Untold story of an Antifraud social media venture

Apurva Joshi

This is the second article in the series of CFAP experiences. This time it is not the case study resolved by any CFAP but it is the success story of a business started by a CFAP member.

A young woman CFAP started the venture called Fraudexpress in September’2011, after completion of her certification. She started her venture as the anti-fraud social media to help the forensic accountants network with each other. As an idea it was a wonderful model. Niche social networks are the dream of the advertisers. But to fund the development, you need deep pockets. Subsequently she converted her venture into an e-commerce company. Sometimes back i wanted to understand the trend of start-up companies in antifraud domain and i found this interesting start-up called fraudexpress on iStart and started interacting with them frequently.

This was probably the foremost idea of the social networking for the antifraud professionals but the idea was dropped due to the lack of funding as it often happens in India and today this has grown like an e-commerce website for the professionals in Asian region. Exactly one after the launch of Fraudexpress, i found that an American company called iovation, the Device Reputation Authority™ protecting online businesses from fraud and abuse, announced the launch of its Fraud Force Online Community. The virtual crime-fighting network is available exclusively to iovation clients and provides thousands of fraud professionals a private, virtual community to connect and collaborate in the fight against cybercrime.

Today, Fraudexpress has emerged as the E-commerce player in the antifraud domain. Fraudexpress is also the publisher of some of the interesting books for the students. In India most of the big players have ignored the importance of the students in the forensic accounting domain and Fraudexpress endeavors to reach out to student market and address their needs.

My all best wishes to the team of fraudexpress.

There is a need to fund the good activities in the anti-fraud domain. Certified Forensic Accounting Professionals is growing as a very strong community and through Fraudtoday we are going to popularize the efforts of all such exceptional forensic accountants throughout the world.

Neena Godbole warns about Antiforensic Tools


Neena Godbole spoke to Apurva Joshi – CEO of Fraudexpress and explained the role of technology in fighting the frauds.

I hold a Master’s Degree in Science from IIT Bombay ‐ graduated from IIT Bombay in the year 1981. I also have an M.S. Engg Degree in Computer Science from Newport University, California USA and a post graduate diploma in Computer Engineering from Pune along with a post graduate Diploma in Business Management from Xavier Institute of Management, Bombay. I have been working since 1981 in various roles in the IT/software industry. For more than the last 4 years I am working with information systems security, data privacy and regulatory compliance area. I also have professional certification like CISA, CIPP/IT, ITIL and many others. Two of my 3 books are in security domain. In 2009, Wiley India published my comprehensive book on Information Systems Security. The book has been very well received in the industry and has become a reference book for those who appear for professional certifications such as the CISA, CEH, CISSP etc. In 2011, my co‐authored book on Cyber Security was published by Wiley India. The book has been blessed in form of Foreword by an eminent personality in security domain such as Dr. Kamlesh Bajaj who is the CEO of Data Security Council of India (DSCI) – an organization that has been doing foundational work in the domain, working with industries and also with Govt. of India. The cyber security book is now established as the standard reference book on many computer forensic courses in India including the one at the GTU (Gujrat Technical University). I have been a recipient of many awards, rewards and special recognition for delivery of value adding work and contribution in the industry where I worked.

So, when and how did you start in antifraud/ security and forensic functions field?
My involvement has been in an interface role and it started when I became part of business controls team in my organization. About 1.5 years back, I became instrumental in rolling out an organization wide Incident Management and Reporting system. It was not easy as I had to interface with a very large number of people, mainly our business unit heads. “Incidence reporting” can get very political when it enters organization’s score card!! Every business wants to make their best to keep their negative publicity down in case an incident has occurred in their business. Moreover, each team/dept/unit has its own definition about what an ‘incident’ is!! In such a milieu it was a herculean effort to get the incident reporting procedure rolled out.
When an organization is involved in handling the work outsources to them, there comes with it client’s trust that personal sensitive information and confidential data of client will be handled with due care. Many data incidents take place in our global business today –  incidents such as data theft, inappropriate use of confidential data to name a few. Having controls to avoid/minimize such incidents and testing of those controls is what I am involved with. Sometimes that work needs me to interface with forensic agencies. I do have industry networking with computer forensic professionals because my work makes me be in touch with them professionally.

What are your views on antifraud and forensic functions field?
Although India is considered as the country with lower rate of Internet penetration, there were more than 71 million users of Internet in India in 2009 alone! Imagine the scene today while the usage is growing at a rapid rate.
Given the 24 X 7 connectedness in today’s global business era, phenomenal growth in the use of Internet and related technologies as well growing use of mobile technologies and the fact that our young generation is so savvy in using those technologies, there is greater than never risk now. The ease of using most of the technologies, changing values and deteriorating social fabric etc. makes breeding of criminal mind easy. The inception of online banking facilities and their growing use has opened the entire financial area for possible frauds including those at the ATMs! All this makes a strong case for there being antifraud agencies and I am so glad that initiatives like FraudExpress magazine are now in place. This is indeed the need of the hour. We need an approach and effort at a war footing level to raise cyber security awareness in the country and I am glad I am doing my bit by delivering educational talks on this topic in various forums.
Through my discussions with forensic professionals and cyber cell investigation officers, it seems that computer forensic professionals are in short supply currently. There is certainly a need for greater education in this domain supported by forensic labs where people can be trained. As mentioned in my book on Cyber Security, ‘anti‐forensics’ are the adversaries for whatever forensics professional does! There will always be a ‘race’ – one trying to out‐do the other! Another interesting phenomenon I note is the ever increasing miniaturization of storage devices and feature richness of mobile devices.
Let us not forget the mushrooming number of cyber café’s in India. Our study shows that a large majority of them are not monitored. In India the ratio of laptop/PC to persons is still very low and that probably is the reason for the number of cyber cafes mushrooming – cyber café market doubles every two years and most cyber crimes are said to be traced to cyber cafes.

Which is the most memorable case that you have witnessed in your career? What was remarkable about those cases?
Obviously, for reasons of confidentiality I am not going to disclose the names but there have been two cases that I am aware of. In one source code was sent by an employee in one organization to his spouse working in another organization that was the competition organization. This happened in an organization that was said to have most stringent security controls and employee education!
In another case, confidential mails were found published on the Internet – mails disclosing the details of a large contract and many internal aspects of it. Both cases happened in an organization that had many security controls, continuous awareness sessions on cyber security etc. This happened in an organization that had a very demanding and tough client when it came to security controls. They even had a physically secluded work area. When the laptop of suspected employee was taken to forensics lab, nothing could be found attributable to the employee. It remained a puzzle. The employee left the organization. The organization suffered a loss as it lost face with its client. Incidents of this kind only go to show that there is no such thing as ‘full proof’ controls or full proof defence. Data incidents will continue to happen and we can only hope to minimize the damage, negative image, blow to brand image. Controls and measures will at least help us to soften the blow if we cannot not avoid it altogether. The fear of law and punishment has to be made deeply ingrained in people’s mind. Today that seems not to be so either due to total unawareness or due to callousness.

Tell us about your books in security domain. What inspired you to write them?

Writing has been my passion for many years. I believe in creating Knowledge Artifacts useful to professionals. I did that from my previous work domain and now I have done also in the security domain where I have been working. I take a lot of efforts in manuscript development. It is always my effort to deliver a quality product. Going by the market feedback received on my books, I can say that it has happened with my books too. The book on cyber security is written from the main objective of creating awareness for public at large. The book also works as reference book to several certification exams in the related domain. The previous book on information security was taken up based on the observation that there was no complete book on the topic. Today many universities have been able to create courses based on that book. For example, the topics addressed in my information security and cyber security books map well with C‐DAC’s Post Graduate Diploma course in Information Security and Cyber Security. My sole authored comprehensive book on information systems security (published in 2009) has been well received in the industry and also been of interest at the IIM Ahemedabad among so many other premium institutes in India. Other courses and institutes that have adopted this book are ‐ (1)
University of Mumbai, Systems Security course for Computer Engineering program and B.E. (Computer Engineering), (2) Information and Network Security (3) Anna University of Technology, Tiruchirappalli, for their course in Information Systems Security Management at their M.S course. (4) University of PUNE ‐ Master Degree in Computer Management (M.C.M.), Information Security paper etc. and many others.

In your opinion, what is the scope of antifraud and security
functions field in India?
There is a lot of scope, no doubt. Remember what I mentioned when you asked me about my views on anti‐fraud and forensic functions field. From my experience of talking with small size organizations in the manufacturing domain, it emerges that awareness is pretty low both about information security and cyber security. Manufacturing sector is just one vertical. Today the awareness in the financial domain industry is much higher probably because people can appreciate the hit to their money but may be not so much about loss to privacy!! Take for example the hospitality industry, the healthcare industry. My interactions in this domain show that here data privacy awareness is not so high and nor is information security/cyber security awareness. Frauds do not take place only by misappropriating people’s money and other financial resources. Frauds can also take place by stealing sensitive personal information and there a lot of such information accumulated in the common course of business transactions in the hospitality industry as well as in the healthcare industry. The US has stringent laws when it comes to protection of personal data and Europe is paranoid about privacy. In India, there is a need for a lot – with section 43‐A of the Information Technology Act of India (2008 amendments), I am sure a new era has dawned. In all, there is a tremendous scope of fraud investigation professionals, digital forensics/computer forensic professionals in India. Let us not forget that India is among the hottest destination for business outsourcing. With business, lots of data gets exchanged or shared and some of that data could be highly confidential, sensitive, whose loss or misuse could create tremendous damages and liabilities.

What is your estimate of the industry according to you? How many people are employed and what could be the combined revenues?
This is tough! One can only provide a very rough estimation on these aspects. To my knowledge there is no centrally maintained statistics and other information on this. For example, when I see the site for anti fraud network, I do not see any listing under India.
According to INDIAFORENSIC’s 3rd Annual report on the status of forensic accounting in India, Citi Bank is the single biggest bank in the banking sector which employs highest number of Certified Anti‐money laundering experts and the Certified Forensic Accounting Professionals. The second highest concentration of forensic professionals is in the Big four accounting firms. For example, KPMG is said to have more than 300 professionals working for their forensic team. I see that forensics related certification programs are on the rise and with that, we should see a rise in the number of professionals in the coming years. It is even tougher to comment on the revenues – I am not sure if there is an official source for that information. I strongly feel that we need a good alliance among the law enforcement agencies, legal professionals and forensic investigators. Forensic professionals alone won’t suffice.

What are the career opportunities that you see in this field?
There are tremendous opportunities today as cyber crimes are on the rise (due to the factors mentioned earlier). Also on the rise are frauds which need investigation though from a country standpoint it is shameful to mention this, post Satyam scam, the need of the forensic accountants was felt across the IT industry. It is not surprising then, that you will see hundreds of web link displaying job opportunities for fraud investigation role. In our book on cyber security, we have devoted a full chapter on explaining the number of roles and careers in cyber security and we urge people to read the book as well as that chapter. There is a caveat! When something is perceived as glamorous and is in demand, it sales like a hot cake! Everyday we see so many advertisements with institutes coming up with forensics courses. One must validate their authenticity. Most may be authentic but all would not be. So, it is up to an individual to be cautious and validate the authenticity.

How does one become forensic accountant/security professional what qualifications, background and qualities looked for?
Let me be frank here ‐ although many youngsters look for entering the forensic for the glamour and lime light attached to it, they ought to be aware of the onerous responsibility it puts on their shoulders when they become forensic professionals. Forensic investigation is like gem mining ‐ only when you dig thousands of meters deep down, may you get some worthwhile stuff. Patience, diligence and discipline are a must for those who wish to enter the field. Deep technical knowledge about computers and other computing technologies are essential but that knowledge can be gained. In my view, equally crucial is the sense of professional ethics and the art of communication and networking because a forensic professional needs to interface with a number of agencies – the police, the lawyers, the government official, apart from the impacted person
with whom a fraud/cyber crime has happened. Please refer to Chapter 12 of our book – it is about careers in cyber security and there is a wealth of useful information provided in that chapter.

What is your advice to the students aspiring to become cyber
forensic professionals?
Deep technical knowledge, logical thinking and preferably some prior experience are required for entering the field. Honesty, hard work, diligence, discipline, being detailed oriented and habit of documentation ‐ are the absolute essentials when working on a case. Integrity and ethical values when the case stands. Above all, you need a will to prevail and an attitude that you will not give up. I’d like to point attention of aspirants to the toil and hard work that that may get overlooked in the shining light of the glamour and thrill that is often attached to the field forensics!!


Shalini Chakravorty’s journey to Antifraud Professional


shalini chakravorty Shalini Chakravorty, Country Manager of Hill and Associates in India is one of the most influential women professionals in the antifraud domain. Shalini, in exclusive interview with Apurva Joshi – CEO of Fraudexpress shared some of her thoughts on the antifraud profession in India
CA by profession, Shalini has experience of 12 years. She is also a US Certified Fraud Examiner. Shalini and her team has worked on several fraud examination and forensic accounting  in India and abroad. Shalini has also completed Accelerated Management Program from Indian School Of Business, Hyderabad – 2005.

Forensic Accounting assignments are very close to my heart as this is my core expertise at Hill & Associates. Shalini starts her interview. She is very skeptical about disclosing the names of her clients as she mentions that she have signed Non Disclosure Agreement. The Clients broadly include fortune 500 multinational companies from US and Europe.

When Apurva asked her about her previous experiences with the antifraud publications she mentioned that there are not may publications in the antifraud domain. Other wise she has contributed her thoughts in Business Standard and Bizxchnage.in.

This interview lasted for an hour and Apurva went on posing various questions to Shalini and here is how the interview took shape.

When and how did you start in anti-fraud and forensic functions field?
In the year 2004. After Joining Hill & Associates. Transitioned from a finance professional to Fraud examiner.

How do you define anti-fraud and forensic functions field?
Anti Fraud and forensic function involve investigation and documenting fraud including financial fraud. Forensic Accounting, however is a broader term and it involves support  to legal teams in terms of providing the analysis on the financial evidences.

What is the scope of anti-fraud and forensic functions field in India?
Shalini feels very passionate about this profession, especially the forensic accounting and terms it as  upcoming and very promising career she remembers a case where she applied forensic accounting techniques in resolving the disputes between the Management and the Union of the company. Forensic Accounting has got vast applications.

http://www.fraudexpress.com/index.php/research/49-antifraud-women/80-interview-shalini-chakravorty.htmlWhat is your estimate of the forensic accounting and antifraud industry in India ?
Shalini is quite pessimistic and feels that there is a need to have more professionals who are Certified as the Forensic Accountants and according to her estimate there might be roughly 200 professionals whom she know. However adding those in Big four accounting firms it could be even 400. But it is not a significant number and the internal auditors should be trained on the forensic accounting techniques.

What are the career opportunities that you see in this domain?
Multiple. The fraud has reached an alarming situation In India. It is vital across industry to prevent fraud rather than being reactive. Interestingly, Companies have recognized this. Forensic approach is interesting, investigations are interesting but preventive approach will create more job opportunities.


Successful forensic accounting enterprise

forensic accounting enterprise

Ellen Zimiles-SmallEllen Zimiles is a Managing Director and Head of Global Investigations and Compliance practice of Navigant Consulting.  She has more than 25 years of litigation and investigation experience. Ellen Zimiles along with Joseph Spinneli formed Daylight Forensic in 2006. This was an entrepreneurial venture backed by FTV capital.  Fraudexpress interviewed Ellen Zimiles through emails and understood more about her. Acquisition of Daylight forensic by Navigant can be termed as one of the biggest success stories in the forensic accounting enterprise valued at $ 40 million. Daylight was acquired in the year 2010 and here is what the women behind the deal have to say to Fraudexpress.

How did you enter the Antifraud Profession?
I entered the anti-fraud/corruption practice in 1986 when I joined the U.S. Attorney’s Office for the Southern District of New York. Rudy Giuliani was my first U.S. Attorney and Mary Joe White was my last. During my ten years as an Assistant U.S. Attorney, I was exposed to all kinds of fraud across a multitude of industries. I have investigated hundreds of fraud and corruption cases. I had served as a partner at a Big Four accounting firm for almost ten years where I ran the Financial Services Forensic Practice and coordinated the work across all industries.
Tell us something about Daylight Forensic?
I was approached by a private equity firm to start my own firm. I negotiated with several firms and finally agreed to work with FTV Capital, who funded Daylight.

What is your role in the new organization after the acquisition?
As Global Head of Investigations and Compliance, I oversee approximately 100 people who provide investigative and compliance services in the area of anti-money laundering, anti-fraud and corruption, public services and monitoring. I also coordinate and collaborate with other practices in the firm.
You are termed as the expert in the corruption in BRICS region. How do you see India in terms of forensic services ?
India is fully ripe for our services. India is very focused on reducing its reputation for public corruption and inadequate regulation in the anti-money laundering areas. Our experience in these areas is unparalleled and we have fluent speaking in Hindi and Urdu. I have managed some of the top investigations in the world relating to frauds and money laundering. Our experience involves Asia, Latin America and Europe.
How to be successful in the anti-fraud profession ?
To be successful in this area, a professional needs to understand industry practices but not be overly persuaded by them. We need to use a critical eye when we see long-term practices that may not be legal or appropriate but are accepted as “business as usual.” To reduce fraud globally you need a combination of strong controls, clear communication of zero tolerance and enforcement of the sanctions for non-compliance.
How would you rate the forensic function over the merger acquisitions function in terms of professional opportunities as you have seen both sides of the coin ?
I would rate anti-fraud and forensic accounting as top of the list for a intellectually challenging and financially rewarding profession that is often just plain fun. I learn every day about new schemes or activity and it keeps me fresh. Having said that, I can draw on my experience to
understand the activity and address a plan to prevent and detect it in the future.

Ellen has set the trend in forensic domain
The forensic space has not yet heated up globally. There were very few acquisitions made in past few years by the global companies. Some of the major acquisitions were Baker Tilly business in Hongkong by FTI consulting and Daylight Forensic by Navigant. However, the acquisition of Daylight Forensics by the Navigant Consulting is one of the trend setting acquisition.