Earlier this year our bank manager called to report that a person attempted to cash a suspicious check for $997. After being questioned about the check, the suspect left the branch before any additional information could be gathered. We learned shortly thereafter that bogus checks totaling thousands of dollars had been successfully cashed against our account the day before.
After getting over the disbelief and frustration of the experience, we opened a new bank account and got back to running our business as usual. Three months later, we received another phone call from a different branch manager with the same story - someone had successfully cashed a fake check against our new account.
It was natural to feel a range of emotions - anger, frustration, worry - because someone had used our company information to defraud the bank and steal money from our account. We thought perhaps we had done something wrong to have this happen twice, but we’ve learned there are many schemes out there to defraud your business at every turn.
The reality is that honest and hardworking business people are generally unaware of how thieves or fraudsters perpetrate their crimes, how prevalent the issue is and how to protect themselves from becoming a victim.
What is fraud?
Fraud is the intentional act of misrepresenting the truth, using unfair means or deceiving an individual or organization in order to enrich oneself.
Fraud against a company can be committed internally by employees, managers or owners of the company, or externally by vendors, customers and fraudsters. Beyond company or organizational fraud there is fraud against individuals, which can also impact a small business if the owner is the victim.
External fraud can cover a broad range of schemes, and some business types are more susceptible to certain types of fraud due to the nature of their businesses. It’s not practical here to report on all possible schemes in detail, but from personal experience and subsequent research I’ll share some areas where you may be vulnerable and may want to explore further to protect your business.
Check fraud. Despite the decline in the number of checks being written, financial institutions report through various surveys that check fraud remains the biggest fraud threat they face. There are several ways that check fraud may occur:
- Check washing is when someone alters the face amount of the check, for example taking a legitimate check written for $1,000 and altering the amount to $10,000. As long as the funds are available, the check will clear the bank since it is a legitimate check. Similarly, thieves may steal checks from the mail and alter the payee’s name, leaving the amount intact, which may go unnoticed even when the account is reconciled since the cleared check numbers and amounts match.
- Creating counterfeit checks from stolen blank check stock allows the forger to write checks that appear to be legitimate.
In our case, someone obtained our bank account information and created fake checks that resembled legitimate checks, using a forged copy of my signature. They produced multiple checks for amounts they believed would not be questioned and then hit as many bank branches as possible before they were turned away. In our case, the fraudster(s) obtained our account information not once, but twice, and used a digital signature.
Your account information is readily available to anyone who has access to your checks, either through vendor payments, payroll, or other payments made via paper checks, or deposit slips. Anyone who comes across the routing and account information could conceivably steal the information to create bogus checks.
While high security features like foil holograms and disappearing ink may prevent some forms of fraud, they do not prevent a criminal from simply using a template to create a fictitious check with your company’s legitimate information. Banks do not typically have the systems in place to effectively prevent this type of theft. While your signature is on file, bank tellers do not always have access to the authorized signer’s signature for comparison, and they do not know what your actual check is supposed to look like. The only real way to safeguard your checks is to enroll in “Check Positive Pay” or a similar system, which will authorize checks for payment only after the system has confirmed you have written the check from your accounting software. While effective at preventing anyone from cashing an unauthorized check or affecting bogus electronic payments, it adds cost burden and administrative time to the business.
Had it not been for a suspicious bank employee, our two cases could have turned out worse. Our bank refunded our money after its investigation, but it took several months. In the meantime we were required to enroll in the Positive Pay program to prevent bogus payments.
ACH and wire fraud
Automatic Clearing House (ACH) and wire transfers are forms of Electronic Funds Transfer (EFT) payments, which are convenient ways for businesses to pay their bills without the expense of handling and using paper checks. The growing popularity of EFT has created new fraud opportunities because criminals are discovering that what they used to do manually they can now do electronically.
ACH fraud can take the form of several schemes but essentially results in fraudsters using your bank routing and account information to initiate electronic fund transfers from your account to theirs, or to apply payments through your bank account. Your account information may be captured through phone schemes, web transactions or through an email phishing attack where once you open a link a virus or malware is installed on your computer or device to capture banking and keystroke information.
Detection of this fraud is critical, both in order to stop it from occurring but also to get your money back. Consumers have 60 days to report the fraud in order to recover funds, while businesses may only have one day. Banks provide services like Positive Pay, ACH blocks or filters to prevent this type of fraud. Audit your processes and security protocols to ensure you are keeping your data safe.
Credit card fraud
Credit card fraud can occur in several forms. Your company credit card information could be stolen through some form of data or information gathering system and then be used to purchase merchandise, gift cards or services with your card. Assuming the card issuer does not detect the fraud due to unusual purchasing behavior, you may not learn of these purchases until you review your billing statement. While you can dispute the charges, the process takes time, is inconvenient and, if the charges go undetected for an extended period of time, may fall outside the statute of limitations to dispute the charges.
Conversely, your business could be victimized by someone paying for service with a stolen credit card. Once the cardholder disputes the charges, the business will likely have to repay the money and may be subject to charge-back fees. While much of the winter work is under contract and payments come from more trusted sources, if your business has one-time clients or new clients that have not established a relationship, follow proper protocols to ensure the legitimate card holder is presenting the card for payment.
A small business owner’s personal credit and business credit are inextricably linked, which could result in serious implications if their identity is stolen and their credit negatively impacted. Businesses may also become the victim of identity theft. Thieves may use false identities to enter into leases or rental agreements or to open credit accounts, which never get paid and aren’t often discovered until creditors send dunning notices or seek collection. Restoring your credit can be a painstaking process — it’s better to be vigilant and proactive in protecting yourself.
Tax identity fraud
Tax identity fraud occurs when someone uses your personal information to file a phony tax return to collect a refund in your name. You’re none the wiser until your legitimate tax return refund is denied since the IRS has a record that it already issued the refund. Correcting the record is time-consuming and frustrating since you have to prove identity theft, and it may take months to sort out. Due to the increase in electronic filing tools, crooks can file a large number of returns in a short period of time.
Your office staff should be trained to detect possible fraud from telemarketers. According to the Better Business Bureau, typical and aggressive telemarketing scams include bogus billing for Yellow Pages advertising, fake directories, questionable specialty advertising product promotions, fraudulent offers for office supplies, business loans, phony promotions and prize offers, and fund-raising appeals from fake charities and non-profit organizations. These attempts to defraud a business may come via phone, fax, mail or email.
Our company was the victim of a business directory listing fraud. We received invoices for a business directory listing we had not requested or authorized. While disputing the claim with the company, they played an audio recording of our office administrator who appeared to be answering questions to authorize the listing. The office administrator recalled the conversation and said she simply took a message but did not initiate service. The edited recording was faked and their billing and dunning efforts were heavy handed. It wasn’t until a copy of the letter we sent to our state’s Attorney General Office was mailed to the fraudsters did their collection efforts cease and they notified us they had made an error.
Evolving threats change as rapidly as technology, and keeping up with the multitude of external threats is quite literally a full-time occupation. A comprehensive network security plan is more than making sure anti-virus licenses are up to date. Consider your needs, exposure and what you have to risk carefully as you look at your IT system and evaluate your current security. Hiring a professional IT service firm, rather than your partner’s second cousin who is “good with computers,” may be a good insurance policy to protect your sensitive records from the array of threats.
You will always be faced with a difficult decision about how much of your time, energy and resources you will put into loss prevention and business protection. What is clear is that smaller businesses are at greater risk to external threats because they often lack the systems, resources and safeguards to prevent fraudulent activity. With increasing threats and a lack of adequate law enforcement to stop the activity, businesses must protect themselves from the ever more sophisticated and determined criminals.
Check fraud tips
- It is important to safeguard your physical checks in a secure location and check inventory periodically.
- Decrease the number of checks you write to reduce the likelihood of someone getting your account information.
- Use electronic bill payment for vendors and direct deposit for payroll.
- Reconcile your bank statements immediately when they arrive. Check online throughout the month to see if there appears to be any suspicious behavior. If you have access to online images of your checks, you can review cleared transactions to ensure they are accurate.
How to spot identity theft
The frequent stream of news reports detailing when businesses are hacked and their customers’ information is compromised reminds us regularly that our personal information is in jeopardy. Your personal data can be used to commit identity theft, or when someone uses your name, social security number, date of birth, credit card number, or other identifying information, without your permission, to commit fraud. For example, someone may use your information to open a credit card account or line of credit, or rent an apartment in your name. Routinely check your credit reports for suspicious activity and check to ensure that accounts and addresses are accurate.
How can you spot identity theft?
- Credit cards or account statements from unexpected businesses
- Letters denying credit for no reason (such as for credit you did not apply for)
- Bills that do not arrive as expected
- Letters and calls about transactions or purchases you did not make
- Charges on your statements from credit card companies, banks and credit unions that you do not recognize and or did not make
Financial accounts and billing statements
Look closely for charges you did not make or do not recognize. Pay attention to even the small amounts. Thieves sometimes will charge your credit card or take a small amount from your checking account and then return to take much more
if the small debit goes unnoticed.
Review your free credit reports from each of the three major credit bureaus (www.annualcreditreport.com). If an identity thief is opening financial accounts in your name, they may appear on your credit report. Look for:
- Inquiries from companies you’ve never contacted
- Accounts you didn’t open
- Wrong amounts on your accounts
Douglas Freer, CSP, owns Blue Moose Snow Co. in Cleveland. Contact him at (216) 539-3688 or firstname.lastname@example.org.