Business fraud can become a major issue for your enterprise, regardless of what size your company is, what you sell or where you operate.
Beyond the financial hardships that could occur as you deal with known instances of deception and prevent future issues, fraud problems could cause current and potential customers to lose trust in your business. Subsequently, they might decide they don’t want to support your brand.
Here are 10 practical steps to take that could make fraud less likely for your company:
1. Look for Suspicious Signs Associated With Credit Card Usage
There are some signs that a person attempting to use a credit card for your business may be doing so dishonestly.
If a person pulls their card out of a back pocket instead of a purse or wallet, that’s unusual. Moreover, if the individual seems especially rushed to complete the transaction and comes into the store near closing time, those two things could indicate a desire to pull the wool over your eyes.
Also, if the card itself seems tampered with or damaged, those characteristics should give cause for concern. The same is true if a customer tells you to type the card numbers into your payment processing system by hand and not bother using the chip-and-pin system or magnetic strip. They may even claim those parts of their card no longer function.
Of course, one strange sign alone does not guarantee a person is trying to commit credit card fraud. Be observant and trust your instincts. If something doesn’t seem right, don’t ignore what you notice.
2. Educate Your Employees About Business Email Compromise Fraud
Business email compromise (BEC) happens when a fraudster either hacks a corporate email account or sends an email from an address that’s almost the same as the real thing.
For example, if the genuine email contains the number one, a hacker might switch that digit for a lowercase letter L, hoping to fool people who only glance at the address portion of the email.
Then, the cybercriminal attempts to scam an email recipient and the business at large by asking for an urgent financial request, often related to wiring money. In a possible scenario, someone posing as the company’s CEO might ask the CEO’s assistant via email to send a large sum to a supposed new client to secure a contract.
In October 2019, Japanese media conglomerate Nikkei confirmed it was the victim of such a scam when an employee got fooled and transferred the equivalent of $29 million to someone claiming to be a management executive.
Employee education is one of the best BEC defenses available to you. Teach workers, some of the features of fraudulent emails, but more importantly, instruct them never to act hastily, even if the sender demands it.
For example, it only takes a minute or two to contact the executive by phone instead of responding to the email. Verify the requested transfer first before proceeding. You may instruct that workers who have the authority to conduct money transfers seek such clarification for any amounts greater than $100, for example. That way, the business cannot be significantly tricked.
3. Be Aware of Loyalty Program Fraud
Loyalty programs can drive purchases by giving customers perks for the remaining patrons of your company. Often, they earn points for each purchase and can redeem them for free things after accumulating enough.
However, loyalty program fraud is an issue that business representatives must tackle by remaining aware.
This kind of scam generally originates from three main groups:
- Hackers — These people do not have direct connections to the loyalty program, but they are often part of organized criminal groups. The participating parties break into the accounts of legitimate loyalty program members and steal the points or use them fraudulently.
- Insiders — The individuals in this group have access to information or tools that allow themselves or others to benefit from rewards programs. For example, if a business uses a punch card-based system, a person who has access to the tool that creates holes may invite friends to receive credit without buying anything.
- Members — These are individuals who rightfully signed up for a loyalty program, but are not using it according to the rules. For example, a person may try to associate their loyalty card number to a purchase they did not make. “Double-dipping” is another common practice, and it happens when people try to redeem points over the phone when speaking to a company representative, plus simultaneously online.
According to details published in 2019 within the Forter Fraud Attack Index, such loyalty program misuse has increased by 89% per year-over-year data. The company’s research also revealed that 1.5 million individuals with compromised loyalty program accounts had additional ones fraudulently opened in their names.
Beyond being aware that loyalty card program trickery exists, you can take strategic steps to prevent it from happening at your company.
Ensure that any online components are behind a secure infrastructure that’s not easily penetrable by malicious outsiders. Also, an anonymous tip hotline or email address could be instrumental in curbing known or suspected deceptions that occur internally.
You could reduce cheating from members by implementing a system whereby evidence of redeemed rewards or newly collected points does not immediately appear on the person’s account. Having that safeguard in place allows you to look for strange behaviour or unusual trends possibly connected with fraud attempts. If you can look at account activity from the back end, such visibility could prevent fraud.
4. Partner With a Merchant Services Company That Offers Robust Protection for Credit Card Transactions
Home Depot and Target are some of the well-known brands that have suffered credit card breaches.
You can avoid being a part of that same infamous group of victims by relying on a merchant services company that provides thorough, trustworthy protection against breaches. For example, if a company uses tokenization and encryption for each credit card number, each number is substituted for a randomly assigned code instead of data that a hacker could use to make a purchase.
If a card’s information gets transformed into a randomized string and is stored with a merchant services company, the business does not have the burden of safeguarding the data. You can probably remember numerous times when companies affected by credit card breaches received blame from media sources and others for falling short in their duty to protect customer data. It’s crucial to prove you’ve done the right things.
The safest approach for your business to take is to insist on choosing a provider that can offer you complete, end-to-end protection. In other words, it starts when a person uses their card, continues through the transaction approval process and ends when you receive information saying the purchase finished successfully.
If you are choosing a merchant services company for the first time, prepare to discuss your must-have features associated with any services offered. Also, speak frankly about your budget and the number of transactions you anticipate handling per month or within another easy-to-measure timeframe.
5. Teach Employees to Protect Valuable Company Information
Workers can unintentionally facilitate business fraud if they do not take proper care when handling sensitive information that contains confidential data or information about the company’s plans that could benefit competitors.
Failing to take a step, such as shredding a document before discarding it or logging out of a computer database before you leave for a few minutes to use the bathroom, could cause unanticipated catastrophes.
Problems can also occur if a burglar steals a laptop from the seat of a car during someone’s business trip, for example. In one recent case, New Zealand’s Commerce Commission, also known as ComCom, dealt with the aftermath associated with the theft of a single laptop containing hundreds of meetings and interview transcripts, some dating back several years.
In that instance, ComCom only admitted that the laptop belonged to an “external provider.” That descriptor suggests an outside party, such as a contractor, may have been the person possessing the device. According to Kroll’s 2019 Global Fraud and Risk Report, a leak of private information was the most commonly cited business risk. As such, it’s a priority to remain mindful of regardless of what kind of business you have.
Also, data breaches sometimes happen with less-modern means of sending or holding information. In Ireland, the Data Protection Commission received nearly 100 reports of violations in 2019. Thirty of those instances were cases of passports sent to the wrong addresses. If a person opened the envelope containing such an identification document that they believed was theirs, a data breach would result.
Regardless of whether you work with contractors or only traditional employees, tell those people about some simple things they can do to stop data from getting into the wrong hands.
Information breaches do not only happen when hackers infiltrate a system. Sometimes they can occur because a worker forgot to take crucial precautions. Aim to establish a company culture where everyone feels like a vital part of a whole. Then, they may be more likely to exercise care.
6. Understand When to Make Code 10 Authorization Requests
Most people have been in the embarrassing situation of trying to use a credit card that’s rightfully theirs and hearing that the transaction was declined. As long as there is enough money available to you to cover the purchase, remedying this problem has often been as easy as contacting the credit card issuer and getting authorization for that transaction.
Credit card providers often flag large purchases as potentially fraudulent. They may also do so if you make a purchase while travelling and forget to tell the credit card company you are away from home.
However, if you are on the other end of things and dealing with a customer who you believe is trying to make a fraudulent purchase with a credit card, there’s something you can do. Make a Code 10 authorization request by calling the card issuer’s voice authorization centre. While doing so, you may be routed to your merchant bank and asked some questions about the suspicious transaction.
All questions posed to you will likely allow for “yes” or “no” responses. That way, you can give details without clueing the cardholder into what’s happening. If you are not comfortable with making a Code 10 request while face to face with the customer, you can also do it once they leave. That approach may stop any attempts of the person to use a card unlawfully at other merchants.
7. Watch Out for Timesheet Fraud
When employees manually record their work hours, the opportunities increase for them to engage in timesheet fraud.
The most common example of this is an employee claiming to work more hours than they genuinely did. Some extreme cases of this kind of lying have included workers saying they worked more than 24 hours in a day — a total impossibility.
Shift-related fraud can also crop up if a person in charge of scheduling gives their friends or favourite workers more hours those who are more or equally qualified. Timesheet errors can happen due to honest mistakes, as well as intentional dishonesty. However, a digital method of tracking hours can help company leaders detect when things are amiss.
For example, some time trackers used by people who work on computers take screenshots every few minutes to show the user’s activity. That feature means an individual cannot leave the clock running and let their hours keep adding up if they’re idle.
Digital trackers also typically have hour limits, meaning supervisors can receive notifications or the program may stop recording the hours if someone surpasses the threshold.
Most digital time trackers usually have metrics interfaces, too. Those can show which workers are most productive, or indicate whether available employees are not getting ample opportunities to work. Such information can allow people in authority to take action if the timing data aren’t adding up as it should or some other discrepancy becomes apparent.
8. Use Strong Passwords and Keep Them Protected
A password could give an unauthorized person nearly limitless access to your company and the service providers you use to keep operations running.
Unfortunately, Yubico’s 2019 State of Password and Authentication Security Behaviors Report revealed some startling conclusions that suggest individuals don’t understand the freedom passwords give to those who shouldn’t have them.
For example, the report showed that 69% of employees share their passwords with colleagues. They may think that doing so boosts productivity, but in reality, this practice erodes security.
Another one of Yubico’s findings was that 51% of respondents said they reuse passwords across personal and business accounts. Password reuse increases the total amount of access enjoyed when someone comes across a stolen password.
Coach your employees to set passwords that are hard for others to guess. They should not include pet names, favourite sports teams, a beloved band or any other detail about a person that’s reasonably easy to learn. Change passwords on a regular schedule and consider using password managers if workers complain that this approach is too cumbersome.
You should also warn people against phishing efforts that try to get them to part with their passwords. Cybercriminals often send emails that appear to be from banks, delivery companies, e-commerce providers or other parties that a business may interact with frequently.
The messages ask for people to enter their passwords, often to “update account information” or “confirm that the details on file are correct.” But legitimate businesses do not ask for passwords, and they remind customers never to give them out.
9. Research Influencers Thoroughly Before Partnering With Them for Campaigns
Influencer marketing could give your business the chance to break into a new market that previously seemed out of reach. It works when someone admired by thousands or more gets their followers to pay attention to your brand, boosting purchases and general interest.
Marketing with influencers is a modern way to increase your reach, and it seems set to continue as a viable option for the foreseeable future. However, reports of influencer fraud have tarnished the method and reminded marketing teams to dig deeper into an influencer’s history.
For example, high follower counts help influencers remain competitive and stand out to potential clients. However, evidence suggests some influencers have “bought” followers or relied on bots to falsely craft an image of success.
You can avoid complications related to influencer fraud by asking for examples of success associated with people or brands the influencer has worked with before. Also, use your common sense when studying an influencer’s information. If one of their accounts has 300,000 followers but only popped up two weeks ago, that could be a red flag, particularly if the person is not an A-list celebrity.
10. Stay on Alert for Insurance-Related Complications
Hopefully, you have business insurance to protect against the many catastrophes your business may face, whether robberies, natural disasters, burst pipes, and other unforeseen circumstances.
If your company operates in an area that was recently affected by a major storm such as a hurricane, be especially vigilant for contractors who may try to conduct scams by insisting they can do any necessary repairs and communicate with your insurer.
The ideal way forward is to contact your insurance company to report damage before hiring anyone. The insurer may send a claims adjuster to the property to verify the information you provided and authorize future payment related to fixing things. Remaining responsible for contacting the insurer yourself makes deception less likely.
Also, be aware that even if you have insurance, the policy may not cover some instances of fraud. There have been court cases where an insurer could prove that a policyholder was not covered for anything related to this crime because the documentation associated with the insurance confirmed that all-important detail somewhere in the fine print of the contract.
Furthermore, the insurer may only agree to cover fraud-related claims if you can prove your company upholds a minimum standard of cybersecurity and undergoes audits at least yearly to assess for weak spots, for example.
Do not be misled into thinking that business insurance is useless. It could stop you from shouldering the hefty financial burdens associated with potential fraud. However, the lesson to learn here is that you should always read every piece of information concerning your policy before entering an agreement. If there are aspects you don’t understand or topics not explicitly covered, ask for clarification instead of making assumptions.
Fight Back Against Business Fraud
The possibilities associated with business fraud should not frighten you so much that you are afraid to grow your company and seize new opportunities.
However, as this list of tips shows, protection against the damaging effects of deception is within your control. You cannot guarantee that scams will not impact your business, but taking precautionary measures can substantially reduce the chances of that happening.