime. As fraudsters are becoming increasingly sophisticated in their attack methods, it's more and more challenging to deter criminals," says Enzo Carlucci, national forensic leader at KPMG in Canada.
"Organizations need to find new ways to strengthen their anti-fraud programs and stay one step ahead of scammers, or else they could be facing increased financial, legal, regulatory and reputational risks.”
Over one in four Canadian companies have banned the use of generative AI over privacy concerns, according to a previous report from Cisco.
Source: KPMG
On top of that, 87 per cent of employers say the shift to remote work increased the risk of fraud occurring within their company, due to a reduced ability to monitor and control for fraudulent behaviour.
And 84 per cent worry that current economic conditions could potentially drive their employees or their customers to commit fraud out of desperation.
Fraud is costly to employers, according to KPMG’s survey of 300 Canadian organizations victimized by fraud.
More than half (53 per cent) say their company lost between one to five per cent of their profits to fraud in the past 12 months, 35 per cent lost up to one per cent, and seven per cent suffered losses over five per cent. Only four per cent that were impacted by fraud didn't suffer any loss.
How do you control employee fraud?
Nearly nine in 10 (89 per cent) of employers say they had to "scramble or react quickly" to implement a robust fraud detection and prevention program due to a fraud incident.
Now, 77 per cent of employers have a fraud detection program. However, only about four in 10 (39 per cent) call it "extremely effective".
Also, just over half (54 per cent) say they have a fraud prevention program in place. Yet only 37 per cent describe their anti-fraud policies and 38 per cent describe their financial controls as "extremely effective". Only 42 per cent call their fraud risk assessment programs "extremely effective".
On a positive note, almost half (47 per cent) of employers say that they are actively using emerging technologies, such as AI, advanced data analytics, generative AI, automation and biometric verification to mitigate the risk of fraud.
"It's encouraging to see organizations starting to use technology to deter fraud, but not enough of them are," says Marilyn Abate, a partner in KPMG's Forensic and Financial Crimes practice.
"Companies need to use AI to fight AI. These tools are fast-becoming essentials in the fraud toolkit to prevent fraudsters from gaining the upper hand. But if you don't perform regular fraud risk assessments to identify external and internal risks and vulnerabilities, you will always be at a disadvantage."
Here are some other ways to prevent employee fraud, as Daniel Kehrer, founder and managing director of BizBest Media Corp., shares via Score:
- Know your employees.
- Supervise your employees closely.
- The payment, receipt, and preparation of purchase orders should be separate functions and handled by different individuals.
- Use serially pre-numbered sales slips and conduct weekly audits.
- Make unannounced internal audits and have a yearly audit performed by an outside firm.
- Understand your computer systems and software, and how they might be used to divert money or inventory. Restrict access to computer terminals and records. Periodically change entry codes and check regularly to ensure that security procedures are in effect.
- Always use pre-numbered checks, with amounts and payees typed or written in permanent ink.
- Separate receiving, storekeeping, and shipping functions.
- Make mail-opening and posting separate functions. Record checks and cash in appropriate registers and stamp checks for deposit only.
- Provide a way for employees to report theft or fraud by co-workers.