Fraudster Personas

A good method for articulating a fraud risk is to consider who is committing the fraud (the actor), how they are doing it (the action) and what the result is of the fraud (the outcome).

For example, a service provider (actor) might provide false information about a service (action) to receive a government grant (outcome). Fraudster personas help to understand how and where an actor might be able to target government programmes and functions.

One way to identify fraudulent actors and their actions is to ‘walk through’ a business process. The below table identifies where five different fraudster personas might be applied to an invoice payment process.

In our experience, many of those who have not been exposed to fraud, can find it challenging to identify fraud risks and where fraud might occur. By recognising the methods of each fraudster persona it can help employees to identify the ways that a fraudster might target a business process or unit.

Exploring each of the fraudster personas during workshops or discussions with different teams can help to identify fraud risks across an organisation. For example, it might be easier to identify where ‘the Fabricator’ persona is able to target a business process – by submitting a fabricated invoice – than it is to list all the fraud risks that same business unit might face.

When designing new processes, it is useful to identify how each of the different fraudster personas might target the new process. Countermeasures can then be implemented to help mitigate against the identified risks.  

To learn more about identifying and assessing fraud risks, check out the Centre’s Fraud Risk Assessment Guide.

Fraud risks are mitigated by using countermeasures (also known as controls) to prevent, detect, and respond to those risks. Through our investigations and prosecutions at the SFO, we have found that gaps or weaknesses in countermeasures are one of the most significant factors in the enabling of fraud. Countermeasures are important to help limit the opportunities that fraudsters have to commit fraud. By using the fraudster personas it can help an organisation to implement countermeasures that specifically target the actions of a persona.

Mitigating fraud risks with countermeasures has two components to it:

1. Implement countermeasures
2. Assess if the countermeasures have been effective in mitigating the risk

Implement countermeasures

Each fraudster persona displays certain behaviours that rely on specific methods to be successful. A fraudster is successful in their method by being able to recognise vulnerabilities in an organisation’s processes, which they can then target.

For example, in the case of 'The Impersonator' persona the fraudster uses a method of impersonating other actors or by creating entirely fictitious actors to deceive an organisation. By impersonating this other actor they are able to gain a benefit for themselves or another person.

To help mitigate the risk of an impersonator being able to target a programme, organisations should implement countermeasures that are focussed on identity security and authentication.

The fraudster personas guide [PDF, 1.3 MB] can help to identify the countermeasures that can be effective against each of the different personas.    

Assess countermeasure effectiveness

Fraudsters often look for opportunities to target organisations by recognising where in certain processes there are control vulnerabilities. Sometimes a countermeasure might have already been implemented but it is not operating as designed or as effectively as it could. Sometimes an employee may not understand the importance or purpose of a control, or in some organisations there may be a culture of circumventing controls. It is important to be able to identify where these weaknesses are as they can provide fraudsters easy opportunities to commit fraud.

Pressure testing is a process that can help an organisation to assess if their countermeasures are functioning effectively to stop fraud.  Pressure testing can help an organisation to identify weaknesses in a countermeasure before a fraudster has the opportunity to exploit it.  In their countermeasures before it is exploited.

Knowing which methods a fraudster persona uses can help you to consider the ways they might be able to bypass controls. Once you have identified all the ways it might be possible to bypass a control it can help you to prioritise ways to remove weaknesses and the opportunity for fraudsters to take advantage.

To learn more about how to carry out pressure testing on a control check out the Centre’s Pressure Testing guide.  

Fraud awareness is about enabling employees to know what to look out for and where to report suspicious behaviour. 42% of fraud is detected by tip-offs according to the 2022 ACFE Report to the Nations and tip-offs help to identify nearly three times as many cases of fraud as the next most common method. Fraud awareness is one of the most effective tools to prevent fraud.  

You can use the fraudster personas to educate and raise awareness about fraud by:

• Using fraudster personas in awareness campaigns, including posters, flyers, and screensavers.
• Using quizzes to educate employees about fraudulent behaviour using the fraudster personas.
• Including discussions of the fraudster personas in regular business meetings/stand ups.
• Distributing a link to our fraudster persona video. 
• Demonstrating the fraudulent actions with a case study. The cases studies on the Centre’s website identify the red flags of fraudulent behaviour, the impacts of the fraudulent behaviour; and the countermeasures that can to help prevent, detect, and respond to different types of fraud.

Public fraud deterrence messaging offers several benefits, such as increased fraud awareness and fraud prevention. Behavioural research has found that a person’s fear of getting caught are a much greater deterrent than their fear of any consequences. Counter fraud messaging can be an effective and low-cost method to reduce potential loss from fraud.

To deter fraud, it is important that organisations communicate that there are structured processes in place to prevent and detect fraud. Fraudster personas can be used to help communicate this message, by highlighting to would-be offenders that the organisation is aware of and can recognise the different methods that fraudsters use, and that there are controls in place to prevent detect them.

Proactive counter fraud messaging can help to prevent fraud by:

• Changing a person’s beliefs and perceptions about the risks and possible benefits of committing fraud; and
• Influencing the attitudes and behaviours of ordinary people and criminals - most importantly stopping them from attempting to commit fraud in the future.

Fraudster personas are not only useful to teams directly dealing with fraud prevention, such as  those working in risk or finance.They can also help policy teams to co-design fraud resilient programmes and functions, by helping them to recognise the common actions fraudsters use to commit fraud.

To effectively recognise where a fraudster might be able to target a new or renewed policy, when designing them policy teams should have a clear understanding of how a fraudster might act to deceive an organisation, fabricate a document, coerce an employee, or exploit a vulnerability. Knowing which methods are used by the different fraudster personas can help a policy team to gain this understanding.

Using fraudster personas alongside other policy design tools, such as business process mapping and customer journeys, can also help to identify how and where non-compliant clients, employees, or service providers might be able to undermine the policy or programme outcomes and commit fraud against an organisation. Fraud resilient programmes and functions are enabled when the common methods used by fraudsters are accounted for during the policy design process.

For example, ‘The Deceiver’ persona will identify programmes that require the bare minimum of information to be provided (a weakness in the control) and target their fraudulent activities towards them.  Being able to recognise where these methods might be used can help an organisation to implement countermeasures to mitigate those risks.

Depending on the risk appetite of the organisation and programme there might also be times where the decision is made to implement a policy which accepts that this risk might happen.  Not considering this risk at all during the policy development stage can pose a bigger risk to an organisation than being able to recognise where some policies, programmes, and functions might have inherent fraud risks.    

By adding the fraudster personas to an organisation’s policy and programme design toolkit, the organisation will be better:

• able to recognise fraud as a risk and unintended consequence.
• informed when undertaking risk assessments.
• placed to identify specific vulnerabilities and design specific controls to mitigate them.
• positioned to adjust policy settings or programme design to reduce the risk of fraud.

Using fraudster personas as a visualisation tool or as reporting categories can help management, stakeholders, and risk committees understand the types of fraud impacting an organisation’s programmes and functions.

This approach can help to identify which fraudulent actions against the organisation are causing the greatest impact. By having a clear understanding of fraud risks and their impacts management, stakeholders and risk committees will be better able to priorities improvements to the organisation’s fraud resilience.

For example, by identifying that an organisation faces a higher risk posed by fraudsters who are able to act as impersonators it can help to direct resources into strengthening identity controls. Or, if an organisation identifies that there is a higher risk posed by fraudsters able to exploit the payment process, they will be able to prioritise efforts to improve internal controls and carry out awareness campaigns to help employees identify suspicious behaviours.

Fraudsters will often use a mixture of several different personas to gain a benefit from an organisation. For example, they may deceive an employee (the Deceiver), impersonate a person (the Impersonator) and fabricate evidence (the Fabricator).

When using fraudster personas to report on specific fraud events it is important to highlight the different combinations of personas that an actor used to carry out the fraudulent action.