Avoiding fraud: a guide for businesses
All types of businesses are vulnerable to fraud and indeed many businesses have suffered significant losses through criminal actions, legal costs and a decline in public confidence after an incident. In this article, we will look at some of the most common types of fraud that affect businesses, what the warning signs are and how you can stop your business from becoming a victim of fraud.
What is fraud?
The accepted definition of fraud, as described by the Serious Fraud Office, is an ‘abuse of position, or false representation, or prejudicing of someone’s rights for personal gain’.
Fraud can include activities such as theft, corruption, conspiracy, embezzlement, money laundering, forgery, misappropriation, bribery and extortion.
According to statistics from the Department for Business, Innovation and Skills, as many as a quarter of all businesses in the UK have fallen victim to internet crime in the past year.
‘Phishing’ also known as ‘vishing’ and ‘smishing’ (depending on the platform used) is one particular fraudulent activity which has grown in popularity recently. This is when a business or individual is tricked into handing over important financial information by someone posing as a trusted contact either through email, SMS or over the telephone.
The person may call a business pretending to be a known customer or supplier in an attempt to gain access to their bank details or alter their details in some way.
They may also try to deceive you through email. Often emails may be received that appear to be sent by high-profile retailers or high street banks but have actually been sent by a criminal. When the recipient of the email opens the link in the email they may be directed to a website through which they directly or indirectly give the criminal access to their bank details. If in doubt you should contact the institution by telephone before proceeding, or ignore the email and take no action. A bank should never ask you to confirm your bank details by replying to an email or by clicking on a link.
Companies which sell goods online can also fall victim to fraudsters but can protect themselves through verification tools such as ‘Verified by Visa’ and ‘MasterCard Secure Code’. These types of systems ask a customer to input pin numbers and specific personal information that only they should know as a means for verifying their identity.
Fraud can be perpetrated in one of three ways; by employees working within your business (known as internal fraud), by people outside of your organisation (known as external fraud) or when these two parties work together to deceive you.
Criminals unknown to you are a genuine threat and may attempt to extract money from you or your clients in a number of different ways.
The speed and convenience of electronic transactions and credit cards are of benefit to many businesses and to their customers. However, they can also benefit criminals and card fraud is a serious threat to both companies and their clients.
Although chip and pin devices offer some level of protection to card users, there are many occasions when cards are not always asked for such as when taking payments over the phone or by mail-order.
Retailers can subscribe to the Industry Hot Card File (ICHF) which sends an alert when a transaction is issued on a card that is reported as stolen or lost.
Another example of payment fraud by customers is through counterfeit currency. The Bank of England recommends retailers to check banknotes whenever they are exchanged. Warning signs that a note may be counterfeited include raised print, strange or missing watermarks, off-colours and paper that does not feel like normal money. Retailers can use UV lamps and detector pens to identify fake currency and should make themselves aware of the different security features on currency notes.
Employers should provide training to their employees in how to spot counterfeit notes and a wide range of educational materials are available from the Bank of England website here.
Although the use of cheques has declined in the last 10 years, businesses should remain vigilant when accepting them as a form of payment. It is recommended to only accept cheques and bankers drafts from trusted contacts and to be wary when accepting cheques of a particularly high value. A cheque could still bounce up to six working days after it has been paid in, so it is good practice for sellers not to release any goods before this date.
When drafting cheques, the payable amount should be written as close to the £ sign as possible and a line drawn afterwards to prevent the cheque from being altered to a higher amount.
Businesses should also be on guard when they are receiving orders. A criminal with access to a stolen bank card may make orders which do not fit the pattern of your usual customer’s habits. For example, it might be unusual for one of your customers to purchase an item of particularly high value without first asking questions to ascertain if the product is right for them, or for them to ask to ship the product to an unusual address. Although there might be a perfectly reasonable explanation for this type of behaviour, there is no way of knowing unless questions are asked.
Employees should maintain friendly relationships with customers and be trained to pick up and investigate any tell tale signs that something might not be right.
Another way that fraudsters can target businesses is through fake invoices. This involves a bill or invoice being sent to the business requesting payment, and often the bill may use threatening language which frightens the business owner into paying quickly. These invoices could arrive by email or by post and may appear to be very realistic. For example, they might look as if they have come from a government department or a well-known bank. To safeguard yourself against this it should be made clear to your employees that invoices are only to be paid once a purchase order has been checked.
You may find it surprising that as many as 1 in 5 businesses have been victims of internal fraud at least once during their time trading. Internal Fraud consists of any fraudulent activities that are carried out by a member of staff against their employer.
Despite the vast majority of staff in most organisations being model workers with honest and trustworthy personalities, there are unfortunately a small percentage of staff who seek, whether through planned activities or through opportunity, to defraud their employers.
One example of internal fraud is procurement fraud, which happens when the tender process is ignored. For example, an employee who has relationships with key suppliers and vendors could manipulate costs and funnel the proceeds of manipulated orders into their own account. One way to defend against this type of fraud is to have a cap on contracts with suppliers, for example 20% over or under. If the costs go lower or higher than the expected amount, you can investigate the reasons why this happened. This can be an effective way to nip procurement fraud in the bud.
Staff can also defraud their employers through abusing their allowances. Examples include taking sick leave but working for another employer while absent, or exaggerating expenses claims to receive more payment than is correct. Although these may seem like small deceptions, they shouldn’t be taken lightly. If you want to send the right message to employees, it is important that your company culture dictates a zero-tolerance approach to fraud, in any form.
Internal fraud can be disastrous for businesses and often takes much longer to discover than other forms of fraudulent activities. Because of this it is critical that businesses regularly review potential threats and look for warning signs that fraud may be occurring.
It is also important to monitor the behaviour of staff. Sudden unusual behaviour such as an increase in wealth, change of spending habits and a reluctance to take annual leave could have reasonable motivations, however it could also indicate that fraud is taking place.
Before fingers are pointed, it is critical that businesses understand the best way to highlight fraud is to have a clear idea of where all the company assets reside. If assets are monitored and regularly checked then the chances of fraud occurring can be reduced.
Creating a pleasant work environment can go a long way to preventing employees from going astray. Providing clear growth opportunities and pathways, encouraging positive communication and recognising employee’s hard work can help employees to feel valued and persuade them to act in the interests of the company.
Taking steps to prevent fraud
As fraud can by committed by people both inside and outside of your organisation one of the best ways to prevent internal fraud is to be vigilant in the checks that are preformed on staff before they are given a job. A lack of vetting could allow unsavoury characters to join your workforce.
CV’s should be inspected for anything suspicious such as gaps in employment, and candidates previous employers should be contacted with thorough questions before any offer of employment is made. It is wise to investigate any criminal convictions and reasons for leaving previous roles.
Employers should make new staff members aware of office protocol and any conditions of employment which might help to prevent fraud and theft. For example, having a witness present at all times when dealing with cash or items of high value and placing tight controls on how confidential information is dealt with.
Once employees are educated on the security and anti-fraud policies of the business, they should be provided with a clear way of reporting violations without fear of any repercussions. An easy way to achieve this is to provide an anonymous reporting system.
It is worth noting that when employees switch departments, as they often do, it can be beneficial for them only to be allowed access to the systems and data that is necessary for their new job role.
Another way to send a clear message to employees that fraud is not worth the risk is to undertake audits, both planned and unplanned. This can highlight any wrongdoings and also help you to discover any areas of potential vulnerability.
When dealing with cyber activities, it is important to be prepared. So, take advice from qualified IT professionals and have anti-virus software installed and regularly updated to tackle ever-evolving threats from criminals. Be sure to check the security certificates of websites where you may be giving away sensitive information and stay on guard when responding to emails as even contacts that you trust may have been compromised.
When dealing with enquiries, whether through email, over the phone or in-person, businesses and their staff should be aware of the latest fraud techniques being used. They should be absolutely certain of the identity of a caller before handing over or altering any sensitive information such as bank account details.
Businesses can be extra-vigilant with new customers and suppliers by properly researching them first through credit history, reputation checks and by obtaining references from other companies.
Offices can be the target of a broad range of crimes, such as theft and even terrorism. For more information see our guide “Security for businesses: combating office based crime”.