Keeping cons at bay.
BUSINESSES AND individuals are under constant attack by those trying to steal or commit fraud. The headlines are easy to find: "Banks force retailers to pay for card scam", "Optician in 250k [pounds sterling] fake staff scam" and "Optician's secretary stole more than 170,000 [pounds sterling] over five and a half years." The culprits include staff, the public and fraudsters with no direct connection to a practice. Companies and individuals need to take steps to protect their position.
While most are aware that fraud and identity theft affect people, few understand that they hurt businesses too. Companies House says that it sees 50 to 100 cases of identity theft each month, and, worryingly, these cases only cover incorporated businesses.
For example, it is surprisingly easy to hijack a company by changing a director's name, address and the registered business address. Companies House takes documentation at face value--submissions are not checked. Suppliers may check official records and seek a proven credit rating established by a legitimate business. If the data given by a fraudster stacks up, then the deal is done, leaving the victim to pick up the pieces.
There are numerous forms of fraud and many involve a slow burn. A number of these will not affect retailers, but fraudsters have also been known to flood a business with investment and personnel to take control from within. However, there is also 'phoenixism' where directors create a business, wind it up with substantial debt, and then set up an almost identical company to start the process again.
Fraudsters can use sensitive information--a name and address found in bins, combined with other personal information found on the Internet--to steal an identity easily.
Practices are advised to review security on their computers and networks to prevent attacks. Encryption, firewalls, anti virus and bank security software should be used. Navigation to the bank homepage should be direct rather than through a search engine, and computer users should be careful of what they download: data hacks can harvest bank logins, credit card details and Internet passwords.
Directors of incorporated businesses (company or partnership), should invest time on the website of Companies House (www.companieshouse.gov.uk), looking at the protections offered to registered businesses. These programmes make it harder to file unauthorised documents and can alert subscribers to any changes.
Credit referencing agencies such as Equifax (www.equifax. co.uk) and Graydon (www.graydon.co.uk) will monitor a business on a subscription basis and issue an alert of any critical changes. More information is available at the British Information Providers Association (www.bipa.uk.com).
During a time of economic stress, evidence suggests that the risk of employee-based fraud grows. A 2011 CPP survey found instances of staff accessing databases and removing data on USB sticks, as well as cases of staff stealing thousands of pounds from their employer. It is, therefore, important to run checks on business partners and directors, as well as staff. These checks should include their credit history, evidence of a criminal past, and seeking and reading references. The police force offer tips at http://bit.ly/13dniRp.
Businesses must not take everything on trust. They should confirm who they buy from or sell to (non-retail) with checks on telephone, fax, email and website addresses. They should also ensure that area codes match the registered address. It is possible to check for invalid VAT numbers at http://bit.ly/ QJQX2, while and ActionFraud (http://bit.ly/RsVjME) offers good advice.
Businesses can suffer fraud by the most trusted employees; no owner should be complacent. Practices should be confident that they know how to prevent this type of fraud, how to spot it when it occurs, and what course of action they should then take.
Experience indicates that there are three key factors present when fraud occurs. Firstly, there tends to be a culture that encourages the attitudes likely to result in fraud: 'This is how we do things here.' Secondly, a firm with insufficient checks and balances may encourage individuals to think that they can commit minor offences and get away with them. Thirdly, perpetrators typically require a motive. Debts, an affair, or resentment of management are good examples.
It is crucial that everyone, owners and staff alike, should regard themselves as members of a team, working towards a common goal. This can be achieved by better communication with staff, or by remunerating the team in a way which rewards the achievements and contributes to the profits of the firm.
To develop the right culture, rules should be developed which are easy to follow, and staff should appreciate why the rules exist. For example, separating cash handling from cash recording protects the practice from fraud, but it also protects lone workers from accusations of wrongdoing.
Directors who have doubts about internal controls and the segregation of duties should ask their auditors to perform a special fraud health check. However, it is not part of an auditor's duties to detect fraud, so special instructions are needed.
Fraudsters can be difficult to identify and only vigilance will combat this. Often it is the simple things which are overlooked. Never ignore warning signs such as employees who: are protective of their working environment; are always willing to help but decline offers of help from others; never take holidays and are never ill. Also look out also for ostentatious purchases.
Where fraud is discovered, businesses should always prosecute. It is important to set an example. Also, if a fraudster has a record, it will be difficult for them to get another job in a position of trust. Practices should always check the background of any potential employees. Prosecutions help the owners of other businesses.
Before prosecuting, firms should take legal advice to see if any monies can be retrieved first. While the police want a conviction, the victim will want restitution, and the two do not always go hand in hand. It is far better to take court action to freeze assets before calling in the police.
Retail is rife with fraud; the routine scanning of banknotes is one reflection of this. Big opportunities lie in high-value credit transactions involving easily portable goods such as designer frames or sunglasses. Virtually any item can be disposed of via car boot sales or eBay, and a quick succession of low-priced purchases--just below the card's spending limit, or the shop's presumed floor limit--can work well with a card before it is reported stolen and becomes 'hot.' However, the problem is more acute with low value contactless payments via 'wave' technology, which require no pin number.
The credit and debit card companies have been particularly active in countering fraud (341m [pounds sterling] in 2012 according to the UK Cards Association). Reductions in floor limits and Chip and Pin have played a major part, as has an electronic hot card file which transmits details of lost or stolen cards to point-of-sale terminals. Smart systems are also now in place to watch for uncharacteristic usage patterns. However, it should be remembered that stolen credit or debit cards may still be authorised if the owner has not yet missed them or reported them as lost.
Staff need to be coached into following a routine. Suspicious behaviour can include a lack of interest in the goods purchased, for example buying sunglasses without regard to how they look; a customer in a hurry; or other distracting behaviours (or accomplices). An obvious behaviour to look out for is someone who has to refer to a note for their pin number.
Retail credit providers are also taking steps to crack down on fraud, but staff should still watch for customers whose address shows them to be a long way from home. Customers should enter their own personal details onto an agreement form, but should never be given the chance to copy them from other identification.
Where suspicions are aroused, there should be a procedure in place, and staff should be thoroughly trained in it. It aims to avoid a risk of harm to staff or customers; retain the stolen card or bogus identification; apprehend the criminal without undue risk; and avoid giving unnecessary offence to genuine customers who have innocently aroused suspicion. If suspicions are confirmed, the evidence should be preserved. A card should be mutilated so that it cannot be used again, however cutting off the bottom left hand corner is sufficient. The card may also carry fingerprint evidence, so it should be handled as little as possible and preferably by the edges.
More information in fighting retail fraud is available from Financial Fraud Action at http://bit.ly/10Dz5I3
If you are a victim of fraud
Once fraud strikes it is important to act quickly: report the matter to the police, Companies House, the bank, suppliers and a solicitor. Urgent repair of a credit file must be effected through credit agencies (above). Credit files are available for a fee (2 [pounds sterling] for an individual; market rate for businesses). Where information has been compromised, those affected should be told so that they can take appropriate measures.
Perform an initial threat assessment
Resolving fraud requires knowledge of the position before action can be taken. A threat assessment enables the practice to analyse the available evidence and to answer: How has the fraud happened? How much money is likely to be at stake? Who could be involved? And, is the business still at risk?
Appoint a case controller
One individual must have daily operational control of the case, supervising the investigation, and liaising with advisers, stakeholders--for example, the banks--and the police.
Have a game plan
When devising a strategy, it is important to consider whether to involve the police, the likelihood of recovering funds, and the extent to which stakeholders should be informed.
A police investigation generally only follows a formal complaint, which in turn requires careful thought. From a commercial perspective, a police investigation will inevitably place burdens on staff. However, the decision may be swayed by an insurer's requirement that the fraud be reported to the police before any claim can be settled.
There are three options when considering recovery: a claim on insurance, recovery from the fraudster, or recovery from third parties.
If the practice has 'fidelity insurance,' the most likely recovery option will be via this route. However, many insurers require claim notification within a specified time limit and that the matter be reported to the police. In terms of management time, an insurance claim should not be regarded as an easy option.
A civil recovery action against a fraudster requires action to locate and seize assets before they can be hidden. However, fraud committed to support a flamboyant lifestyle is unlikely to lead to any real assets or recovery and could be a fool's errand.
You may be able to recover your loss from third parties, including auditors who may have failed to identify a major fraud, and banks through which the stolen funds were passed. However, pursuing this type of claim can be extremely costly.
Don't let the tail wag the dog
It is all too easy to allow a fraud to absorb the management with the result that the investigation is superbly well managed, but that the trading business suffers; remember that the purpose of appointing a case controller is so that everyone else can focus on the running of the business.
VIEW FROM THE HIGH STREET
David Shannon, independent optometrist and former AOP chairman, has seen his fair share of shady business coming in and out of the practice.
Speaking to OT, Mr Shannon explained: "Like in most businesses, it feels like there is a lot of fraud about. Many of us may have the loyal customer who we trusted to drop in their balance, only to find out that they have apparently disappeared off the face of the earth. Or, my favourite: the woman who gets up from her seat in the practice to go and tell a patient in the process of booking an appointment that if she says she has a family member with glaucoma, the sight test is free. No, it isn't, someone is paying.
"Occasionally the brazen cheek defies belief. A local business owner came in to my practice with a new frame for glazing, branded with my practice's name. When challenged, in the manner of Vicky from Little Britain, it turns out that they swapped the pair for a Westlife CD.
"What can you do? Be vigilant, put in systems and expect to be surprised."
|Printer friendly Cite/link Email Feedback|
|Date:||Sep 6, 2013|
|Previous Article:||Sisters are doing it for themselves.|
|Next Article:||Clinical decision-making: contact lenses, part 2.|