Filling in the fraud awareness training gaps

Many organizations provide fraud awareness training for their employees. In fact, according to survey results from Occupational Fraud 2024: A Report to the Nations, 63% of organizations provide awareness training for their staff. However, not all awareness training is created equal, and I’ve witnessed programs that fall short of their intended goals because they lack key elements. So how can organizations bridge those gaps for effective, adaptable and scalable fraud awareness training? In this issue's column, I’ll describe some of the common challenges that organizations face when implementing training programs and provide strategies for deploying effective ones. But first, here’s an explainer on what this training entails.

Who gets fraud awareness training?

Fraud awareness training isn’t an optional, check-the-box exercise — it’s a business imperative. As the 2024 Report to the Nations shows, employees who’ve had fraud awareness training are empowered to help their organizations detect and mitigate losses. Indeed, the report’s survey of Certified Fraud Examiners (CFEs) showed that 67% of employee whistleblowers had fraud awareness training. A strong training program includes internal and external training as follows.

• Organization-wide fraud education and awareness. Everyone in the organization, from entry-level employees to executives get fraud training tailored to their roles.
• Customer fraud education and awareness. Don’t forget your customers! Bringing them along on the anti-fraud journey is essential to helping them learn how to protect themselves from becoming victims of fraud.

Internal fraud awareness training gaps

Here are some internal fraud awareness training gaps I’ve seen:

• Outdated information. Plenty of well-intentioned fraud awareness training programs rely on lengthy slideshows of dense, outdated material. Content should reflect the latest intel to achieve its goal, ensuring that people understand the current threat landscape and their role in identifying or mitigating threats.
• One-size-fits-all material. Providing everyone with the same, basic information should be a baseline, but good training programs drill down to the details, depending on each employee’s role. For example, finance department employees will need to know different things to be effective in managing fraud risks than marketing department employees.
• Lack of tactical, practical insight. Fraud awareness training programs should provide employees with end-to-end case studies and opportunities to practice learned skills. For example, front-end employees might receive training about what happens when a fraud slips by because they’ve bypassed a control. A helpful case study clearly articulates the control, how it was bypassed, the impact it had, and why adhering to it is important. Everyone has a role in fraud management, but how can we really showcase what that means without practice?

Customer training gaps

For customers, gaps in fraud training include:

• Inaccessible information. For example, websites or apps lack easy-to-spot buttons, chat features, and contact numbers for help should customers have concerns about fraud.
• Poor communication: If your organization relies only on email to communicate about fraud, you’re not reaching important demographics who prefer other forms of communication.
• Lackluster messaging. Communications about fraud don’t grab your customers’ attention or effectively convey your message. Generally, customers aren’t fraud or risk management experts. Messaging should explain fraud risks in simple, clear, and engaging language and formats.
• Too much communication or not enough. It can be a struggle to find the sweet spot in your level of outreach. Deluging customers with communications can be overwhelming, but if you’re not communicating enough, you may fail to warn customers about emerging threats.

Where do we go from here?

Take a step back. It might seem counterintuitive, but before you move forward, take a step back and formulate a plan. A major deficit I’ve seen in many training programs is a lack of strategy. An effective fraud awareness training program includes a thoughtful road map and objective planning that covers all the bases.

Take the time to build your strategy. Outline the topics you plan to cover and how you’ll convey those topics to your target audiences. Reserve space for ad hoc training for emerging threats. Ad hoc training should be designed for swift responses with clear steps for developing content, approvals and program rollouts.

Building a strategy leads to multiple benefits. Let’s take customer education and awareness as an example. The "right" amount of communication is a target that varies across industries and audiences; it may take time to find that sweet spot. A strategic approach ensures that you understand when you’re reaching out, to whom and why, with specific goals or expected outcomes for each communication. This allows you to adjust the frequency of communication, thoughtfully, based on results and feedback, to find the right amount of communication for your business and customers.

Create your content. Content should be multimodal, engaging and practical to equip all stakeholders with the tools to effectively execute their roles in fraud prevention. For example, create content tailored to different roles even as you address the objectives of general fraud training for the entire organization.

Evaluate, refine and repeat. Develop a formal approach to evaluate your efforts. For example, you might conduct a post-training survey to assess how well people received the training. It’s important to evaluate whether you’re meeting objectives so that you can fine-tune the process. In many cases, I’ve observed organizations that make changes (or don’t) based on their perception of how things are working. Don’t fall into this trap! Use the results from your assessments to make insight-driven adjustments to your training approaches and content for tangible success.

Measure and report. Build out metrics to track training and awareness activities and outcomes. Metrics may include the number of fraud training sessions offered, the number of staff members who’ve received training, and the results of post-training surveys. With metrics, it’s always best to track outcomes to highlight your return on investment, but sometimes reporting just the numbers (e.g., how many training sessions offered) is a great way to showcase what the fraud team is doing to foster a robust anti-fraud risk culture.

Leverage advanced technology. Advanced and emerging technologies can support your fraud awareness program, such as developing a generative artificial intelligence (AI) chatbot that can help direct a new teller to the proper procedure they need to use for authenticating customers who walk into the branch. Another way to leverage advanced technology is through immersive learning. Immersive learning is an experiential training methodology that often uses virtual reality (VR) to simulate real-world scenarios and train employees in a safe and engaging training environment. In the next section, I’ll walk you through a few case studies that demonstrate applications of immersive learning that can level up your internal fraud awareness training program.

Immersive learning case studies

Case No. 1: Bank tellers

Bank tellers are on the frontlines of fraud prevention. I recently worked with an institution that had branch network fraud issues for many reasons, including:

1. Bank tellers couldn’t comfortably question customers about suspected fraud. They focused more on customer service and less on risk management, which led to higher fraud losses.
2. Employees had varying levels of knowledge about fraud and how it could manifest in their branch, which meant that fraud often went undetected, and the branch had to rely on recovery efforts instead of prevention efforts.

How could immersive learning help? Immersive learning could simulate interactions with various types of customers to help employees learn the difference between a “good” customer and a fraudster. The simulation could show how to identify red flags, how to use internal systems and tools to authenticate customers and transactions, how to ask the right questions, and what to do if fraud is suspected with immediate feedback. This approach goes beyond having an employee read a policy paper or watch a recorded training session. A simulation such as this provides a safe space for employees to test new skills and learn from mistakes.

Case No. 2: Contact-center agents

Contact-center agents are subject to daily barrages of fraud attempts from social engineering scams, account takeovers, unauthorized transactions, and more. Agents face thorny questions such as whether to remove a fraud restriction from an account or approve a money transfer that was declined in app or online. While specific fraud risks depend on the industry, the contact center is an easy-access point for fraud, and contact-center agents need the proper defenses.

I’ve seen the full spectrum of maturity levels in training at contact centers. At one organization I recently supported, agents only had a single-page core procedure document to follow. This page detailed what authentication steps agents needed to take before low-risk (e.g., sign-up or product question) and high-risk (e.g., profile changes) activities, and this led to inconsistencies in performance from one agent to the next and didn’t adequately prepare them for the fraud attempts they had to deal with every day.

How could immersive learning help? In this case, better procedures and operational controls were lacking, and agents needed more training. Immersive learning provides training that a mere document can’t provide, such as simulations of social-engineering attempts or practice with handling calls from potential fraudsters. Simulations give contact-center agents tangible practice in dealing with the actual threats they’ll face on the job and arm them with the know-how to handle a variety of situations that might come their way.

It’s time to close the training gaps

Training might not be the most exciting topic in the anti-fraud world right now, but it’s a necessary component of fraud prevention. With a strategic mindset and a focus on formality, consistency, maturity in content, approaches and objectives, organizations can provide truly effective fraud training for all their stakeholders.

Sophia Carlton, CFE, is a fraud transformation executive at Accenture. Contact her at Sophia.Carlton@Accenture.com.