Experts on fraud estimate the typical organization loses 5 percent of its yearly revenues to various types of fraud. If 5 percent sounds high to you, then consider yourself fortunate—but never make the mistake of presuming your business is immune.
Many business owners fail to realize how devastating fraud can be, both in lost revenues and related fallout such as reputation damage and recovery costs. The estimate of 5 percent average yearly losses due to fraud comes from survey responses gathered from Certified Fraud Examiners in a 2016 report issued by the Association of Certified Fraud Examiners (AFCE).
Consider, too, this conclusion from the 2016 AFCE study: “Small organizations had a significantly lower implementation rate of anti-fraud controls than large organizations. This gap in fraud prevention and detection coverage leaves small organizations extremely susceptible to frauds that can cause significant damage to their limited resources.”
You can’t prevent fraud attempts, but you can reduce the risk. In this case, “an ounce of prevention is worth a pound of cure,” because dealing with fraud after the fact is often fruitless. Even if the perpetrator is caught, you may never get your money back.
Smaller businesses may not be able to afford sophisticated fraud-detection systems, but the good news is that basic anti-fraud controls can significantly reduce their vulnerability. From our vantage point as bankers, here are some important ways you can protect your business.
Protecting against employee fraud:
- Implement “dual controls” for all payment methods and segregate employee duties.
- Ensure employees log out of online banking sessions when not in use.
- Never store sensitive information on portable devices.
- Be sure that corporate controllers aren’t compensated based on the financial results of the business.
Protecting against check fraud—still the most common type of fraud:
- Purchase check stock from known vendors that include built-in security features.
- Store checks, deposit slips, and statements securely.
- Establish a policy for employee check orders and reorders.
- Reconcile accounts daily using online banking.
- Move to ACH (Automated Clearing House) for payroll, billing and vendor payments.
Protecting against electronic payments fraud—avoid malware and “phishing”:
- Dedicate separate computers for Internet browsing and online banking access.
- On computers used for banking, block plugins and popups.
- Keep your software up to date.
- Change employee passwords frequently.
- Use Positive Pay (an electronic system for comparing cleared items with a file of known issues) and ACH debit filters and blocks to identify suspicious transactions.
- And—same as in preventing check fraud—reconcile your accounts daily online.
More generally, establish robust policies and procedures that govern your entire payments process—including prompt reporting of any suspicious transactions. It’s important to identify suspicious activity quickly; many bank account agreements include time limits on fraud reporting.
To help keep your business safe, work with your bank’s treasury management department to ensure appropriate fraud-prevention methods are in place.
Also, work with your bankers and insurance providers to explore whether a cyber insurance policy—which protects against electronic fraud damages—is a fit for your business. While these policies represent an additional cost, we have personally seen their value in recouping losses after fraud.
Ask an experienced banker about his or her exposure to fraud cases over the year. What you hear may scare you! — and that’s a good thing. By understanding the all-too-real risks to your business, you can help prevent the “typical” average losses of 5 percent of annual revenues to fraud.