If headlines about data breaches, embezzlement scandals and other business frauds have you worried and interested in fraud protection, you have company. "Almost three-quarters of businesses (72 percent) cite fraud as a growing concern over the past 12 months," according to a survey conducted by credit bureau Experian in 2017 for The 2018 Global Fraud and Identity Report. (Five hundred businesses participated in the survey.)
Frauds by employees cost a median $130,000 per instance, according to the 2018 Report to the Nations: Global Study on Occupational Fraud and Abuse by the Austin, Texas-based Association of Certified Fraud Examiners (ACFE). And in 2,690 cases its members investigated, small firms with fewer than 100 employees lost even more, at $200,000 per instance, the professional organization reported. (The report is "based on the results of the 2017 Global Fraud Survey, an online survey opened to 41,573 Certified Fraud Examiners...from July 2017 to October 2017," according to ACFE.)
The most common frauds against small businesses are corruption schemes in which an employee misuses influence in the company for personal gain, according to attorney and ACFE research specialist Ron Cresswell.
“For example, an employee who works in purchasing might steer a contract to a vendor that is owned by the employee's family member," Cresswell says.
“Another common type of fraud among small businesses is billing schemes, including submitting invoices for fictitious goods or services, submitting invoices for personal purchases or submitting inflated invoices," he adds.
Small businesses are inherently more vulnerable to many types of frauds, explains Berkeley, California-based cybersecurity consultant Nick Merrill.
“The vast majority of small business do not have the resources to hire security officers, and human resources and business development folks are often too busy to screen incoming requests carefully," Merrill says. “Nor or small businesses trained in sniffing out scams."
Fortunately, there are moves business owners can make to effectively provide fraud protection. Here are seven that experts say can help stymy fraudsters:
1. Separate employee duties.
“If there's a separation of duties, the task requires more than one person to complete it," Cresswell says.
“For example," he continues, "one employee should not have the power to approve payments and write checks. Those duties should be divided among two or more employees, so there are several people involved in every payment."
2. Make vacations mandatory.
“Many frauds are discovered when the employee perpetrating the fraud is out of the office," Cresswell says. “Therefore, it's a good idea to require employees to use their vacation time."
Some companies require employees to periodically switch jobs for the same reason.
3. Conduct regular audits.
“If possible, companies should conduct regular audits," Cresswell says.
Audits by external, as well as internal, auditors can uncover irregularities in the books that point to frauds.
4. Require fraud training.
“Training is the best policy," Merrill says. “Have someone come in and educate the business about likely scams. These trainings take an hour and a half one time, and make the scams much, much less likely to work."
5. Set up a fraud tip hotline.
The ACFE study said tips were the number-one way in which frauds were detected.
Employers can collect tips via anonymous phone lines or websites and may offer rewards for tips that reveal illicit schemes.
6. Backup critical data.
“Ransomware attacks have been on the rise recently," Cresswell says. “The best defense against ransomware is to regularly backup all critical data. Companies with secure and reliable backups won't lose their data, so they can't be harmed by a ransomware attack."
Training employees to avoid opening phishing emails that try to trick them into visiting malicious sites or downloading viruses is also important.
Many frauds are discovered when the employee perpetrating the fraud is out of the office. Therefore, it's a good idea to require employees to use their vacation time.
—Ron Cresswell, research specialist, Association of Certified Fraud Examiners (ACFE)
7. Use data analytics to spot fraudulent behavior.
Adaptive behavioral analytics can identify people who are likely to be engaging in fraudulent activities. These technologies analyze data such as how fast people are spending money, how rapidly they move around a website and even how hard they press on a phone's screen.
“We're able to understand consumers and customers as they interact with businesses and use that behavior to prevent fraud," explains Dave Excell, founder and chief technology officer of Featurespace, an Atlanta-based provider of adaptive behavioral analytics solutions.
Limits of Fraud Protection
By these means and others, fraud can be reduced. The ACFE study found that companies that used internal fraud controls uncovered schemes faster and suffered smaller monetary losses.
However, there can be such a thing as too much fraud protection.
Customers don't like it when they are required to do too much to identify themselves when logging on as user to a bank or other business website, Excell notes.
“And you don't want to incorrectly identify a customer as fraudulent," he adds.
Anti-fraud technologies are gaining favor with businesses trying to reduce fraud because they often don't require customers to do as much to prove they are legitimate.
“If we can reduce that, it maintains loyalty and retention and the ability to sell more to those customers," Excell says. “In addition to loss prevention, we see that is being able to enable customer retention."
The history of fraud is a cat-and-mouse game as businesses devise solutions followed by fraudsters coming up with new ways to get around them.
“Technological advances create new challenges but also new benefits," Cresswell says. “Data is now an asset, so there's more data theft and identity theft. But anti-fraud professionals have new tools to combat cybercrime. Data analytics can be very effective in detecting and preventing cybercrime."
Read more articles on risk assessment.
Photo: Getty Images
