The average organization loses 5% of its annual revenues to fraud, according to the 2014 Report to the Nations on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners (ACFE). Bear in mind, that’s the top line of your income statement, not the bottom. So, for every $1 million in annual revenues, your company is expected to lose an average of $50,000 to fraudsters.
Retailers and the SBA Warn About Chip Card Problems
On October 1, a liability shift went into effect for “card present” transactions. The shift encourages businesses to adopt modern “chip” technologies to more effectively combat fraud from counterfeit cards. Chip cards — also known as EuroPay, MasterCard and Visa (EMV) cards — contain tiny metallic squares that generate a unique encrypted code for each transaction. In theory, they’re more secure than magnetic cards when read by an EMV-compliant processing device.
Retailers Speak Out
But many retailers argue chip card protections fall short in the United States, because they don’t require a personal identification number (PIN). Card issuers in Canada and several European, Asian and Latin American countries have seen payment card fraud rates drop significantly after they switched from magnetic cards to chip cards. But cards in those countries require customers to enter PINs.
Some merchants argue that U.S. cards aren’t as protected against counterfeiting as chip-and-PIN cards. U.S. chip cards require only signatures, which are easy to forge — and EMV-compliant card readers don’t authenticate them. To date, no major U.S. credit card issuers have announced plans to switch to chip-and-PIN cards in the near future.
SEC Warns Consumers
The Securities and Exchange Commission (SEC) recently issued a warning about fraud scams being perpetrated against consumers who haven’t yet received a chip card from their bank. These scammers typically email people, pretending to be their card issuer, and request updated account information. Unwary cardholders click on an official-looking link and provide personal information, which perpetrators use to commit identity theft or install malware on the cardholder’s device.
The SEC urges consumers to contact card issuers at the phone numbers listed on their cards, rather than to respond to unsolicited emails (or phone calls). If you receive a suspicious request for personal information in connection with the issuance of a chip card, contact your credit card company as soon as possible.
When a small business falls prey to a fraud scam, it’s often more costly than this average reflects, however. The ACFE’s latest fraud report estimates that the median loss for businesses with fewer than 100 employees was approximately $154,000.
Proactive business owners take steps to minimize their fraud risks. The ACFE has established a weeklong campaign during the third week of November to promote antifraud efforts. You can jump on the bandwagon by initiating a fraud awareness campaign at your workplace. Here are some simple ideas.
Visit the ACFE’s Website
Educating employees about fraud prevention and detection techniques doesn’t necessarily have to be costly or time consuming. In fact, the ACFE offers free resources that managers and owners can download quickly, such as handouts and videos that can serve as training materials for your staff, press releases that can double as content for social media posts and posters to display in your lunchroom. You can even sign up as an official supporter of International Fraud Awareness Week.
Review Your Internal Controls
Chances are good that your company already has policies and procedures in place to prevent and detect fraud. Together, these antifraud efforts are known as your “internal control system.” International Fraud Awareness Week is a good time to pause and reflect on your internal controls. Ask your management team: Are our existing internal controls adequate based on today’s global, technology-driven marketplace? And how could we make them stronger?
The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a joint initiative of five private sector accounting and finance organizations, lists five components of effective internal control systems:
1. Control environment. The ethical tone that management sets filters down the organizational chart. Relevant factors in the control environment include the integrity, ethical values, management operating style and delegation of authority.
2. Risk assessment. Companies should continually evaluate external threats and internal weaknesses. Once they’ve been identified, threats and weaknesses need to be eliminated — or at least reduced and monitored.
3. Information and communication. Strong controls allow employees to identify, capture and exchange information. Effective communication ensures information flows to the right people inside and outside the organization.
4. Control activities. Strong systems include formal policies and procedures to ensure management’s directives are carried out. Examples of control activities include authorization of transactions, accounting reconciliations, supervisory reviews of operating performance, physical security of assets and segregation of duties.
5. Monitoring. Risk factors continually change. Management should continually review and improve antifraud control performance.
COSO recommends that companies design their antifraud controls “to provide reasonable assurance [of] the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations.” A strong internal controls program — including fraud prevention and detection training, proactive data monitoring and analysis, employee support groups, management review and whistleblower hotlines — can be essential in preventing and detecting fraud.
Get Professional Help
Your accountant and attorney are allies in the fight against white collar crime. In fact, many companies solicit outside help with fraud awareness training. A forensic specialist can present on warning signs and real-life horror stories during internal fraud training sessions. He or she also can help the management team perform a formal fraud risk assessment that identifies weaknesses in your internal controls and recommends possible fixes.
If you suspect fraudulent activities, a forensic specialist can discreetly review your books and records in an agreed-upon-procedures engagement. If fraud is unearthed, he or she can expand the scope of the engagement into a full-blown fraud investigation.
Outside fraud examiners are often more efficient than insiders when it comes to investigating fraud, because they’re disinterested third parties with no emotional attachments or preconceived notions about the accused and they’re experienced in common fraud scams and know where to look for evidence. Forensic accountants and attorneys also know how to build a comprehensive case using analytical and interrogation techniques that will withstand legal scrutiny.
An Ongoing Battle
After International Fraud Awareness Week is over, it’s important for businesses to remain focused on fraud awareness, because fraud happens year-round. It needs three elements to occur: opportunity, motive and rationalization. Regular staff training and strong internal controls eliminate the opportunity to commit fraud and deter would-be fraudsters by letting them know that you won’t tolerate fraud and have implemented controls to detect it.