Each year, American businesses suffer staggering losses at the hands of a constantly evolving enemy: fraud and abuse. Here are just a few of the sobering statistics, culled from industry experts:

• Health insurance fraud exceeds $61 billion a year
• Life insurance fraud is estimated at almost $12 billion a year
• Check fraud is estimated to cost up to $20 billion a year
• Consumer lending fraud is $1 billion annually and growing rapidly
• Identity theft estimates have hit $50 billion and are growing

Businesses in every industry are constantly fighting an uphill battle to gain the upper hand against clever thieves who always find new ways to exploit the system to their advantage. As technology has become more sophisticated, so have the criminals. The Internet provides relatively easy access to public documents and sophisticated cross-reference capabilities make it easy for savvy crooks to connect the dots to create new identities, or usurp someone else’s.

Even worse, these attacks are not just the work of outside elements. A joint study by The United States Secret Service and Carnegie-Mellon Software Engineering Institute (CERT) found that a frightening 78 percent of financial cyber crimes were committed by authorized financial institution users.

A New Tool in the Battle: Risk Management

Companies have become smarter, investing in ever-more sophisticated physical security and protection technology to prevent unauthorized access by the bad guys. But little has been done about preventing bad guys from using legally available data and systems to commit fraud and abuse.

“Nothing has changed. The game is exactly the same. In fact, technology has actually made it easier,” said Frank Abagnale, author of Catch Me If You Can and a leading security expert whose knowledge comes from his own experience as a former forger and embezzler.

“The only difference is that what I used to do in months people can now do in days, and even less of the money lost by fraud is ever recovered,” he told a recent gathering of banking industry executives.

Due to the scarcity of police and crime resources, Abagnale said that punishment for fraud is rare and less than 5% of court ordered restitution of stolen funds is achieved. The only viable course of action, he said, is prevention. To mitigate the risk of internal and external fraud, companies need to monitor data in real-time, make decisions quickly and enforce internal controls. This is where enterprise risk management and applied business intelligence technology can play a critical role by helping businesses create methods to identify these abuses and provide escalation paths to compliance or elimination from their systems before damage occurs.