Protecting organisations against fraud losses caused by ghost employees

Issue 7 2023 Security Services & Risk Management

Several key South African organisations are potentially incurring significant losses due to 'ghosts'; ghost employees who exist on paper within business or government departments, but not in real life.

This issue is criminal rather than paranormal in nature, whereby ghost employees are one of the most prevalent types of occupational fraud, perpetuated through illicit payroll activities, and potentially resulting in substantial losses for the organisations concerned, whether at the level of a business or government entity.

South Africa is not isolated in battling against this type of payroll theft; there have been many instances reported across Africa and even further afield, including the discovery of more than 80 000 ghost workers in the Nigerian police force, 30 000 on the Mozambican government payroll; and ghost employee scams also taking place within Zimbabwe and Kenya.

Ghost workers are not exclusively a challenge for the public sector either; large organisations with diverse environments can be just as vulnerable. To mitigate the risk and protect organisations, leaders need to invest in technology capable of accurately defining positive identity, thereby ensuring transactional validity, assuring trust and data integrity, and enforcing accountability.

The Association of Certified Fraud Examiners (ACFE) is the world's largest anti-fraud organisation, with over 90 000 members. In 2022, a global fraud study by the ACFE found that payroll fraud resulted in substantial financial losses overall and that the presence of ghost employees was a key element of payroll fraud1, accounting for 9%2 of reported cases globally.

The ACFE report notes, "Try as they might, organisations cannot prevent all fraud. If an organisation is operational long enough, eventually an employee will commit fraud. Consequently, the ability to quickly detect fraud is crucial. Our research indicates that the median duration of fraud – that is, the typical time between when a fraud begins and when it is detected – is 12 months. Additionally, the longer a fraud remains undetected, the greater the financial loss3."

How do ghost workers enter the system?

Ghost workers, who are fictitious employees loaded onto payroll and business systems with the simple goal of defrauding the organisation or committing a crime, can enter the system through various methods. These include being loaded or left in the system by corrupt employees, or being introduced by threat actors looking to do more than just defraud the payroll.

Many government institutions battle with the ongoing ghost employee challenge as they manage a vast network of databases, systems and computers that do not adhere to the highest level of data integrity. Tracking the ghosts is a daunting task, assuming that the business even knows they are there.

For public sector organisations and large businesses worldwide, it is imperative to create a comprehensive integrity management system, effectively managing and overcoming the challenges around counting employee heads accurately, and ensuring comprehensive visibility into the complexities of ghost employees, duplicate records and potential insider threats.

Datacentrix, a hybrid ICT systems integrator and managed services provider, encourages organisations to consider a unique transaction security solution, such as its own eDNA identity and access management (IDAM) solution that institutes people accountability across all critical enterprise applications. This solution is designed to eradicate ghost employees and any other forms of fraudulent transactions from public and private entities, validating employees through a fool-proof biometric identification process. This would include forensically examining and assessing specific transactions to ensure that the DNA of the payroll and other critical applications' activities are tied to a physical person, providing legally reputable evidence of every activity undertaken in the systems. This gives organisations an exceptional additional layer of preventative security.

eDNA presents nine steps to trusted data

Datacentrix's eDNA solution follows an authentication and trusted data management process to ensure that an organisation's individual identities and data are secured in the following order:

1. Secure enrolment that is compliant with positive identity governance, POPIA and Electronic Communications and Transactions (ECT);

2. Three-factor digital authentication that uses biometrics, then a PKI certificate, and finally a smartcard;

3. A secure access gateway, where logon is only permitted via eDNA's three-factor digital authentication process;

4. Customer-sensitive data transactions are performed that need to be secured;

5. Business rules are defined for tracking sensitive transaction data;

6. Transactions done with eDNA are signed and sealed at the data's source;

7. Using the basis of a business intelligence and alert system to build customer frameworks for business rule tracking and reporting;

8. The solution allows for the forensic production of legally accepted data evidence;

9. A tamper-proof system that ensures all computing facilities adhere to an end-to-end highest security level data platform and ultimate data protection.

The prevalence of ghost employees reflects broader issues of corruption and unethical behaviour, which can negatively affect society.

As noted by Nigerian Professor of Accountancy, Emmanuel Ikechukwu Okoye, "Fraud has become one of the greatest threats to the world economy. It is a global problem, not only in terms of its impact on our major corporations and key financial institutions, but also its effect on smaller companies and the wider public who indirectly pay for the losses through increased costs of goods and services.”

Rooting out ghost employees and ensuring that systems are in place to ensure they stay banished is an imperative undertaking for any organisation.

For more information on Datacentrix's eDNA offering, contact Rainer Jeske by emailing rjeske@datacentrix.co.za

Resources

[1] https://legacy.acfe.com/report-to-the-nations/2022/

[2] page 12 of the report

[3] page 14 of the report




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Boost revenue streams for MNOS
News & Events Security Services & Risk Management Financial (Industry)
ReveNet has introduced its new solution, designed to safeguard and potentially boost revenue streams in an increasingly challenging landscape for MNOS. The new platform combines advanced analytics and is built on trust, transparency, and sustainability principles.

Read more...
Risk-IO manages mining security risks
Security Services & Risk Management Mining (Industry)
[Sponsored] A local mining company with three large operations experienced increased security costs. The liability included no standardised risk assessment, poor management of the efforts to mitigate hazards, and unauthorised access with subsequent theft. The reactive approach to security was not only expensive but also wasteful in the sense that the costs were poorly managed, and there were no metrics to show improvement or trends in incidents.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...
Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
New data privacy trends increase large cyber claims
Security Services & Risk Management News & Events
Frequency and value of sizeable cyber insurance claims up 14% and 17% year-on-year in the first half of 2024, with a growing trend in the US for litigation against large corporations related to privacy violations.

Read more...
Streamlining and securing enterprise risk management
Security Services & Risk Management
[Sponsored] A new enterprise risk management web app from Zulu Consulting, called Risk-IO, is designed to automate and streamline the enterprise risk management process, ensuring no steps are skipped and everything is securely documented.

Read more...