In our increasingly electronic, connected world, we’re constantly under attack by individuals and institutions with the intent to facilitate some form of fraud, whether it’s identity theft, cash/asset diversion or a promised exchange for goods or services for an upfront fee that never materializes. Historically most instances of fraud were paper-based or done over the phone, but as our online identity is becoming more and more a part of who we are, we’ve seen steady increases in electronic-based fraudulent transactions.
Typically these fraudulent actions have one purpose in mind, gaining access to cash or an asset that can be easily converted to cash.
We’ve seen several companies be subject to a newer, more sophisticated version of the Nigerian letter scam, popular in the early-to-mid 2000s. The scam involves a company email requiring a change in banking instructions, usually from a known employee or vendor. Typically these emails look very official and end up diverting company or even individual funds into a fraudulent bank account.
Another example is when the payroll administrator of a company received an email from what appeared to be the owner, requesting copies of all W-2s from the prior year for all company employees. The payroll administrator replied with a file of nearly 300 W-2s to a third-party who was pretending to be the owner of the company. The fraud was only discovered when a number of employees reported fraudulent tax returns filed in their name.
Recently, a small business who used phone verification for wire transfers, had their phone number hijacked. The owner of the phone noticed that they had no phone service, went to the phone carrier store where they reinstated the service on the phone. Later they would find that the number was hijacked to approve a wire transfer that was a fraudulent transaction.
The perpetrators of these frauds are counting on one thing, that the transaction will not be verified for accuracy. They prey on weaknesses in systems and processes or the lack of questioning by the recipient.
What can our clients do to minimize the risk of these types of fraud?
- Use ACH and other electronic funds transfers to minimize the risk of diversion or alteration of checks moving through the mail system.
- Utilize the Positive Pay tool provided by your bank. This prevents altered or fraudulent checks from clearing bank accounts.
- Work with your banking institution for enhanced security procedures around wire transfers. Consider systems that utilize random number generators to initiate or approve a wire transfer. Couple this with security systems that recognize the computer or IP address as authorized to initiate the transaction.
- Review banking transactions daily as your ability to recover the funds is time sensitive.
- If any change in payment address or payment instruction is requested, call the company for verbal confirmation.
- For any request of information, consider the risk should this information fall in the wrong hands and increase verification procedures.
- Remember passwords can be hacked.
Technology has changed the ease of access for fraud perpetration, opening the threat of criminal activity to virtually any place on the globe. This makes catching and prosecuting these individuals much more difficult. As employees, we need to be on constant vigilance to protect our company from these attacks and take appropriate steps in our company procedures to ensure proper steps are taken in the event of potential fraudulent activity. The same is true for us as individuals.
For more information on AFS supply chain services, including risk management solutions, call us at 877-242-3383.
Ben Townsend is the CFO for AFS Logistics and a leader in the implementation of new age technologies such as banking services, P-Card programs and informal activity-based costing systems. With over 45 years of experience in the financial sector, Ben is a non-traditional accountant who focuses on supporting AFS as a high value added function for the company stakeholders.