Professional Documents
Culture Documents
transformation
be on your
agenda, or
running it?
With digital transformation on the increase,
the Consumer Products & Retail (CPR)
sector now face a new set of emerging risks.
ey.com/forensics/retail #ConsumerProducts&Retail
2 Should digital transformation be on your agenda, or running it?
How digital
transformation
increases
consumer and
retail fraud risks
Digital transformation has swept across the Consumer Products
& Retail (CPR) sector, from manufacturing process automation, to
sales and distribution, and logistics and digitization of customer
payments. Yet, as CPR companies adopt impressive new
technologies, they also encounter new fraud risks.
1
“Annual retail e-commerce sales growth worldwide from 2014 to 2021,” Statista, statista.com/statistics/288487/forecast-of-global-b2c-e-commerce-growth/,
accessed 11 March 2019.
2
“E-commerce share of total global retail sales from 2015 to 2021,” Statista, statista.com/statistics/534123/e-commerce-share-of-retail-sales-worldwide/, accessed
11 March 2019.
4 Should digital transformation be on your agenda, or running it?
Emergent problems
3
“ Integrity in the spotlight: The future of compliance,” 15th Global Fraud Survey: Emerging Markets Perspective, fraudsurveys.ey.com/ey-global-fraud-survey-2018,
accessed 11 March 2019.
Should digital transformation be on your agenda, or running it? 5
37
rated cyber
attack as the
%
greatest risk
These small incidents extrapolated for sales made through an online driving up the advertising cost with
across multiple stores can represent marketplace lower conversion rates and skewed
significant losses. user data for online businesses
• Cost arbitrage fraud: Sellers
Online marketplace: Online trading buy their own products that • Listing payment fraud: Fraudulent
scales up retail operations — enabling have cashback offers listed on the sellers list products for sale and
retailers to trade faster and with more online marketplace and then resell request advance payment. The seller
people — but it also increases the risk of them offline takes payment, but the product does
fraudulent activities that are damaging not exist, or is not sent, and the
• Cashback or promo fraud:
e-commerce. Some recent fraud buyers’ bank or credit card details
Employees inflate cashbacks and
trends include: may be used as part of a wider
promo schemes on certain products
fraud scheme
• Listing fraud: Employees receive to favor specific sellers and receive
kickbacks from sellers in exchange kickbacks in return Loyalty programs: Loyalty program
for manipulating a listing on the fraud is endemic, particularly in
• Click fraud: Competitors and others
marketplace for higher visibility emerging markets. For example in Asia,
deliberately click on pay-per-click
where most purchases are by cash
• Commission fraud: Employees (PPC) adverts (sometimes using
on delivery or by mobile applications,
receive favors from sellers for technology) to generate fraudulent
rather than a credit card. Loyalty apps
reducing the commission percentage charges for advertisers, undermining
record all of a customer’s transactions,
that is to be paid by the seller the PPC campaigns. This results in
6 Should digital transformation be on your agenda, or running it?
including cash transactions, and award themselves, and friends and depending on cultural norms,
collect rich customer data for retailers family extra points, with or without a shopping habits and levels of tech
regarding customer choices and purchase, in exchange for goods or adoption. Safeguards and solutions
behaviors, including bank account and cash. must reflect this. For example,
location information. This valuable data developed economies are seen to be
Risk management in organizations
attracts hackers. Loyalty programs are experimenting with face recognition
needs to consider that while risks
also targeted by insider fraud, including as part of the payment authorization.
associated with transactions are
abuse of points, offers and promotions, However, in emerging Asian economies,
broadly similar, the scenario on the
whereby employees are not passing which are experiencing the highest
ground differs between regions,
on promotions to customers, or growth in e-commerce, payments are
mostly completed by cash on delivery,
smartphone apps and prepaid cards,
which are all transferable, not linked
to bank accounts and do not require a
Incidents of fraud in sales systems credit reference.
the form of incentives or payouts for them using a combination of controls, • Understand the purpose and
company employees and external third monitoring and encouragement objectives of the transformation
parties involved in the value chain. to change behaviors. A three-way initiative
approach to proactive forensic
This supplements the need for a • Understand the key performance
assessment can add value for
proactive strategy to detect and indicators (KPIs) linked to the
businesses seeking to mitigate the
address loopholes in processes transformation project that would
potential leaks;
and systems involved in the digital potentially result in benefits to
transformation initiative, with a internal and external stakeholders,
view to preventing fraud before it 1. Identify and and their financial impact on the
happens rather than reacting after the understand organization
event. A proactive strategy requires
• Identify the transformation initiative • Analyze links between business-
organizations to determine where the
with the highest financial impact critical processes and systems
issues are and take steps to address
involved in the transformation
initiative
system had been identified by patterns to predict which orders
this process, put in place controls might be fraudulent. This fraud
2. Functionality testing
to prevent such instances from prevention system operates almost
recurring and subsequently changed in real time, with the capability of
and data analytics
internal processes to include ongoing flagging and preventing potential • Perform functionality testing of the
monitoring and data analysis. fraud before it happens. system application or platform being
implemented
Proactive DMS reviews have helped Business intelligence tools
multiple companies operating in incorporating data visualization • Design fraud risk scenarios relevant
developing markets identify the and machine learning enable large to the business processes linked to
potential fraud vulnerabilities in organizations to identify trends the system application or platform
existing DMS systems, operating around potentially fraudulent under focus
schemes and incentive programs activities and communicate with • Extract data from relevant sources
for general trade operations. Data employees who fall into the top 10%, and perform forensic data analytics
analytics have helped pinpoint the in terms of suspicious transactions. to test the hypothesis for fraud risk
exact sales behavior of outlets aimed Rather than having to discipline or scenarios applicable to the business
at achieving the scheme or incentive dismiss individuals who are caught,
criteria defined by the company. EY it is possible to identify where the • Conduct additional checks to validate
teams have also helped companies risk is in the business and proactively the exceptions identified based on
set up post-implementation change behaviors. It is important to data analytics
monitoring frameworks to identify continue monitoring and measuring
red flags themselves going forward. transaction integrity to identify 3. Mitigate
which strategies and processes are • I● dentify vulnerable areas and
EY proactive analysis is used to
making a difference, and ensure categorize them in order of priority
highlight a potentially fraudulent
the right activities and groups are
activity. Trend analytics of online • Devise practical controls to
being targeted.
sales data help spot illicit purchasing mitigate risks
patterns, such as bulk buying and
• Build a monitoring framework
repeat returns of particular types
that helps identify red flags on a
of goods. Retrospective analytics
continuous basis going forward
on PoS terminals have been used to
identify inappropriate or fraudulent • A
● ssist in implementation of the
activities, complementing the controls in consultation with
payment analytics conducted by management
credit card providers.
• Define and agree an ongoing review
A casual dining organization in the mechanism for the controls
US uses machine-learning algorithms
to analyze trading and order
10 Should digital transformation be on your agenda, or running it?
About EY
EY is a global leader in assurance, tax, transaction and advisory services. The
insights and quality services we deliver help build trust and confidence in the capital
markets and in economies the world over. We develop outstanding leaders who team
to deliver on our promises to all of our stakeholders. In so doing, we play a critical
role in building a better working world for our people, for our clients and for our
communities.
EY refers to the global organization, and may refer to one or more, of the member
firms of Ernst & Young Global Limited, each of which is a separate legal entity.
Ernst & Young Global Limited, a UK company limited by guarantee, does not provide
services to clients. Information about how EY collects and uses personal data and a
description of the rights individuals have under data protection legislation is available
via ey.com/privacy. For more information about our organization, please visit ey.com.
BMC Agency
GA 1011776
ED None
In line with EY’s commitment to minimize its impact on the environment, this document has
been printed on paper with a high recycled content.
This material has been prepared for general informational purposes only and is not intended to
be relied upon as accounting, tax or other professional advice. Please refer to your advisors for
specific advice.
The views of third parties set out in this publication are not necessarily the views of the global
EY organization or its member firms. Moreover, they should be seen in the context of the time
they were made.
ey.com/forensics