Scott Anderson, VP, Treasury Management
It’s easy for small business owners to feel relatively safe from fraud – the workers know each other, and most of the customers do too. But unfortunately, familiarity doesn’t equal safety.
In fact, 22% of fraud cases come from organizations with fewer than 100 people, experiencing a median loss of $150,000, according to the Association of Certified Fraud Examiners.
Are you confident you know who is on the other end of the line? It could be a scammer pretending to be someone you trust.
But, what should you look out for? The Federal Trade Commission (FTC), lists these three common tactics fraudsters use against small businesses:
- Pretending to be someone you trust. Scammers will often pretend to be affiliated with a company you already know or even a government agency.
- Creating a sense of urgency. They may try to rush you into making a decision immediately, without giving you time to research or consider the consequences.
- Using untraceable methods of payment. You may be told something terrible could happen to try and trick you into sending money before you can investigate.
Protect Your Company from External Business Fraud
So, what can you do to protect yourself? The key word is verify.
- Check all invoices carefully. Don’t send a payment until you know the bill is for items that were legitimately ordered and received. Make sure procedures for approving invoices and other expenses are clear, and limit the number of people authorized to place orders in the first place. And, if someone asks you to pay using one of those untraceable methods, that is a red flag alerting you that it is likely a scam.
It’s important to keep good records of your invoices and vendor contracts. Expenses and expectations should be clear and easy to track.
- Be tech aware. For example, fraudsters can easily fake caller ID information, and they do so often in the hopes of tricking you into believing they work for a government agency or a trusted vendor. Email addresses and websites are also easy to fake. Plus, scammers can hack into the social media accounts of people you trust. If you receive a message you weren’t expecting, or even one that just seems “off” – don’t click on or download any included attachments. They could contain viruses that harm your computer. To further protect yourself, make sure your organization’s files, passwords, and other important information is secure and backed up.
- Know the company you’re dealing with. Before you sign on to do business with a new organization, search their name along with the words “scam” or “complaint.” Take a look at what others have said about them. Your best bet when searching for new business relationships, is to ask other business owners in your community. Positive recommendations from trustworthy people are more reliable than a sales pitch.
Attacks from the Inside
But be aware, fraud can also come from inside your organization.
According to Business Insider, the people most likely to commit these financial crimes are those with access to your funds: bookkeepers, company owners and other executives. Oftentimes, they take on multiple roles within the company, and perform tasks alone, making it easy to conceal what they’re doing. Staff members may trust them, or lack the experience needed to recognize what’s going on.
Employee fraud occurs when an employee engages in fraudulent activity, such as stealing from or deceiving their employer, in order to extract some form of financial or personal benefit.
Internal fraudsters thrive in environments where their activities aren’t generally monitored. But with a procedure in place, you can keep a closer eye on what’s going on behind the scenes. Here are three basic steps to follow:
- Assess fraud risk
- Create and test controls
- Improve controls until they are deemed adequate
Protect Your Company from Internal Business Fraud
There are a number of controls you can use to protect your business against in-house fraud, including:
- Requiring specific documentation for payment requests. For money transfers, keep a paper trail documenting who made the request and why. E-signatures are tracked and time-stamped, but can also use hashing technology to create electronic copies of each version of a document. This allows you to look back if a questionable version ever pops up, and can help you identify a timeframe and the people involved.
- Limiting access to confidential information. Employees should only be able to access the information necessary for them to do their jobs. If there comes a time where they need more information, they should ask for permission and explain why they need it.
- Having multiple people sign off on financial activities. Things like expense reports, payroll, overtime requests or vendor bills should have more than one set of eyes on it for review. Sharing these duties makes falsifying statements increasingly difficult and creates a collective responsibility.
- Mixing up routines with accounting. Enact a requirement that staff who handle bookkeeping regularly take time off from those duties every so often, allowing other employees or an outside firm to handle them. Having a fresh set of eyes makes it much less likely that questionable expenses or procedures will go overlooked.
- Double-checking things that are out of the ordinary. When presented with an unusual bill or given new payment instructions, make sure to call vendors using the verified phone number in your records.
- Getting an impartial look at important documents. Bank statements, reconciliations or vendor payments should be looked at by an independent reviewer or consultant each month.
If you believe you’ve been targeted by a scam, report it to the FTC online FTC.gov/Complaint. Your report can help protect other business owners from falling victim to fraud. You should also alert your state Attorney General. You can find contact information for your state’s Attorney General here. And finally, make sure to let your banker know of your experience.
About the Author
Scott Anderson is a Vice President of Treasury Management at Waterford Bank, N.A. in Toledo, Ohio. As a Certified Treasury Professional (CTP), Scott specializes in helping you optimize cash flow, maintain liquidity, manage risk and operate more efficiently. He is always interested in learning more about your business. Would you like to connect with Scott? Contact us here.