How Coles could have prevented its $1.9M fraud case

Source: 7News

As a finance executive at Coles Online, Aaron Baslangic had the authority to authorise payments up to $75,000. Exploiting this position, he orchestrated 14 illegal payments ranging from $10,000 to over $400,000.

To evade detection, Baslangic altered emails to make it seem like his supervisor had approved the transfers. The payments were directed to fictitious businesses under his name and legitimate organisations like the Australian Taxation Office, which he redirected into his own accounts. Baslangic used the embezzled funds for personal expenses, including luxury shopping.

Sadly, this incident isn’t an isolated occurrence. Incidents were reported 44% more frequently in 2022 compared to the previous year, and “trusted insider” attacks have impacted a wide range of organisations and sectors. Large organisations are more likely to experience higher losses due to internal fraud compared to SMEs, with the average cost estimated to be over AU $20M.

The judge described Baslangic’s behaviour as unusually unsophisticated, bizarre and inexplicable. It’s a common characteristic when it comes to internal fraud cases – most of us are acting in good faith, so we just assume others are doing the same and would never assume a coworker is brazenly embezzling company funds. As a result, many fraudulent activities go unnoticed despite unfolding right in front of colleagues and within control systems, which are often slow to detect anomalies.

But Eftsure is designed to prevent payment fraud early and in real-time, whether the threat is coming from inside or outside the organisation.

Using the events described in the news coverage, here’s how Eftsure could have effectively alerted the recent fraud case at Coles.

Eftsure ensures that all payees are thoroughly verified and provides a digital interface to confirm that all payments are authorised before they are processed. In this case, any payment above Baslangic’s approved limit would have triggered an alert within the system, allowing higher-level authorities to easily check the payment files. This would have thwarted his attempts to make unauthorised transfers.

Plus, Eftsure’s advanced supplier verification capabilities would have raised red flags when Baslangic directed payments to fictitious businesses. By cross-referencing vendor information with Eftsure’s database of more than 4 million bank records and conducting real-time checks, Eftsure would have identified the fraudulent entities and signalled all team members at Coles.

Eftsure employs intelligent algorithms to control and monitor payment activities for any unusual patterns or suspicious behaviour, the system would have alerted the team at Coles about paying a variety of businesses using the same bank account. This proactive real-time monitoring would have identified the misdirected funds to fictitious businesses, leading to timely intervention and prevention of fraud.

The Coles fraud case highlights the urgent need for robust internal control systems to mitigate the risk of internal fraud. By implementing Eftsure’s comprehensive financial security tool, Coles could have significantly reduced the likelihood of such fraud occurring.

Eftsure’s payment verification and supplier verification features would have acted as strong safeguards against these fraudulent activities, saving the company from substantial financial losses and reputational damage.

How else can finance leaders lower their risks of insider incidents?

It’s uncomfortable to talk about internal threats because no one wants to think that anyone in their team is capable of acting in unethical or outright criminal ways. But it’s not just internal fraud risks that finance leaders need to consider, since plain human error is enough to incur major losses, both financially and reputationally. Even when employees are acting in good faith, a lack of guardrails can heighten financial risks.

When your job includes acting as the main defender of your company’s financial health, the right approach is to hope for the best but plan for the worst. Centralised, automated controls can ensure you’re defending against both internal and external threats.

Eftsure is a fast, easy-to-implement layer of technical security. It’s just one part of a comprehensive cyber-crime strategy, which should encompass people and processes, too:

• People. Unfortunately, hiring the “right” people can only go so far. If it were easy to predict who might commit fraud, insider incidents would never happen in the first place. But you train your employees in fraud detection and cultivate a broader culture that encourages asking questions and putting up your hand when you’ve noticed something amiss.
• Processes. Strong financial controls, along with routine pressure testing, can make sure workflows are designed for both efficiency and security.
• Technology. Solutions like Eftsure automate and outsource in-depth verification that most AP teams don’t have the time or tools to conduct. And, once you’ve got a major defence running in the background of day-to-day operations, you can focus a bit more on elements like culture and control frameworks.