The True Price of Fraud for Business
What is Business Fraud?Business fraud can occur once and cost a company millions or take place over years with the same result. A savvy employee with the right credentials can embezzle funds through fake payroll, falsified inventory records or other means.
According to the Association of Certified Fraud Examiners 2022 report, the typical fraud can last up to 12 months and cost an average of $117,000. Industries with the most reports of corporate fraud include construction, real estate and utilities.
Fraud can begin from within or without a company, from employees, customers, or suppliers. It most commonly occurs with employees working in operations, accounting, sales and upper management.
Different Types of Fraud in Business
1. Asset MisappropriationAs the name suggests, asset misappropriation happens when an employee takes or misuses company assets for their gain. This type of fraud can look like simple theft or abuse of company goods or services. For instance, an employee uses company equipment for their personal use even if they never actually steal it.
If the fraudster is clever, asset misappropriation can happen again and again until proper controls, such as strong asset and inventory management, are put in place. A company doesn’t have to be large to be a victim.
2. ForgeryForgery often appears as falsified business or financial records. An employee may create fake records over time and use them to steal funds. They may also falsify official badges or identification to steal property or goods.
3. Inventory TheftStealing goods for resale or personal use is known as inventory theft. Employees may accomplish this by changing inventory records or claiming to have lost documentation and receipts.
Scammers can also come from outside a company. Business account fraud happens when a hacker gains access to bank accounts through malware, fraudulent emails (also known as business email compromise) or other means. They may try to make unauthorized purchases or transfers before account credentials are changed.
4. Account Fraud
5. Payroll FraudEmbezzlement of company funds using the company payroll is called payroll fraud. An employee can steal funds by way of falsified timesheets, issuing unauthorized bonuses, or paying fictitious or terminated employees. Companies can even commit payroll fraud by misclassifying their employees to the IRS.
6. Cash TheftAlso known as skimming, cash theft can occur a few dollars at time. This fraud is most common in a business that deals with a lot of customer payments in cash, such as restaurants and food carts. In some cases, a business owner will skim cash, since doing so reduces the reported profitability of the business, and therefore its income tax liability.
7. Credit Card ScamsBusinesses that hand out company credit cards for incidentals must keep a close eye on receipts and statements. An employee might be tempted to swipe their company card for something not related to their job. If they successfully submit an erroneous expense report, they may continue the practice.
Business email compromise is a type of phishing scam in which fraudsters try to hack, spoof or impersonate business email addresses. They may change one letter or number in a familiar email address to make their scam appear legitimate.
8. Business Email Compromise
How to Protect Yourself from Business Email CompromiseScammers send emails to employees, often those in payroll or accounting, in an attempt to gain credentials or convince someone to send a fraudulent wire.
How Can Businesses Protect Themselves from Fraud?There are steps business owners can take to prevent fraud, allow employees to report suspicious activity and discourage would-be scammers.
Educate and EmpowerEducate employees about signs of fraud and proper ethics for your specific industry. Remind them that fraud can affect them all, not just the person committing the fraud. Loss from fraud could impact the company’s bottom line, place the company in a bad public light and create a stressful work environment, just to name a few effects. Create a safe space for them to report tips. An anonymous system such as a hotline or a website may work best.
Division of DutiesThe same employee should not tally receipts, prepare the deposit slip and bring the deposit to the bank. If multiple people are handling these jobs, this could help reveal discrepancies in the collections that point to embezzlement.
Perform Surprise AuditsA scheduled audit could give a fraudster time to cover their tracks. Performing a surprise check on operations and bookkeeping, however, may catch irregularities that signal embezzlement or another type of fraud.
Know Your MoneyDo your best to understand how money goes in and out of your business. Know the details surrounding methods of payment, who has authority to make those payments, and what steps are in place to ensure payments are legitimate.
Documentation and Internal ControlsProper documentation allows a business owner to verify deposits, cash totals, and more. Another step is to consecutively number all checks, purchase orders and invoices. Use “for deposit only” stamps on all incoming checks, require two signatures on checks above a specified dollar amount and avoid using a signature stamp. Be Vigilant Fraud can come from outside a business, too. If you receive a deal from a new vendor that seems to be too good to be true, it probably is. Scammers could pose as a supplier to try and send a malicious virus through documents or links.
Reflect and RetoolWhen’s the last time you revised your company’s internal controls? Do you need to update them based on the latest scams and available technology? Your company may find it worthwhile to hire a professional to analyze the policies and procedures, recommend appropriate steps and assist with implementation.
About the Author: Alex Cummings is the Information Security Awareness Program Manager for SouthState, overseeing information security training and communication. He’s been with the bank for 4 years. He studied computer information systems at the University of South Carolina, where he started the Cyber Security Club and was recognized in several regional and national competitions.