Fraud events in connection with world-class sporting events is not uncommon. Consider the 2014 FIFA World Cup in Brazil: A massive influx of tourists (3.6 million) is expected to spend upwards of $3 billion. Sounds like an opportunity for getting lost in the crowd. In fact, this is a strategy favored by fraudsters during the holidays. And last Christmas, lest anyone forget, was a slaughter. As we in the loss prevention industry are always looking for a flag indicating there is a potential for fraud, this one looks like it is as good as any for us to display our vigilance.
Historically, Brazil has been known to have a bit of an ATM and counterfeit payment card fraud issue. This might not be unexpected to us who have spent time in the trenches. Brazil boasts a diverse population, with a sophisticated, educated and tech-savvy class, contrasted by an impoverished underclass who may be dependent on crime and the black market economy. That's enough of a confluence to create the ideal conditions where we might expect to maintain fraud rules in a business-as-usual scenario. With this added element of a temporary population contributing to added spending, it may be reasonable to review those rules and refine them toward this event specifically.
Now, the point is not that there is a high likelihood that there will be some huge data breach coming from one of the dozen arenas hosting matches (although a FIFA ticketing agent was compromised at a World Cup event a few years ago). The point I want to make is simply this: An ounce of preparation is sometimes worth a pound of cure. Developing some strategies ahead of the event is usually a wise endeavor. Even if only one in 10 actually proves to have some material value.
In fact, taking efforts like this is something that I've recommended to clients for a while. Develop contingency plans, such as preventative rules that have a low impact in a business-as-usual context, and manage the possibilities of a high-risk event. As well, consider the development of a fallback distributed denial-of-service (DDoS) rule-set developed to combat fraud in the online banking space. Once a DDoS attack is apparent, having a pre-developed rule to switch on as a counter-fraud strategy specific to this one-off event helps the financial institution maintain a defensive posture. Additionally, some banks phish their own employees to determine their level of social engineering “resistance.” This level of preparation is not only for evaluating control weaknesses and cyber disaster recovery preparedness, it's what the regulators will be looking for when they conduct cyber security assessments, as the Federal Financial Institutions Examination Council is currently piloting.
Contingency plans like this demonstrate a readiness and promote a line of thinking that allows us to better develop controls if and when the real event hits. This kind of experimental thinking is something I would promote and encourage in my fraud shop… and I know, running from fire to fire and “doing more with less” continues to be a theme in business today. But strategic thinking carries its own value, enhancing cognitive performance according to a data-driven perspective article by the Center for BrainHealth at The University of Texas at Dallas.
So, the value is clear in an exercise to this end – for the institution, the team and the individual. The result is a “hat trick” in business. Using events like world championship soccer to develop strategy and deploy controls in the field aimed at bettering the business serves its purpose. So, while the U.S. Men's National Team has about as great a chance of winning the World Cup as we do at having Congress agree on the next budget bill, the one thing we can all agree on is: We can still run a good defense on the field.