The not-so-recent shift to the digital environment has attracted new groups of miscreants: hackers that steal money in cyberspace, and companies that deceive consumers and investors by manipulating pricing systems that lack transparency. Both groups use digital fraud to their advantage.
Digital fraud is caused by both external and internal sources:
- External fraud is often based on the exploitation of vulnerabilities caused by third-party hackers.
- Internal fraud arises from regulatory non-compliance or algorithmic manipulation.
To hold the perpetrators accountable, we need to change the way we perceive fraud and understand the schemes.
Federal Agencies Against Digital Fraud
With digital fraud as pervasive as it is, the U.S. government has been working to introduce new initiatives and ramp up the enforcement of existing laws and regulations. Earlier this year, President Biden signed an executive order that requires the disclosure of cybersecurity incidents for companies that operate critical infrastructure. The Cyber Incident Reporting Act requires covered entities to report cybersecurity incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. It also requires entities to report ransomware payments to CISA within 24 hours. Supplemental reports to CISA are also required if the covered entity becomes aware of new information.
Federal agencies are also taking decisive action. The Federal Trade Commission’s (FTC) Safeguards Rule gives authority to the FTC to act when consumers are hurt by deceptive business practices. The rule implicates businesses that fail to take adequate steps to secure consumer data. Similarly, the U.S. Securities and Exchange Commission (SEC) holds companies accountable for failing to implement adequate cybersecurity measures. On March 9, 2022, the SEC proposed amendments to its rules to enhance and standardize cybersecurity-related disclosures for public companies. Under the amended rule, companies would have to provide reports of data breaches, past incidents, and the measures in place to protect the company from hacks.
How Congress is Fighting Digital Fraud
Congress continues to take an active approach to protect consumers from cybercrime. In 2021, bipartisan leaders introduced the Platform Transparency and Accountability Act to address the lack of transparency in many social media platforms. In his testimony to Congress, Nathaniel Persily, Stanford Law Professor and Co-Director of the Cyber Policy Center, chided the lopsided nature of Facebook’s relationships with its users. “That equilibrium – where firm insiders know everything and the rest of us are left to guess – is unsustainable. [Meta] (Facebook) and the other Silicon Valley platforms have lost their right to secrecy.” Persily highlighted that heightened transparency using researchers and third-party audits would provide the right information to individuals “other than those tied to the profit-maximizing mission of the firms.”
On May 19, 2022, a bipartisan group of senators introduced legislation that would take aim at breaking up Big Tech companies by targeting their digital advertising practices. The Competition and Transparency in Digital Advertising Act would block companies that process more than $20 billion in digital transactions each year from participating in more than one part of the “digital advertising ecosystem.” As it stands, Alphabet Inc., (Google), “operates tools that help companies sell and purchase ads, as well as the auction houses, or exchanges, where transactions happen in split seconds.” Under the legislation, Google would not be able to stay in all those businesses, simultaneously selling and buying advertisements, and offering digital advertising space. In addition, the bill also aims to increase transparency by requiring companies to provide advertising customers with information about ad performance. While digital advertising is essential to nearly every business, large companies gaming the system in the digital industry should not be the norm and they should not be able to get away with it.
Whistleblowers are the First Line of Defense
In looking at some of the efforts by the U.S. government to counter cybersecurity fraud, we also recognize that without the help of citizens to identify both the external and internal fraud, there will be challenges with putting elements of every strategy and initiative into action. To that end, whistleblowers are critical to overcoming those challenges in combating low-risk, high-yield digital fraud. Through the sharing of critical information and knowledge provided by whistleblowers, we can take the right step forward to safeguard our digital transactions. Whistleblowers are entitled to a monetary award based on a percentage of the money recovered by the government. Whistleblowers may receive 15-25% of the amounts collected by the government if the government intervenes in the case. If the government declines to intervene in the case and the whistleblower successfully pursues it without the government, the reward is between 25-30% of the amounts collected.
At Sanford Heisler Sharp McKnight our team of lawyers represents whistleblowers to expose cybersecurity fraud. Individuals who are considering blowing the whistle should carefully consider their options for legal representation. If you have any questions or concerns about the cybersecurity policies implemented at your company, please contact our firm online.