Small Businesses Need Help to Detect Fraud
June 13, 2014
Richard Barker, CEO of Kitmondo.com, asserts “The common perception is that fraudsters target little old ladies and con them out of their life savings. But [a Kitmondo.com] survey shows even experienced, street-wise business owners can walk headfirst into a scam and lose money.” In a press release I received from Barker, he adds, “Fraudsters are enjoying rich pickings in B2B markets, with respondents reporting average losses of more than $40,000 each as result of fraud. … Businesses can expect to be victims of fraud at least once every 15 months.” Last year, Caron Beesley, a small business owner who works with the U.S. Small Business Administration, reported that, when all sources of fraud are considered (not just B2B fraud), average losses could be three times higher than the Kitmondo survey found. “According to the Association of Certified Fraud Examiners (ACFE),” she wrote, “companies with less than 100 employees lose approximately $155,000 as a result of fraud each year. Small businesses also have a higher fraud rate than larger companies and non-business owners.” [“7 Ways to Protect Your Small Business from Fraud and Cybercrime,” U.S. Small Business Administration, 8 May 2013]
According to Barker, “Bogus buyers were the most common source of fraud, responsible for 63% of losses, with payment scams the most likely cause. Several businesses reported six figure losses and two respondents were defrauded out of $500,000.” Beesley adds, “One of the most frequent sources of fraud is credit card abuse – largely due to the fact that few business owners actually take the time to go through every line item on their bill or choose to mingle business and personal accounts. Other sources of fraud stem from an overall lack of security across the business – such as inadequate network and computer security and a lack of background checks when hiring employees.” As Lauren Simonds notes, “It’s tough enough to grow a business without people ripping you off.” [“Arresting Small Business Fraud,” Time, 17 May 2013] Barker notes, “89.58% of respondents said they believed the risk of fraud to their business had increased or was as just was just as bad” as in the past. However, neither Beesley nor Simonds believe that business owners need to submit meekly to the inevitability of being a victim. Together they offer eleven recommendations that allow owners to fight back. Beesley’s first recommendation is to protect your money. She writes:
“Protect Your Credit Cards and Bank Accounts – Since this is a common area of fraud for everyone from sole proprietors to employee-based firms, this one goes at the top of the list. Start by separating your personal banking and credit cards from your business accounts – this will ensure fraudsters don’t get their hands on ALL your money. Separating your accounts will also make it easier to track your business expenses and report deductions on your tax return. Next, make sure you use your card wisely. Don’t hand over your plastic or your card number to employees or companies with which you don’t have a familiar relationship. Switch to online bill pay or make sure you store paper bills securely. Likewise, use a secure mailbox for receiving and sending bills. If you don’t have one, deposit your mail directly at the post office (this goes for any mail that contains sensitive information – you don’t want to leave it lying around in an unsecured mailbox). Lastly, be sure to check your online banking every day for suspicious activity.”
All of Simonds’ recommendations deal with guarding your money and they complement Beesley’s suggestions. She writes:
“Compare checks to invoices: Keep a sharp eye on any incoming cashier’s or business checks you process. The checks may look real, and they might even make it past phone or online confirmation. The problem, however, is that they may not correspond with your customer’s order. That sketchy check is usually followed up by a distraught or embarrassed ‘customer’ asking for a refund. It can take weeks for a bank to deal with a fraudulent check, which gives the perpetrator plenty of time to make a clean getaway with your money.
“Institute a wire transfer policy: If you allow your customers to pay with wire transfers, you run the risk of having your business account cleaned out by an informed criminal. Fortunately, there’s an easy fix. Ask your bank to set up a free checking account and use it only for accepting wire transfers. Now you can provide customers with the account number and routing information knowing that you’ve minimized the risk of unauthorized ACH transactions wiping out your business.
“Apply for funding only from legitimate sources: You can find anything online, including websites that purport to fund entrepreneurs, start-ups and small businesses. In reality, it’s just another variation on a phishing scam, designed to get your personal references and account information. Armed with that info, scammers can gain access to your bank accounts and even set up fraudulent credit card processing accounts in your company’s name. Be smart: only apply for funding through proven, legitimate lenders.
“Don’t pay bills before confirming you incurred them: Another popular ploy used by scammers is to trick company employees into authorizing purchases. What follows, typically, is an escalating onslaught of abusive calls and threats in an attempt to extract payment. The Federal Trade Commission says that small print on a survey or a directory listing request does not an order make, and that contracts made without authorized consent can’t be enforced.”
All of those suggestions apply to what could be called “front door fraud.” This kind of activity generally leaves a paper trail even if some of the paperwork is forged or fake. As even large businesses have learned, there are also backdoor ways to defraud you of money and those methods almost always involve cybercrime. Beesley’s next three recommendations offer ways to combat cybercrime.
“Secure Your IT Infrastructure – Every business owner should invest in a firewall as well as anti-virus, malware and spyware detection software. Backing-up is also a must and will make it a lot easier for you to continue working in the event of a cyber attack. This blog offers more advice on what to look out for and digs deeper into your options: 4 Ways to Safeguard and Protect Your Small Business Data.
“Use a Dedicated Computer for Banking – This is a great idea from Forbes magazine’s 5 Ways Small Businesses Can Protect Against Cybercrime. Use a dedicated computer for all your online financial transactions and, ideally, make sure it’s one that isn’t used for other online activity such as social media, email and web-surfing which can open up the machine to vulnerabilities. Avoid mobile banking if you can.
“Have a Password Policy – Another easy step you can take to protect your IT systems is to institute a password policy.
- Make sure you and your employees change them regularly (every 60 to 90 days is good rule)
- Set rules that ensure passwords are complex (i.e. contain one upper case letter, one number and must be a minimum of eight characters)
- Use different passwords for different online and system accounts
Experts in the cybersecurity business have insisted for a long time that the weakest link in your IT system is generally your people not your hardware or software. That’s why Beesley’s next two recommendations deal with personnel issues.
“Educate Your Staff – Employees are perhaps your biggest point of vulnerability when it comes to fraud, but they are also your first line of defense. Hold regular training sessions on basic security threats (online and off) and prevention measures – both for new hires and seasoned staff. Enforce the training by instituting policies that guide employees on the proper use and handling of company confidential information, including financial data, personnel and customer information. For ideas on what to include in your training, check out the resources offered by small business groups like your local Small Business Development Center or Women’s Business Center (find one near you here), you could also look out for free online webinars from security organizations and businesses.
“Consider Employee Background Checks – One of the first steps to preventing fraudulent employee behavior is to make the right hiring decision. Basic pre-employment background checks are a good business practice for any employer, especially for those employees who will be handling cash, high-value merchandise, or have access to sensitive customer or financial data. This blog offers tips on which background checks you can legally pursue and some tips for doing your own detective work: Conducting Employee Background Checks – Why Do It and What the Law Allows.”
Finally, Beesley recognizes that even the most careful and detailed plan can have vulnerabilities. Unfortunately, you might only discover those vulnerabilities after you’ve been defrauded; that’s why Beesley’s last recommendation deals with insurance.
“Insure Your Business – Fraud and cybercrime does happen; however, you can still seek to cover your damages by purchasing an insurance policy that protects you against any losses that you may incur from crime or fraud. Likewise, find out what your bank is willing to do to help you out if your credit card or business account is compromised.”
“It’s likely retailers will have to step up the pace of innovation in their fraud prevention and detection activities if they are to recover more of the margin currently being lost to fraudsters,” says Keith Denham, a principal in Deloitte & Touche LLP’s Consumer Products, Retail, and Distribution Advisory practice. “It is time for the retail industry to consider how new technologies and data analytics may help to detect more fraud and improve margins.” [“Using Analytics to Detect Retail Fraud,” Wall Street Journal, 17 March 2014] Eventually, I believe that Big Data analytics will become affordable enough that small businesses will have another tool for fighting fraud. Until then, Beesley’s and Simonds’ recommendations should be taken to heart. Because, as Barker reports, “Being on the receiving end of a fraud doesn’t appear to offer any defense against being duped again in the future.”