More often than ever, municipalities and local governments are finding themselves in the crosshairs of increasingly sophisticated transnational criminal organizations. While governments of all sizes often experience crime, the most recent increase in attacks stems in part from the sector’s growing dependence on technology.
Simply put, the more technology becomes part of a government's operations, the easier it is for enterprising criminals to find ways to launch their attacks. Nonetheless, local departments are tasked with digitally transforming how government functions. And as a result, they must contend with limited budgets to shore up their defenses and the use of disparate financial systems that create security gaps for criminals to exploit.
Furthermore, no matter how compelling the case, increases in the funding allocated to fraud prevention and security often require a protracted process involving public commentary and input on how a local government sources and allocates its funds.
Cybercriminals Target the Public Sector
As municipalities and local governments increase their reliance on technology, their vulnerability to attack by cybercriminals grows exponentially. While those threats come in many forms, ransomware, which is a form of malware that blocks access to data unless an organization pays a ransom to secure its release, is a popular attack method.
In October 2019, CNN reported that 140 local governments, police stations, and hospitals had found themselves subject to ransomware attacks. When such attacks happen, governments often spend considerable sums attempting to recover their data. For example, a ransomware attack on the City of Atlanta cost the city $2.6 million in remediation expenses. However, city officials decline to say whether it paid the attackers ransom of $50,000 in Bitcoin, which is the preferred payment vehicle for criminals due to its ability to hide the identity of the recipients.
There are numerous other examples of local governments forced to pay significant amounts to regain access to their data. It's critical for the government and institution sector to shore up their defenses, with the purpose of making it harder for criminals to take control of sensitive information.
Older Forms of Fraud Prevail
In addition to experiencing cutting-edge crime, local government entities also continue to fight traditional forms of fraud, including check fraud. According to recent statistics from the American Bankers Association as reported in the Wall Street Journal, attempted check fraud grew from $8.5 billion in 2016 to $15.1 billion in 2018 and accounted for 60% of fraud perpetrated against deposit accounts at U.S. banks. Successful check fraud rose 47% to $1.3 billion in 2018, increasing from $789 billion in 2016.
Checks tend to be more vulnerable to fraud because they contain critical information that can be forged or stolen. And while the Association for Finance Professionals reported a drop in check usage from 81% of business-to-business payments in 2004 to 42% today, the volume of check fraud continues to grow at an alarming rate.
With check fraud on the rise, municipalities and organizations should consider a multi-pronged approach to preventing it. This might include:
- bank-provided fraud prevention tools, such as positive payment and reverse positive pay (matching checks to those the company issued to ensure fraudulent checks are not paid)
- securing their blank check stock
- instituting random sampling of check payments to ensure compliance with the organization's procedures
- conduct frequent reconciliations of deposit account activity involving checks, undertaken by someone other than the check writer
In addition, government entities and organizations may also reduce their exposure to fraud by embracing alternative forms of payments, such as credit cards. A commercial card program can ensure an organization has greater control over working capital by improving cash flow through flexible payment timelines, enabling streamlined management of vendor expenses, and helping maximize days-payable-outstanding. As an added benefit, many commercial cards also include cash rebates—which can provide an additional source of revenue that is not tied to a new fee or tax.
In terms of security, since credit cards rely on a digital backbone, there are a number of ways to detect and prevent fraud, as well as block transactions. For example, credit card fraud detection tools gather a great deal of data, including considerable volumes of metadata associated with a transaction, such as the merchant presenting the transaction for payment and the type of goods or services associated with the payment.
Check fraud detection solutions also gather a great deal of data behind the scenes, though doing so often requires a manual review, which often includes a comparison of previously presented checks to determine whether a transaction is fraudulent.
Maintaining a Focus on Risk Mitigation
While ransomware will continue to threaten the public sector, professionals in the municipal and local government sector must also marshal their limited assets to prevent all forms of fraud. In order to allocate resources in the most efficient manner possible, in partnership with the organization’s IT function, consider conducting a risk assessment to ascertain the risks and corresponding internal controls that exist to mitigate their impact. Adopting this measure, as well as working with a banking partner to gain access to the latest fraud detection tools can help members of the public sector adopt a proactive approach to fraud prevention and detection.
The threat posed by technology and traditional fraud schemes will continue to generate victims in the public sector. Adopting a proactive approach to fraud prevention as well as a willingness to migrate from payment types that are inherently risky to more secure alternatives, can help your organization minimize the potential for fraud losses associated with new and old schemes alike.