Airline Fraud Survey 2006.8 November 2006
IAAIA Conference – Goa, India
Rania Bejjani
Airline Fraud Survey 20062 ©2006 Deloitte & Touche LLP. Private and confidential
Airline Fraud Survey 2006Overview
Survey background and participants
Key findings
Recommended actions to reduce fraud
Questions and answers
©2005 Deloitte & Touche LLP. Private and confidential3 Airline Fraud Survey 2006
Survey background and participants
Airline Fraud Survey 20064 ©2006 Deloitte & Touche LLP. Private and confidential
Airline Fraud Survey 2006Objectives
Our objectives were to:
understand fraud risks and how these are impacting the airline industry around the world
capture the root causes airlines believe are driving certain types of fraud
consider trends of fraud since the last survey in 2000
flag changes and schemes which have been found to help reduce or mitigate these risks
inform the airline industry of the risks it faces, share lessons learnt and promote a more secure and controlled business environment
identify the key step or steps all airlines need to take to address fraud
Airline Fraud Survey 20065 ©2006 Deloitte & Touche LLP. Private and confidential
Airline Fraud Survey 2006Methodology
Key steps included:
Survey questions were pulled together by Deloitte and the IAAIA building on the 2000 IATA/IAAIA survey
Confidential personal invites were sent out to Heads of Internal Audit or Finance Directors (for smaller airlines) to nearly 180 airlines worldwide
Responses have been summarized on an aggregate, collective no-name basis and confidentiality has been maintained at all times
Airline Fraud Survey 20066 ©2006 Deloitte & Touche LLP. Private and confidential
Who participated? Airlines from across the 5 continents
Americas 17%
Africa 7%
Europe 44%
Middle East 10%
Pacific 10%
Asia 12%
Network carriers 76%
Low cost carriers 17%
Charter carriers 7%
Airline Fraud Survey 20067 ©2006 Deloitte & Touche LLP. Private and confidential
Gross Revenue - USD Mil
Minimum 30Maximum 20,712Average 4,442
Participants’ demographics: How do you compare?
Revenue distribution
Number of employees Fleet
< 2,000 employees 24% < 50 aircrafts 49%2,000 - 4,999 26% 50 - 99 17%5,000 - 9,999 17% 100 - 199 15%10,000 - 19,999 12% 200 - 999 17%> 20,000 21% 1000 & more 2%Total 100% Total 100%
Average 13,707 Average 127
In 2000, average employees was: 9980 Average Gross Revenue was: USD 1.9bn
< USD 100M5% USD 101M -
1000M34%
USD 1001M - 2500M22%
> USD 4500M27%
USD 2501M - 4500M12%
©2005 Deloitte & Touche LLP. Private and confidential8 Airline Fraud Survey 2006
Key FindingsOverview
Airline Fraud Survey 20069 ©2006 Deloitte & Touche LLP. Private and confidential
Airline Fraud Survey 2006Key findings
Fraud related loss increased 5 fold since 2000: On average each airline suffered at least USD 3M in 2006
External fraud is by far greater than internal fraud
Credit card fraud is the single most prevalent and costly fraud scheme costing every airline on average nearly USD 1M
99% of technology fraud relates to poor IT security
Airline Fraud Survey 200610 ©2006 Deloitte & Touche LLP. Private and confidential
Airline Fraud Survey 2006Key findings - cont’d
90% think fraud will increase or at least remain the same in 2007
Over 60% have no anti-fraud programmes, do not perform risk assessments and do not track or record fraud
60% rely on IA as a solution to fraud yet airlines have smaller IA teams than other industries
31% discover fraud “by accident” and 45% are informed by external parties
©2005 Deloitte & Touche LLP. Private and confidential11 Airline Fraud Survey 2006
Key FindingsA closer analysis
Airline Fraud Survey 200612 ©2006 Deloitte & Touche LLP. Private and confidential
Number of Cases USD Mil Impact
2000 2006 2000 2006Average
per airline N/A 446 0.6 3.3
How much does fraud cost you?
Have you experienced fraud Yes No
during the last 12 months? 79% 21%
Estimated loss across the industry is USD 600M
On average: Fraud related loss per airline has increased 5 fold since
2000 Every airline has suffered in 2006 a loss of at least USD 3M
Airline Fraud Survey 200613 ©2006 Deloitte & Touche LLP. Private and confidential
External fraud is by far greater than internal fraud in volume and impact
External versus internal fraud
Number of Cases USD Mil Impact
Internal External Total Internal External TotalAverage
per airline 33 413 446 0.4 2.9 3.3
©2005 Deloitte & Touche LLP. Private and confidential14 Airline Fraud Survey 2006
What are the most common and most costly fraud schemes?
©2005 Deloitte & Touche LLP. Private and confidential15 Airline Fraud Survey 2006
External fraud
Airline Fraud Survey 200616 ©2006 Deloitte & Touche LLP. Private and confidential
External fraud schemes – Survey findings
0
1000
2000
3000
4000
5000
6000
7000
Con
flic
t of
inte
rest
Cou
nte
rfeit
tic
kets
Ch
equ
e f
rau
d
Cre
dit
card
fra
ud
Cro
ss b
ord
er
tick
eti
ng
Tech
nolo
gy a
nd
web
Fra
udu
len
t baggage
claim
s
Fre
qu
en
t flyer
pro
gra
mm
e a
bu
se
Alt
er
tick
et
aft
er
sale
frau
d
Tari
ff a
bu
se
Th
eft
of
carg
o
Tic
ket
theft
Th
ird p
art
ypro
vid
ers
' fr
au
d
Oth
er
Nu
mb
er
of
cases
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
30,000,000
35,000,000
40,000,000
US
D im
pact
Proven
Suspected
USD
Airline Fraud Survey 200617 ©2006 Deloitte & Touche LLP. Private and confidential
External fraud schemes – A closer analysis
If we exclude those schemes affecting one airline only, what are the most significant external frauds affecting all airlines?
Credit card fraud: 60% of external fraud related losses relate to credit card abuse
33% of respondents have experienced credit card fraud
Related losses nearly average USD 1M per airline, that’s an estimated at least USD100M across the industry
Technology and web-based fraud: 17% of external fraud losses relate to technology and the web
26% of respondents have suffered USD 10.2M in total
Third party providers’ fraud: 17% of external fraud losses relate to third party providers
10% of respondents have suffered USD 9.3M in total
Credit card fraud is the most prevalent and costly fraud scheme
Airline Fraud Survey 200618 ©2006 Deloitte & Touche LLP. Private and confidential
56%36%
2%
5%
-
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
1,800,000
2,000,000
Europe Americas Africa MiddleEast
Asia Pacific
0%
10%
20%
30%
40%
50%
60%
Average USD cost per airline % of USD cost per location out of total
Understanding credit card fraud
Credit card fraud related average 2000 2006
loss per airline in USD 96k 854k
For large airlines, average cost is USD 2.5M each In Europe and US, average cost is USD 1.5M per airline
Analysis by Gross Revenue Analysis by location
8% 5%
11%
76%
-
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
< USD 100M USD101M - 1000M
USD1001M - 2500M
USD2501M - 4500M
> USD4500M
0%
10%
20%
30%
40%
50%
60%
70%
80%
Average USD cost per airline % of USD cost per revenue bracket out of total
Type % of Total Average USD
Network Carrier 79% 880,157
Low Cost Carrier 21% 1,101,286
Chartered Carrier 0% 100
Total 100% 854,150
Airline Fraud Survey 200619 ©2006 Deloitte & Touche LLP. Private and confidential
Technology and web based fraud
All respondents believe that technology surpassing current controls in place is a key driver of fraud
A third nearly have experienced some form of technology fraud costing USD 10.2M
In 2006, 67% of respondents think additional fraud risks have been taken by their airline because of new technology, compared with 44% in 2000
Contributing to
99% of technology fraud (in volume and USD impact) relate to “Internet payment fraud”
Is your IT security not robust enough?
Credit card fraud related loss Average per airline: USD 1MEstimate across industry: USD 100+M
Airline Fraud Survey 200620 ©2006 Deloitte & Touche LLP. Private and confidential
Third party fraud – What are the common schemes and who are the perpetrators?
8 types of fraud were considered. Below are the top 3:
Other types of fraud reported included theft of airline goods / services and the use of declined credit cards
Types of frauds perpetrated
10 different outsourcing / service providers were considered. Below are the top 3:
Other includes “travel agents” and “advertising agencies”, which were not part of the original 10
Perpetrators of fraud
Billing for services not
rendered75%
Incorrect pricing11%
Double billing14%
20 ©2006 Deloitte & Touche LLP. Private and confidentialAirline Fraud Survey 2006
Other 1%
In flight service
providers 86%
Ground handlers
13%
Airline Fraud Survey 200621 ©2006 Deloitte & Touche LLP. Private and confidential
External fraud schemes – Summary comparison with 2000
In 2000, 3 most common and costly external fraud schemes were: Tariff abuse Ticket theft Credit card fraud
In 2006, 3 most common and costly internal fraud schemes are: Credit card fraud Technology and web-based fraud Third party providers’ fraud
The fraud profile has changed since 2000: Credit card fraud has significantly increased in volume
and costs Ticket theft, tariff abuse and counterfeit tickets have
been experienced by fewer airlines Technology effect is more evident
©2005 Deloitte & Touche LLP. Private and confidential22 Airline Fraud Survey 2006
Internal fraud
Airline Fraud Survey 200623 ©2006 Deloitte & Touche LLP. Private and confidential
0
50
100
150
200
250
300
350
400
450C
on
flic
t of
inte
rest
Div
ers
ion
of
reven
ue
Expen
se a
ccou
nt
frau
d
Forg
ery
of
invoic
es
Fre
qu
en
t flyer
abu
se
Th
eft
of
vari
ou
s ass
ets
Inven
tory
th
eft
(o
n b
oard
sto
ck)
Rota
ble
s th
eft
Kic
kback
s or
secr
et
com
mis
sion
s
Ph
an
tom
ven
dors
Payro
ll fr
au
d
Th
eft
of
carg
o
Man
ual ti
cket
stock
th
eft
Abu
se o
f e-t
ickets
Abu
se o
f pass
en
gers
' pers
on
al deta
ils
Mis
use
of
IT r
eso
urc
es
Un
nece
ssary
pu
rch
ase
s
Oth
er
Num
ber
oc c
ases
-
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
9,000,000
10,000,000
USD
im
pact
Total Proven
Total Suspected
Total USD
Internal fraud schemes – Survey findings
Airline Fraud Survey 200624 ©2006 Deloitte & Touche LLP. Private and confidential
Internal fraud schemes – Summary comparison with 2000
In 2006, the 3 most common internal fraud schemes are: Frequent flyer abuses Inventory theft Cargo theft
In 2006, the 3 most costly internal fraud schemes are: Diversion of revenue Frequent flyer abuses Abuse of passenger personal
details
How does that compare with the 2006 survey?
In 2000, the 3 most common internal fraud schemes were: Cargo theft Ticket theft Expense account fraud
In 2000, the 3 most costly internal fraud schemes were: Payroll theft Cargo theft Ticket theft
Frauds relating to frequent flyer and passenger personal details abuses are on the increase
Airline Fraud Survey 200625 ©2006 Deloitte & Touche LLP. Private and confidential
In progress
66%
No13%
Yes 21%
Compliance with Payment Card Industry standards
33% of respondents have experienced external credit card frauds costing them USD 35M
20% of respondents have experienced internal abuse of passengers’ personal details costing them USD 3.5M
7% have experienced instances where their employees stole the identity of their passengers
24% are not aware of the new Payment Card Industry (PCI) standards by credit card companies
Are the “aware” airlines compliant with the new PCI standards?
©2005 Deloitte & Touche LLP. Private and confidential26 Airline Fraud Survey 2006
Who is more exposed to fraud?
Airline Fraud Survey 200627 ©2006 Deloitte & Touche LLP. Private and confidential
0
200
400
600
800
1,000
< USD 100M USD 101M to 1000M
USD 2501M to4500M
> USD 4500MAvera
ge n
um
ber
of
case
s
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
Avera
ge l
oss
US
D
Average number of cases Average loss
Does size matter?
Company size
Number of External Fraud Cases
USD 2501M- 4500M
26%
> USD 4500M47%
USD 101M - 1000M 13%
USD 1001M - 2500M
7%
Number of Internal Fraud Cases
USD 1001M - 2500M
18%
USD 101M - 1000M 20%
> USD 4500M61%
USD 2501M- 4500M
1%
Airline Fraud Survey 200628 ©2006 Deloitte & Touche LLP. Private and confidential
681
54
0
3
760
53
413
0 100 200 300 400 500 600 700 800
Europe
Americas
Africa
Middle East
Asia
Pacific
Total
Average number of internal fraud
cases per airline
Where is exposure to fraud higher? On average, airlines operating in the Middle East, Americas and the Pacific
are more exposed to internal fraud then their counterparts in other parts of the world
European and Asian airlines experience significantly more external fraud
11
63
35
80
30
44
33
0 10 20 30 40 50 60 70 80 90
Europe
Americas
Africa
Middle East
Asia
Pacific
Total
*
* The high number of cases is driven by one airline in particular. Therefore average may not be truly reflective of the region’s practices.
Average number of external fraud
cases per airline
Airline Fraud Survey 200629 ©2006 Deloitte & Touche LLP. Private and confidential
Does your business model affect fraud exposure?
41 9
304
1,076
346
1,086
-
200
400
600
800
1,000
1,200
Ave
rag
e n
um
be
r o
f fr
au
d c
ase
s
I nternal External Total
Network Carriers Low Cost Carriers Charter Carriers
Low Cost Carriers are significantly more exposed to external fraud
©2005 Deloitte & Touche LLP. Private and confidential30 Airline Fraud Survey 2006
What are the expectations for fraud in 2007?
Airline Fraud Survey 200631 ©2006 Deloitte & Touche LLP. Private and confidential
0% 20% 40% 60% 80% 100%
Changes in routes flown
Complex fare structures
Economic pressure
New products not regulated
Staff reduction
Technology surpassing controls
Weakening of society values
Organized crime
Resources allocated to fraud control
Strongly agree Agree Strongly disagree Disagree
Less Same More
10% 49% 41%
In comparison to 2006, fraud occurrences in 2007 will be:
Fraud expectations for 2007Will the occurrences of fraud increase in comparison to 2006?
The main reasons for the expected fraud increase are:
©2005 Deloitte & Touche LLP. Private and confidential32 Airline Fraud Survey 2006
How well do you manage fraud risks?
Airline Fraud Survey 200633 ©2006 Deloitte & Touche LLP. Private and confidential
How well do you manage fraud?
Airlines surveyed confirmed that they have experienced fraud,
yet:
72% do not have a fraud policy
56% do not perform a risk assessment
65% do not have an anti-fraud programme
63% do not have a whistle-blowing mechanism to report fraud
61% do not have a formal system to track fraud
Airlines lack robust and well established anti-fraud programme to prevent, detect, report and track fraud.
This is increasing your risks of and vulnerability to fraud
Airline Fraud Survey 200634 ©2006 Deloitte & Touche LLP. Private and confidential
How do you assess fraud risk?
39% perform the fraud risk assessment yearly
28% link the risks of fraud identified to anti-fraud programmes and controls
21% follow a set of stringent and consistent procedures when fraud is detected
Only 22% have a good representation from across management, business units and locations when performing the risk assessment
Yes No
44% 56%
Do you perform a regular fraud risk assessment exercise to consider, identify and prioritise risks of fraud?
The risk assessment initiatives being undertaken are not stringent and comprehensive enough to reduce fraud
Airline Fraud Survey 200635 ©2006 Deloitte & Touche LLP. Private and confidential
14 potential mechanisms that airlines rely on to discover fraud were considered in the survey and here are the most common:
Fraud identification - How did you discover the frauds?
50%
31%
43%
5%
50%
40%
26%
19%
14%
5%
57%
0% 10% 20% 30% 40% 50% 60%
Applying standard internal control procedures
Revenue accounting, special fraud checks
By accident
Investigation by management
External audit review
Internal audit review
Notification by employees
Notification by outsiders
Anonymous whistle- blower hotline
Notification by police
Other
Up to 31% discover the frauds by “accident”
Combined 45% of respondents are informed by external parties
Nearly 50% rely on internal assurance processes such as internal audit and internal control procedures
©2005 Deloitte & Touche LLP. Private and confidential36 Airline Fraud Survey 2006
Who is responsible for fraud prevention, detection and
investigation?
Airline Fraud Survey 200637 ©2006 Deloitte & Touche LLP. Private and confidential
Responsibility for fraud prevention, detection and investigation
In 2006, departments responsible for fraud response have remained overall the same compared with 2000
Prevention Detection Investigation
Internal Audit Revenue Billing Internal AuditSecurity Internal Audit Security
Accounting Security
Revenue Accounting Line Management
IT Security are out of the equation
Airline Fraud Survey 200638 ©2006 Deloitte & Touche LLP. Private and confidential
Responsibility for fraud prevention, detection and investigation
0%
10%
20%30%
40%
50%
60%70%
80%
90%
Inte
rnal
au
dit
Acc
ou
nti
ng
dep
artm
ent
Sec
uri
ty
Lin
em
anag
emen
t
Frau
dp
reve
nti
on
gro
up
Rev
enu
eac
cou
nti
ng
Leg
al
Ris
km
anag
emen
t
Oth
er
Prevention Detection Investigation
Percentage of respondents’ reliance on the following departments for fraud response
At least 60% of airlines rely on Internal Audit to prevent, detect and investigate fraud
Airline Fraud Survey 200639 ©2006 Deloitte & Touche LLP. Private and confidential
Department: Average number of staff per department
Accounting 130
Fraud prevention 2
Internal Audit 13
Risk Management 3
Legal 12
Revenue accounting & billing 53
Security 33
Responsibility for fraud prevention, detection and investigation
Have your staffing, retention and training been appropriate to meet these challenges?
Average number of total employees 13,707
Ratio of I A resources per 1000 employees 0.914
Airline Fraud Survey 200640 ©2006 Deloitte & Touche LLP. Private and confidential
How do airlines compare with other industries?
Source of industry figures: The Institute of Internal Auditors' Global Auditing Information Network (GAIN)
Compared with other industries, airlines have smaller internal audit teams
Distribution of I nternal Audit Team Staff Numbers Across I ndustries
I nternal Audit Department Staff Size - Percentage
Industry Group 1 to 10 11 to 25 26 to 50 51 & more Total
Agri/Min/Construction 56% 33% 11% 0% 100%
Petroleum 28% 22% 11% 39% 100%
Wholesale Retail 55% 24% 12% 9% 100%
Chemical / Drugs 56% 24% 8% 12% 100%
Manufacturing 53% 22% 18% 8% 100%
Educational Institutions 86% 12% 2% 0% 100%
Transportation 20% 50% 20% 10% 100%
Communications 43% 19% 19% 19% 100%
Bank / Financial 47% 26% 9% 17% 100%
Util-Gas/Electricity 41% 36% 17% 6% 100%
Insurance 48% 25% 14% 13% 100%
Services 65% 22% 8% 6% 100%Government 40% 25% 19% 16% 100%
Total Universe 54% 24% 12% 11% 100%
Airlines 64% 17% 19% 0% 100%
©2005 Deloitte & Touche LLP. Private and confidential41 Airline Fraud Survey 2006
Actions to reduce fraud
Airline Fraud Survey 200642 ©2006 Deloitte & Touche LLP. Private and confidential
Steps to reduce fraudAre you focusing on the right steps?
Responses from the survey suggest that: improving internal controls increasing reference checks on new employees increased focus by Senior Management on the problem
are considered to be the most effective steps to reduce fraud in the future
Given the findings relating to the most common fraud schemes, how fraud is currently managed and the level
of resources, the above are not enough
Airline Fraud Survey 200643 ©2006 Deloitte & Touche LLP. Private and confidential
The top 3 steps every airline needs to take to address fraud
Implement a preventative anti-fraud programme Assess fraud risks regularly and link them to controls Define a fraud policy and educate your staff Involve all relevant parties and increase senior management focus
Involve IT Security To address credit card and internet payment fraud
To design improved internal controls to keep up with new technologies
To facilitate compliance with PCI standards
Improve your detective capability Larger and fraud-trained internal audit teams with a wider scope/reach
A whistle-blowing / speaking up mechanism to report fraud internally
A central repository to record, monitor and escalate as appropriate
©2005 Deloitte & Touche LLP. Private and confidential44 Airline Fraud Survey 2006
Questions and answers
Airline Fraud Survey 200645 ©2006 Deloitte & Touche LLP. Private and confidential
Statement of Responsibility
DisclaimerDeloitte has made no attempt to verify the reliability of the information or representations provided to us by the organizations participating in the 2006 Airline Fraud Survey. This summary document is limited in nature, and does not comprehend all matters relating to the survey that might be pertinent to your self-assessment. We make no representation as to the sufficiency of this summary for your purposes.
This document should not be viewed as a substitute for other forms of analysis that management should undertake in order to assess whether their internal controls, anti-fraud program or internal audit strategy are adequate or appropriate for the organization’s purposes. The information in this report is not intended to constitute legal, accounting, tax, investment, consulting, or other professional advice or services. Before making any decision or taking any action which might affect your personal finances or business, you should consult a qualified professional advisor.
This document is solely for your informational purposes and internal use and you will not disclose it to any other person or entity. This document is prepared solely for presenting the key findings of the Airline Fraud Survey. Therefore you should not, without our prior written consent, refer to or use our name or this document for any other purpose, disclose them or refer to them in any prospectus or other document, or make them available or communicate them to any other party. No other party is entitled to rely on our document for any purpose whatsoever and thus we accept no liability to any other party who is shown or gains access to this document.
THIS SUMMARY AND THE INFORMATION CONTAINED HEREIN IS PROVIDED “AS IS,” AND DELOITTE MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES REGARDING THIS REPORT OR THE INFORMATION. YOUR USE OF THIS REPORT AND INFORMATION IS AT YOUR OWN RISK. DELOITTE WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE DAMAGES OR OTHER DAMAGES, WHETHER IN AN ACTION OF CONTRACT, STATUTE, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) OR OTHERWISE, RELATING TO THE USE OF THIS REPORT OR INFORMATION.
Deloitte & Touche LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at Stonecutter Court, 1 Stonecutter Street, London EC4A 4TR, United Kingdom. Deloitte & Touche LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu ('DTT'), a Swiss Verein whose member firms are separate and independent legal entities. Neither DTT nor any of its member firms has any liability for each other's acts or omissions. Services are provided by member firms or their subsidiaries and not by DTT.
Member ofDeloitte Touche Tohmatsu
Top Related