Casey Evans knows knowledge is power-especially when it comes to cyber fraud. Lack of information is what makes an organization vulnerable to ongoing attacks, she says. It's crucial that employees-and the outside world-are notified if a breach happens.
"It's what helps to prevent and deter fraud," Evans, Director of the MS in accounting program at Kogod, explains.
This conviction is what's driving her current work with SWIFT , a global provider of financial messaging services. Evans, in partnership Beth Petrie, a colleague from Citi Group, is developing a cyber fraud tool for banks that will notify employees when a threat is detected. "We're excited to develop this technology," Evans says. "It has the potential to make a big difference."
The tool, grant-funded by the SWIFT Institute, Swift's research arm, is simple enough. It's a short, straight-forward form investigators complete detailing internal fraudulent activity. What makes it innovative is how it's disseminated. The report utilizes the same platform banks use to wire funds, making communication confidential, fast and highly efficient.
"We're the first to communicate information about cyber fraud this way," Evans says.
The duo also received research support from Jenny Evans, one of Evans' current undergraduate accounting students. Jenny, BSA '18, researched fraud software, as well as forms companies currently use for reporting fraud. Evans says her student's work "deepened their knowledge" and gave their research "direction."
For Jenny, the experience was an ideal bridge from the classroom to the real world, giving her the chance to put what she's learned into action. "Seeing a brilliant forensic accountant like Professor Evans doing real-world work is incredibly interesting, and helps me figure out what I want to do down the road," she says.
The team also developed a comprehensive list of cyber fraud indicators: situations that could indicate fraudulent activity. There's currently 55 total, though they hope to hone the list to 10-15 over the next year.
The indicators will be placed at the top of the form for investigators to review. They include scenarios such as employees e-mailing customer files to their non-work e-mail accounts; downloading customer information on an external hard drive; or consistently working within a dormant account. "They're activities that violate standard processes and procedures," Evans says.
Evans has been hard at work spreading the word about their research. She just got back from Singapore (pictured above), where she presented their model to SWIFT Members at Cyber 3.0 - Better Together. She's also presented in London, and will travel to Toronto in October to present at the Sibos Conference, an annual financial services event organized by SWIFT.
"We hope we can gain buy-in from the community so they really see a need for sharing information this way," she says.
They'll launch their year-long pilot this October following the Sibos Conference . They've nailed down several US banks to participate and will unveil the pilot at the conference in Toronto. "We're excited to test the system across multiple domains," Evans says, "and develop policies and procedures around it."
They hope to establish their system in banks across the United States after the pilot year. It'll depend on how the test goes, Evans notes tentatively, but they're optimistic the model will achieve the results they want.
Evans sees their work as a type of public service-a system that helps protect their clients and the community at large. In the past information has been "si-loed," and their method engages stakeholders across companies, departments and positions.
Most of all, Evans wants to make an impact. She hopes she can help her community become safer and more secure-a place where cyber fraud is a crime of the past, not the present. "More and more, sharing information is how we stop criminals," she says. "I'm excited to be a part of making that happen."