External Fraud

This is the third installment in my four-part series on fraud. In the first installment I wrote about the Fraud Triangle: pressure, opportunity and rationalization.

In the second installment I talked about Internal (workplace) Fraud. In this installment, the topic is External Fraud. This is fraud committed by someone outside the company; someone other than a “trusted employee.”

External Fraud

There are some things that are stealing that I would not consider External Fraud. These include shoplifting or stealing of equipment. That’s just theft. External Fraud is usually financial in nature and includes credit or debit card fraud and check fraud. All three are common.

With credit or debit card fraud, the fraudster is typically stealing your card information and then buying things with your card. There are plenty of places to get that information, as you’re probably aware. Hackers steal the information from online databases. Tiny electronic readers (skimmers) can pick up the information from public devices such as ATM machines. And, of course, every time you use your card, some clerk or waiter has access to your card information.

Fortunately, the card companies have sophisticated ways to prevent and detect credit and debit card fraud. Credit cards have much stronger protections for the card holder. But debit cards have some protections too. And debit card activity can be easily monitored via online banking.

Check fraud is trickier and it is very common. First, the external fraudster needs to get your bank information. That may be easier than you think. Hackers sometimes do it with online databases. But there are more low-tech ways that criminals get your bank account information. Perhaps the most common is by getting one of your signed checks. This is often done by stealing mail.

Once the thief has one of your signed checks (to anybody), they have the bank, account number, bank routing number and your signature. Creating a phony check with all the right information is simple in any accounting program. And then they roughly forge your signature.  And if you think your bank will catch it, think again. The banks don’t check signatures; it takes too much time. It is cheaper for the banks to just deal with the claims.

So what can one do to protect themselves and their companies? Fortunately, most banks have many treasury management products that can help. The first one is online banking. Someone in the company, perhaps the owner, should check the online activity every day.

Another great tool is Positive Pay. This allows a company to upload to the bank all checks they have written. Essentially, it pre-approves all valid checks to be honored by the bank. If a check is presented to the bank that has not been previously submitted through Positive Pay, you are given the opportunity to approve or refuse the check being presented.

Besides check fraud, ACH fraud is another worry. This is fraud via the Automated Clearing House system the banks use. The fraudster creates a direct payment from your account to theirs. Think it can’t happen to you? In 2010, 72 percent of businesses were subject to attempted or actual fraud via checks or ACH.

Fortunately, the banks have ACH Debit Filters which act as preapproval for transfers much like Positive Pay is a preapproval for checks. These systems are not automatic. The company must enroll in the program offered by the bank and then diligently use it.

 

No comments yet.

Leave a Reply