Is it real?
That question may soon be raised even more often in offices, boardrooms, and courtrooms, as digital technology makes it increasingly easier to manipulate and duplicate corporate records.
Contracts, deeds, photographs, letters, e-mails, spreadsheets, audio and video recordings, and even Web sites are just some of the things that can easily altered and reproduced. Gone are the days when forgery and counterfeiting required a steady and skillful hand. Today, an intern with a PC can rapidly knock out perfect clones of the latest Hollywood blockbuster — or a purported employment recommendation from Donald Trump.
Digital forgery hit the headlines last year when CBS News released memos, supposedly written by a late Texas Air National Guard lieutenant colonel, that raised doubts about whether President Bush had fulfilled his obligations to the unit during the Vietnam War. The documents, originally created on a typewriter but distributed as Adobe PDF files, failed to withstand intense scrutiny; several experts hired by media organizations pointed out typographical and formatting inconsistencies. Yet the material was apparently realistic enough to convince several CBS producers and anchorman Dan Rather of their authenticity.
The CBS incident sent up a warning flag for many document security experts, proving that it’s relatively easy to fool a major corporation into accepting as genuine something that’s not. Yet the major document security threat to businesses isn’t from blockbuster political documents or counterfeiting rings — it’s from employees committing or covering up internal malfeasance. “The perpetrator of the fraud in many cases, if not most cases, is someone inside the company,” says Benton Armstrong a partner in PricewaterhouseCoopers’ dispute analysis and investigations practice in San Francisco.
Staying out of the Headlines
Businesses have always had to deal with dishonest employees who cooked the books or forged signatures on phony letters. The challenge today, however, has become far more complex, since a convergence of off-the-shelf hardware and software technologies can enable self-taught forgers and counterfeiters not only to concoct convincing fake documents, but also to cover their tracks in multiple ways. “It’s getting a lot easier to do when you can not only forge the text document, but fake the images and then fake the Website that people are visiting to see that information,” says Daryl Plummer, group vice president and research general manager for software infrastructure at technology research firm Gartner.
In this Sarbanes-Oxley era of open corporate governance, businesses that ignore the threat posed by digital fraudsters can run into serious trouble. “You need all kinds of procedures in place to protect the assets of your business and the integrity of your accounting system,” says former IRS special agent Dave Ellrich, now a forensic accountant at Moore, Ellrich & Neal, a Palm Beach Gardens, Florida, accounting firm. “It’s going to be very difficult to sign off on those things unless there are procedures in place to prevent digital counterfeiting and fraud.”
Beyond the usual safeguards — such as using password protection for personal computers, networks, and software programs, and enabling the editing locks found in many document-publishing and document-distribution programs — how can companies protect themselves against digital forgers and counterfeiters? For starters, businesses should strive to standardize and track the “indicators” that distinguish their genuine paper and electronic documents from imitations. “They need to inventory the types of paper and fonts they use for official corporate documents,” says Plummer, who also recommends using uniquely watermarked paper for even the most routine documents and embedding electronic watermarks into digital files.
Technology manufacturers have also begun to do their part to help fight fake documents. Several vendors now encode the serial number and the manufacturing code of their color laser printers and color copiers on every document those machines produce. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins. The U.S. government already uses these hidden markings to track counterfeiters.
Yet simply pouring money into new technologies won’t provide sufficient protection against fake documents, says Plummer; companies also need access to experts who can tell the difference between phony documents and the real thing. “Businesses need to have, either on retainer or on staff, people who can look at different document indicators and verify the document’s authenticity,” he insists. “That’s the only way to spot a problem before it gets out of control.”
Plummer observes that the threat will continue to grow, even as corporations scramble to install new document safeguards. In fact, some counterfeits may do their damage even if a company discovers them immediately. “Soon it’s going to be so easy for me to go down into my basement and create an image of your CEO having a lunch with someone he shouldn’t be with and distribute it over the Internet,” he says. “It doesn’t matter if it’s true or not. Once the image is out there, it’s in peoples’ heads.”