Results of a resent survey show that U.S. merchants will lose as much as $3 billion in eCommerce revenue to fraud in 2006, up from $2.8 billion the year before. The good news is that there is a lot you can do to protect your business from fraud-related losses. As long as you keep up your guard and protect yourself, you dramatically reduce your chances of being targeted. This post will help you understand different types of fraud to look out for, and what you can do to keep your business safe.
Credit Card Fraud
Credit card fraud happens when your company releases products or services paid for with a credit card, only to find out later that the transaction was fraudulent and you will not be paid. Here are some examples of these scams and some terms you should know:
A card holder loses or has their credit card and a thief makes unauthorized purchases until the cardholder figures out what’s going on or it’s cancelled.
A thief calls the credit card issuer and impersonates a cardholder using stolen personal information. They have the address and other information of the cardholder changed to an address they control.
Credit Card Mail Order
Using a stolen credit card number, or computer generated card number, a fraudster will order from a website and have it shipped to a fake or forwarding address.
This is the theft of credit card information by an employee, who manually copies down numbers, or uses a pocket-sized magnetic stripe reader. The topic of employee fraud is covered more thoroughly below.
Carding is the name of the process by which thieves verify that stolen credit card information is still valid. Each set of credit card details is presented on a website that has real-time transaction processing. When the transaction is approved, the fraudster knows they have a working card.
To steal information like credit card numbers, an official-looking e-mail is sent to a victim pretending to be from their card issuer. The e-mail states that due to an error of some kind, certain information must be updated or verified to continue your service. A link in the message directs the user to a web page that asks for financial information, and the page looks genuine, because it is easy to fake a valid website.
There are several measures you can take during checkout to help reduce your exposure to fraud. Integrating address verification system (AVS) and card verification number (CVN) checks on your site can help your cause.
AVS involves validating the billing address given by a card customer when placing a telephone or internet order. The address match is based on ZIP code. This system is not foolproof and will, for example, authorize charges when the bill-to address given by the customer is correct and the ship-to address is fraudulent.
CVN verification involves the customer inputting a three-digit code to confirm they possess a genuine credit card. The codes are printed in the signature panel on the back of every MasterCard and Visa card. The card-issuing bank then checks the CVN against its account records. A code is returned that lets you know if the information matches.
You can also take advantage of verification systems like Verified by Visa (http://www.verifiedbyvisa.com/) and MasterCard SecureCode (http://www.mastercardsecurecode.com/). A transaction using Verified by Visa or SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction either using private personal details kept by the bank, a user-chosen password, or a one-time password.
Companies like CyberSource Corporation (http://www.cybersource.com) offer e-commerce retailers comprehensive fraud protection services. Their packages include the previously mentioned security measure along with other fraud protection solutions.
Remember: It is your responsibility to verify that all transactions are legit. Even if you receive an approval on the transaction, all fraudulent transactions result in a chargeback. A chargeback means that the amount of the original sale and a chargeback fee are deducted from your checking or savings account. Again, mistakes come out of your pocket each time. In most instances the law does very little to investigate fraud of this nature. More than likely you will not catch the perpetrators nor hear back from the police. Stopping the fraudsters from the get-go is the only cure.
Identity theft affects consumers and businesses in many ways. Businesses suffer direct loss due to this crime and insufficient security and bad business practices can expose you to liability suits, fines and loss of customers. While no one can totally prevent identity theft, there are steps that a company can take to minimize the risk. Safe information handling practices are the key to keeping personal information out of the hands of thieves.
First, let’s take a look at how criminals gain access to personal information.
• Stealing mail or rummaging through trash
• Eavesdropping on public transactions
• Stealing personal information in computer databases
• Infiltrating an organization that stores personal information
• Impersonating a trusted organization in an electronic communication (a.k.a. phishing)
• Spamming email accounts with instructions to respond for information on contests, special deals, or to help people in need, etc.
As a business owner it is vital that you implement and follow secure information handling processes. Ask yourself some of the following questions when evaluating your information handling practices:
• Do you need the information you are gathering? Are you acquiring it safely?
• What computer security measures have you placed around the systems storing personal data? (Remember: Merchant Services holds you responsible for securing customer data and can actually sue for damages in the event credit card numbers are stolen.)
• Who has access to your customer’s personal data? Is it on a need to know basis and access audited? Is there password control over systems? Did you do a background check on those who have access to personal information of employees and customers? Do temps have access to secure info?
• Are electronic and paper documents containing personal information rendered unreadable prior to disposal?
Here are a few precautions recommended by the Federal Trade Commission (http://www.ftc.gov/):
• Shred documents and paperwork which contain personal information before you discard them.
• Don’t give out personal information unless you know who you are dealing with.
• Never click on links in unsolicited emails; instead, type in a web address which you know.
• Use firewalls, anti-spyware, and anti-virus software to protect computers.
Just remember: Your customers are trusting that you will handle their information with the utmost care. Follow the golden rule: treat your customer’s data as you would like your information to be handled. It’s simply not worth the risk to do otherwise.
Sometimes when you least expect it, someone from within your organization attempts to steal money from your company. This can be a particularly painful experience for a business owner, particularly when someone you trust commits these acts of fraud. The truth is that whether you are working with strangers or your best friend of 20 years, you should put some procedures in place to avoid embezzlement and other types of financial fraud.
Start by doing background checks on new employees and check their references. You can do this online by visiting sites like http://www.ussearch.com/, http://www.employeescreen.com/, and http://www.crimcheck.com/. Here are a few additional tips that can protect your company from unethical employees:
Checks and balances. One employee should not control a financial process from beginning to end. By dividing up and creating a system of redundancies, you will make it more difficult for a person to steal from you and manipulate your records to cover it up. For example, if one employee is responsible for printing payroll checks, you should sign them and another person should be responsible for recording payroll.
Review bank statements. This is one of the best ways to catch fraud. You or your accountant should receive unopened bank statements and canceled checks each month and review them carefully. You can even look at your online statement daily for gross inconsistencies. Examine payees, signatures and endorsements on each check. Keep an eye out for indications of fraud such as:
• Signatures that look forged
• Checks to suppliers or people you don’t know
• Missing checks, or check numbers that are out of order
• Checks made out to cash that are larger than the amount you allow for petty cash
• Checks made out to a third party but endorsed by someone in your company
• Checks where the payee listed does not match the name in your register
Keep checks safe. Keep corporate checks in locked drawer and don’t give out the key. Use pre-numbered checks, and check for missing check numbers frequently. Have a procedure in place that requires you to validate all voided items. Require all checks above a nominal amount to have two signatures (one of which is yours). And never, ever sign a blank check.
Review your receivables. Have more than one employee involved in counting and verifying incoming receipts. Make sure all incoming checks are properly endorsed. Consider buying a “for deposit only” stamp, and use it on all incoming payments.
Make employees take a vacation. It takes continuous work to cover up embezzlement. Insist that employees who handle money take vacation every year. Use this time to have someone else review your books and look for discrepancies.
Have your books audited. Bring in a third party at least once a year to conduct an audit of your books. This makes it difficult for an embezzler to cover his or her actions. This audit should be unscheduled and a surprise.
Understand your books. Embezzlement commonly occurs when bookkeeping is sloppy, which makes it easy for an employee to keep cash and receipts. As the business owner, you must be familiar with your company’s bookkeeping and record keeping system. This way you can easily review the books and make sure nothing is out of order. If you’re not someone who is good with numbers, have your accountant spend some time to show you what to look for.
Secure your software. Don’t allow unauthorized access to your bookkeeping software. Don’t put the computer that holds your books on your network. Make sure both the computer and the software are password-protected. Change the password frequently to lock out unauthorized persons from this program. If you still use paper ledgers, keep them under lock and key.
It’s not just money your employees can steel from you. Make sure you keep an eye on your office supplies. Employee theft of envelopes, paper, pens, etc. can slowly chip away at your bottom line. Also keep a close watch on your mail funds to be sure employees are not using office stamps or a Pitney Bowes machine to send personal packages either via USPS or with UPS/FedEx account numbers. Make sure to check your UPS/FedEx statements for 3rd party billing.
Other Fraud Scams
Many businesses are targets of other kinds of fraudulent or deceptive practices beyond the previously discussed. It’s important you and your employees know in advance about the many varieties of scams out there. Be cautious of the following:
Most businesses are regularly asked to donate funds to needy causes. Before agreeing to make a donation or lend support to a charitable cause, make sure you verify the legitimacy of the organization and understand how funds will be used.
If you are asked to participate in coupon book, make sure you understand the total cost to your business, the number of coupon books to be sold and distributed, the marketing area to be covered, and the type of clientele to be solicited.
Prize offers are commonly used to extract money from businesses. Vacations, precious gems or luxury cars are offered in exchange for hundreds of dollars in advertising specialty products, such as pens, mugs, key chains, or other items with the company’s name on them. No matter how they’re packaged and how official they look, if you have to pay to win or receive a free gift, it’s probably not worth the money.
Your company gets a call from someone who wants to find out what brand of office supplies or equipment you use. Another call comes through and the caller claims to represent a company with which you do business. The caller states that surplus merchandise is available at a reduced price due to a cancellation or over-order by another purchaser. The end result: the business pays high prices for low-quality goods from an illegitimate vendor.
Businesses should be on the alert for invoices demanding payment for supplies, goods and services never ordered or received. It’s not uncommon for businesses to lose substantial amounts of money because they fail to question or even recognize these phony demands for payment. The most common type of phony billing scheme involves solicitations for yellow page advertising.
If you are approached to invest in other business opportunities, review all aspects of any agreement before signing. Ask for copies of business and financial statements. Check how long the promoter has been in business or if any complaints have been filed with the Better Business Bureau. Also make sure to obtain the names of other investors and contact them to discuss their experience with the plan.
You are contacted because you or your company has been chosen to be included in a “Who’s Who in the Business World” publication. The vanity publisher counts on people who think they’ve received a special recognition being more than willing to pay to see their name in print. The publisher charges a fee for the privilege of being included in the listing, and then tries to sell copies of the book at inflated prices.
A Few Additional Tips
We’ve explored several different types of fraud and have discussed how you can work to avoid these problems. Here are a few additional practices that can help your cause:
• Request new credit card number for the card given to vendors once or twice a year. This will help you avoid someone stealing your company’s credit card information.
• Ship only to the USA and Canada. You have little or no recourse in the event of a fraudulent transaction when you ship internationally. 95% of the time you lose the sale due to excessive shipping costs anyway.
• Either do not accept checks or hold them for 10 business days to ensure sufficient funds.
• Always verify and confirm all transactions over $200 or a suitable amount for your business. Thieves do not place a $19 order; their greed overwhelms them and they go for the mother load!
• Make sure the billing address is the same as what is on record with their credit card company. Do so by calling merchant services and checking the address. Make sure they are shipping to that same address. Most of the time a thief has a billing address but forwards the package to a vacant house and waits for UPS to drop it off on the front porch. So always look for different “bill to” and “ship to” addresses. Remember though that this isn’t always an indicator of fraud.
• Check with merchant services that the phone number given is the same as what is on record. Call the customer’s number and verify the order. If the number is bad or if it is a cell number, be suspicious. To check if a number is a cell or land line go to http://www.fonefinder.net/.
• Look out for back to back high value orders to the same address or address close by.
What to do if You Are Targeted
Regardless of the situation, if your business falls victim to fraud the first thing you want to do is report the situation to law enforcement.
If you are targeted by a credit card fraudster, you also will want to contact your bank to let them know what is going on. Credit card fraud can be reported to the Federal Trade Commission, but they will not investigate reports where the value of fraud does not exceed $2000. Local or regional law enforcement may or may not further investigate a credit card fraud, depending on the amount, type of fraud, and where the fraud originated from.
If you have reason to believe that your business has been targeted by identity thieves, you will need to inform your customers of the security breach. Tell them to inform their bank, the police, and other creditors or utility providers. Encourage them to keep an eye on bank statements. Have them obtain a copy of their credit file from a credit report agencies such as Experian (http://www.experian.com/) or Equifax (http://www.equifax.com/). They can file a report with these agencies to have their credit report monitored for unusual activity.
To help others avoid fraud, make sure to report the situation to National Fraud Information Center (http://www.fraud.org/) and the Better Business Bureau.
There’s a lot to look out for when it comes to the protection of your business. And, the truth is that you can’t necessarily protect yourself against every eventuality. There is a lot you can do to avoid falling victim to corrupt fraudsters. You just need to spend some time implementing processes that will safeguard your business and customers.
IMPress Check List
Below is a list of the steps that will help you as you protect your business against various kinds of fraud. Check off each step as you complete it to keep track of your progress.
- Understand what to look out for with credit card fraud
- Implement security measures to avoid credit card fraud (AVS, CVN, etc.)
- Be aware of common ways that thieves obtain personal information
- Employ procedures to avoid the theft of personal data that you collect
- Get to know new employees by running background checks and verifying their references
- Put additional procedures in place to deter employee theft
- Familiarize yourself and employees with some of the other scams and cons out there
- Devise additional procedures to keep your business safe
- Develop protocols for dealing with incidences of fraud