Focus Training & Solutions is the UK’s leading provider of investigation and fraud prevention courses. They help SMBs and SMEs alike to become knowledgeable (and practical) in preventing fraud from internal and external threats. While they’re based across the Atlantic, we made sure that their tips are ready available online. Enjoy!
Small businesses are one of the most vulnerable to business fraud. And whilst these businesses employ people they fully trust (and like to feel they’ve vetted their employees well) they cannot prevent unpredictable behavior—even it’s from their most trusted partners.
Fraud affects 1 in 4 small businesses every year – with SMEs losing an estimated £18.9 billion ($25.6 million) in the past year. It is important to understand that small business fraud extends past your immediate surroundings, despite the awareness raised by banks and other fraud prevention schemes to be wary of disclosing personal details. UK cyber attacks have been an increasing worry, especially as business cyber crime is reported to be up by 63% in 2017.
That’s actually a 15% decrease from the year of 2016. But 63% is still an alarming number of businesses that do not know how to prevent fraud internally. Or at least they do not have any regulations in place to reduce the risks. Katy Worobec, director of Financial Fraud Action UK states “Customers and businesses need to be alert to the threats posed by the continued rise in impersonation scams attempting to trick them out of their personal details and money.”
In order to protect your business against fraud risks, you must first identify:
- The most common types of frauds that you could potentially expose to your small business
- The member of staff (or staff members) that are most likely to commit fraud
- The steps you can take to implement regulations to prevent the risk of fraud
We’re going to identify them all right here.
Need to Detect Friendly Fraud?
There are five easy ways to perform this task.Tell me more.
Types of fraud
The types of frauds your small business can be exposed to doesn’t differ to a corporate one. However small businesses, especially newly established ones, are generally more susceptible to fraud. Therefore, they need to be aware of the fraud risks that could arise.
Before we get into ways you can protect your small business against fraud, we need to look at the several types of fraud that can arise internally through your employees or externally with suppliers and other third parties. You can split the types of fraud into 6 main categories: assets, payroll and accounting, data, bribery and vendor.
Your assets can be compromised by the following methods:
Cheque forging and tempering
- An employee or customer forging a signature or alters the payee, amount or any other details that cause the cheque to be unauthorised.
- Stealing cash, “skimming”, returns fraud, any other scheme that removes hard currency.
Product, inventory or service theft
- When an employee misuses company services. E.g., Gaining a product or service for free.
- When an employee uses company expense account details for their own personal benefit.
- An employee who exaggerates injuries or disabilities to dupe a company out of their worker’s compensation scheme
Payroll and Accounting
This type of fraud usually involves these methods:
- Also known as larceny. This is a type of fraud caused by someone who controls the funds being used.
Purchasing for personal use
- Using company funds to purchase something for personal use, but records it as a legitimate business purchase in their books.
Accounts payable and receivable
- Accounts payable – one of the most detrimental frauds involves fraudulent expense reimbursements, tampering and billing schemes.
- When an employee sets up a fake supplier account and bills the company for services not provided.
- When a fake or ex-employee is kept on payroll and is still receiving a wage.
- When an employee requests an advance, and doesn’t pay it back.
Here some type of fraud related to data:
Trade and business secret theft
- Acquiring trade secrets and selling them to a competitor.
Access and theft to sensitive data and/or Personally Identifiable Information (PID)
- When an employee steals or shares credit card numbers, client information or other PID and sells them to third parties.
Bribery and corruption
This type of fraud can be caused by these methods:
Bribes and kickbacks
- When an employee pays or provides benefits to another business (or internal official) for their own or company advantages.
- When an employee or supplier substitutes counterfeit or inferior products and/or materials than what was initially agreed. This is usually done to reduce their own costs.
And finally, this type of fraud involves these methods:
- When an employee creates false payments to themselves using the company’s system. This usually involves creating a fake customer or editing an existing, authentic vendor.
- Charging a supplier for more money than initially agreed.
How to prevent fraud in small businesses
Preventing fraud can seem like an impossible and daunting task. However, there are many steps you can take as a small business to protect your monetary and physical assets. One of the most important investments you can make into your business is knowing how to protect it. That will help you put systems in areas where your business is most susceptible to fraud. As a result, it will reduce the likelihood of that fraud to occur once again.
We have compiled a series of tips to help prevent your small business falling victim to fraud:
Know who your customers are
Vetting your customers is just as important as vetting your employees. Whilst most will make a genuine purchase, there are unfortunate cases where customers want to rid you of your monetary assets. Failure to prevent customer fraud can result in profit and liability losses.
There are some simple steps you can take to help prevent small business fraud, keep your sales up and protect your assets:
Identify the threats
Illegitimate customers can utilise a number of methods to commit payment fraud. Some include using someone else’s bank details, forging currency or money laundering. Whichever method a fraudulent customer uses, it will leave you the risk of being out of pocket, either through loss of goods or services and their fraudulent payment.
Methods of payment are one of the front-line ways customers make fraudulent purchases. That can have a detrimental effect in your books. After all, you need to ensure you that make guaranteed sales with legitimate currency. Fraudulent methods of payment can come in the following forms:
It is much easier to copy and print cards with magnetic strips than you might think. Here are just a handful of ways to spot if a customer is using a counterfeit card:
- Observe the symmetry and embossing in the card – is it symmetrical and consistent?
- Some customers will purposefully damage the magnetic strip of a card to force you to enter their card details manually. The long card number might not necessarily match up to what is on the strip
- Match up your receipt with the card used to pay for your goods/service. If the last 4 digits are different, your customer has used a fraudulent card.
Receiving a cheque you can’t cash is one of the most common ways customers can commit payment fraud. The cheque is usually bounced back or rejected by your bank, leaving you out of pocket.
Cheque overpayment is also a very common method. It involves writing a cheque greater than the agreed value, and asking for the difference in change. Once the change is given back, the cheque will usually get rejected and the customer will cease all contact. Here is what we recommend when handling cheques:
- Only accept cheques from customers and suppliers you trust
- Always use a pen when writing a cheque and be sure to cross through any empty spaces.
- Ask for an alternative method of payment if:
- The cheque you receive feels or looks wrong; OR
- The customer writes a cheque for an amount greater than what was initially agreed (and asks for change back)
Fraudulent cash is an old-school tactic of paying for goods, even with the new £5 and £10 polymer notes. The person who handles cash can also use a variety of methods to check what they are receiving is fraudulent. However, that’s only if this person has good internal controls. That being said:
- Check for raised print. You should feel this on words like “Bank of England”. The cash is likely fake if feel a strange texture, or if it feels flat
- The print quality on all polymer notes is extremely sharp. The note is most likely fake if you spot any blurriness in the detailing.
- On a £5 note, the Elizabeth Tower/Big Ben is finely detailed in a window on the note. When you tilt the note, you will observe a coloured rainbow effect
- A £10 note has the same feature but with the Winchester Cathedral
- For US Federal Reserve Notes, there is a watermark imprinted on each note. And each note (e.g., $5 vs. $20) has its own watermark. For example, the Great Seal of the United States is the watermark for the $5 bill.
You can find out more about paper and polymer notes on the Bank of England’s dedicated page to bank notes. Additionally, you can learn more about the US Federal Reserve Notes from the US Currency Education Program.
Short and long firm fraud
Long firm fraud can be defined as fraudulent businesses placing many small orders with wholesalers and suppliers to develop their credit history. They then place a large order and disappear without payment. Short term fraud, on the other hand, is very similar but takes place over a much shorter period of time.
There are several ways you can protect yourself against short and long firm fraud:
- Visit customers at their premises to establish if they are legitimate.
- Check if they have filed account previously through Companies House and have clearly been prepared by an accountant.
- Ensure any supplies you order are delivered to the intended address with identifiable vehicles and couriers.
- Ask for trading references and vet the referees to establish if they are also legitimate.
- Ensure a company has various methods of contact not limited purely to a mobile contact and/or email address.
Vet your customers for their identity
One of the ways you can protect your small business is by investigating your customers and their transactions. If you suspect something isn’t right, it probably isn’t.
- Should you doubt your customer’s identity, gather as much information as you can before accepting payment.
- Asking questions about a customer’s order is a legitimate way to find out their intentions. It also helps you come up with an informed decision about accepting their purchase.
- Online business can add an extra layer of security to transactions by asking for Verified by Visa/Mastercard SecureCode authentication.
Look out for fraudulent or suspicious customer orders
It’s very easy to have suspicions on a placed order or enquiry. Here are some ways you can spot this behaviour and avoid falling victim to fraud:
- Spot if your customers are asking top-line questions at infrequent periods and display a lack of interest in your products or services. This is a fine way to tell if a customer is fraudulent, especially if your products or services are premium.
- Infrequent purchasing, especially when they bulk orders or changes of behaviour.
- If a customer wishes to pay out of your buying process (through cash or direct through PayPal), you may lower your protection to a fraudulent purchase if you agree. Stick to your payment processes to ensure you are covered should the worst ever happen.
- A severe red flag is customers who supply an overseas delivery address. This is a concern, especially if they do not care about delivery costs. Whilst this might be legitimate, follow up with more questions before making an informed decision.
Know your physical and non-physical assets
The value of your business depends on your property, stock, money, customer data and your ideas. These are valuable to fraudsters who try to con you out of your business plans and your business worth.
Here are some ways your business assets can be threatened:
- Internal tampering/business fraud
- Account takeover from a customer or employee
- Hacking and identity fraud
Small business can protect their assets internally and externally using the following steps:
Identify and secure your property and assets
To fully protect your business assets, you must be aware of what they are and how much they are worth. Whilst restricting access to your assets is common knowledge, you need to consider how you can stop unauthorised access.
List together all your tangible (physical) and intangible (digital) assets. Afterwards, create an action plan on how you’ll secure them. It might not be apparent how worthy your assets are to begin with. For example, the loss of data can be highly detrimental to your company. Unauthorised users can initiate fraudulent activity, and its effects can be quite devastating.
Once you have put strategies in place to prevent fraud against your business and assets, make it a regular occurrence to monitor your implementations. The Information Commissioner’s Office (ICO) has a guide especially for small businesses and how you can protect data.
Protect your business, identity and intellectual property
Your reputation and branding is one of your most valuable assets as a business which fraudsters can make use of for monetary and identity purposes. If steps aren’t taken to protect your identitym then you could suffer a massive loss of money, reputation and credit rating.
Read up on your Intellectual Property Rights (IPR) and find out how you can report copyright infringement. Companies House is often a go to for fraudsters who can then change your filed details. Protected Online Filing (PROOF) is a scheme that enables companies to limit the number of changes that can be filed for a company. As a result, it reduces the likelihood of fraudster’s paper change requests being accepted.
Protect your business and personal data
The Payment Card Industry and Data Security Standard (PCI DSS) is something all businesses must comply with. This applies to all business that handle card, online and offline payments. Non-compliance and resort in your business are huge consequences for any internal or external fraud. You can read up on further information on PCI and compliance here.
Know your suppliers
Purchasing stock, supplies or marketing assets are essential for every business to run.
Invoice fraud from suppliers is one of the most common types of business-to-business fraud. It affects many businesses through the use of fake invoices. It can also involve changes to method of payment that haven’t been fully agreed or cleared. There are many suppliers and illegitimate companies who claim to be established and trusted businesses, regardless of their credit history.
Small businesses must ensure they don’t fall victim to this. By knowing exactly how to fully control and manage your suppliers and their identities will reinforce your small business and who you’re dealing with:
These are the types of fraud you could face with suppliers:
- Fake invoice fraud
- Advanced fees
- Insolvent supplier trade
- Computer software service fraud
- Office supply scams
- Business directory fraud
Small businesses can take action to verify their supplies and reduce the risk of fraud:
Research your suppliers
Simple internet searches on the suppliers business can pull up reviews from other customers. Typing strings like “fraud” or “scam” can bring these up quicker in your search engine. Some suppliers claim to be more established than they really are. Fraudulent or not, they try to establish a good relationship with you over a period of time.
You can take precautions against fraud by establishing a Single Point of Contact (also known as SPOC) with each of your suppliers. Any monies you wish to deal with can be done so with your SPOC instead of someone else within the firm you have not been acquainted with.
Companies House is a great place to check for filed accounts. You can also ask the supplier for their references in order to make an informed decision about business proceedings. Look out for overcharging on goods or invoices where additional charges are added without having been discussed previously.
Keep regular checks on all your suppliers
Over time, even if there is good relationship with your supplier, you must continue to monitor their processes and behaviour.
If their service standards aren’t up to scratch or they begin to break what they promised to deliver, then you’ll increase your chances of being out of pocket. Check the financial health of a supplier by applying for a credit reference agency to carry out a check.
Know your employees
Employee fraud is far more common than you think. Around 80% of all data breaches occur with staff involved in some shape or form, according to the ICO. These breaches can cause significant loss or destruction to your small business. Furthermore, those in the inside of your business are able to know your processes inside and out. That gives them insight into how they could bypass them for financial gain.
Employees within a small business can shape its identity, so you must uphold strict policies on fraud, behaviour and ethics. This will ensure that your reputation and revenue won’t suffer any consequences.
There are various ways employees can commit fraud within a business:
- Asset exploitation
- Personnel management fraud
- Payment fraud
- False accounting
- Travel fraud
- Procurement fraud
Here are ways you can go about employee fraud prevention within your small business:
Monitoring staff behaviour
Keeping an eye out on your employees’ progress, performance and development is good practice. But it can also open you up to any suspicious behaviour from one or more staff members. Such behaviour include members complaining about company policies and procedures or refusing to take holidays. It may even involve complaints about lifestyle change that caused the questionable behaviour.
Most of this behaviour can be explained, but it’s better to be alert of anything that could happen. Even your most loyal and long-serving employees could be tempted to commit fraud, especially if there is mutual trust. So it’s even more important to watch out for changes in behaviour in those you know well.
Anti-fraud and anti-bribery statements
One way of communicating a strict anti-fraud policy is by enforcing it from the beginning. This can be carried out through company introductions, company handbooks and training. This can help establish a zero-tolerance culture, and place an emphasis on fraud being unacceptable within your business.
You can obtain a sample fraud policy statement document from the Fraud Advisory Panel to get started.
Other policies, disciplinary procedures and controls
It is advised to know your full list of assets and where they are stored. This can help you devise a plan on how to protect them from employees with malice intent. There are several ways you can do this. But it depends on the nature and size of a small business. Moreover, it can include things like shadowing over financial processes and reconciliation, or restricting access to associates.
Small business advice for fraud prevention – top tips
Implement clear policies
A solid fraud policy must be in place. Otherwise, employees might not realise the implications or consequences of their actions.
Your business must a have fully documented policies and a procedures handbook to clarify, among other things:
- Your company expectations
- Employee conduct
- Definitions of “fraud”, “theft” and “bribery” and the consequences of violating your terms
These policies should cover every aspect of your business, from tangible to intangible assets.
Educate yourself and employees on fraud
Common passwords used for a variety of processes can increase the risk of assets falling into the wrong hands. You must educate your employees to create secure passwords, and change them on a regular basis.
Keep record of all procedures, ingoings and outgoings
As a small business owner, it’s very easy to be stretched thin by various responsibilities. Consistent and organised record keeping might be the very skill that saves your business from falling victim to fraud.
Keep accurate records of all your assets in the form of inventory/stock control and accounting records. Then monitor what is going in and out of your company, and what billing you’re receiving and giving.
Have a computer dedicated to your accounting needs
Using social media and other recreational websites opens your computer up to a host of vulnerabilities. A primary computer that is solely used for banking and accounting needs can reduce the risk of any cyber crime.
Get insurance cover
Insurance can help recover some or all of the losses if your business does happen to fall victim to fraud. Consult with various insurance firms to find the cover that’s right for your business.
Have a password policy
As mentioned previously, your passwords should be regularly updated. And different ones should be set per process or system you use. Set rules for your passwords (e.g must contain a special character) to ensure passwords are complex enough.
Secure your IT infrastructure
Invest in a firewall as well as specialist anti-virus, spyware and malware detection for your computerised assets.
Ensure you keep several backups of your files if any of your hosts get caught up in a cyber attack. You’ll be able to restore function quickly by having backups. You can even continue working from a different computer.
If you have an enquiry about fraud prevention for your small business, contact Alan or alternatively call on +44 (0) 87 0919 4745.