This document provides an overview of fraud risks facing small businesses and recommendations for protection. It begins by defining who pays the costs of fraud, such as higher prices and lost revenues. Small businesses are particularly vulnerable due to lack of security and preparation. Common fraud risks include check fraud, credit card fraud, cybercrime like phishing, and internal fraud. The document recommends proactive measures like employee background checks, account segregation, cybersecurity practices, and training to combat these fraud risks. Resources for small businesses to learn more are also provided.
6. Who Pays for Fraud?
• We All Do
– Higher prices for goods & services
– Higher interest rates
– Lost time & Resources
– Reputational Risk
• Target, Home Depot breaches
6
7. Sobering Statistics
• 5% of All Revenues are lost to fraud*
• World wide $3.7 trillion lost in revenues*
• Companies with<100 Employees are particularly vulnerable*
• Small businesses make up 31.8% of fraud, highest
percentage of any business category*
• Median small business loss of $155K vs. $120K loss for larger
businesses*
– *Source: Association of Certified Fraud Examiners (ACFE)
– **Bureau of Justice Statistics
7
10. Opportunity
• Employees may yield to temptation when
faced with personal financial stress
• Ex. Drug, Divorce, Gambling
• 87% of perpetrators have never been
charged with or convicted of a fraud
related offense
10
11. Rationalization
• Many people rationalize fraud by telling
themselves that they will only “temporarily”
borrow the money and eventually return it
• Attitude created by management or
owners can create rationalization.
11
12.
13. Why are small businesses a target?
• Lack of security
• Longer shelf life
• Lack of preparation
• Unaware of the risks
13
14. Check Fraud
• 82% business owners indicated that checks were
targeted at their companies*
• Checks were the payment instrument with the highest
average value of unauthorized transactions in 2012**
• The average unauthorized check transaction was $1,221
in 2012**
*2014 AFP Payments Fraud and Control Survey by JP Morgan
**Federal Reserve Payments Study
14
16. How do I Protect My Business from
Check Fraud?
• Destroy unused checks from closed accounts
• Separate responsibilities for employees handling
checks
• Verify and reconcile bank statements and
transactions frequently
• Store check stock in secured and locked area
16
17. Small Business Credit Card Fraud
• 43% of financial business owners were exposed
to debit / credit card fraud attacks in 2013*
• Credit / Debit cards were the payment
instrument with the second highest average
value of unauthorized transactions in 2012*
*2014 AFP Payments Fraud and Control Survey by JP Morgan
17
18. How do I Protect My Business from
Credit Card Fraud?
• Starting October 2015, merchants must upgrade
their systems to “chip and signature” aka EVM
• Companies who fail to adopt EVM will be held
liable
• Laws transfer the risk to the business owner
from the banks
18
19. How is the Chip Card Method More
Secure?
A unique one-time code is generated behind the scenes that is needed for the
transaction to be approved, a feature that is very difficult to replicate in a
counterfeit card.
19
20. Cyber Crime
• 83% of Small Businesses have no formal measures
against cyber threats*
• About 50% of all attacks are aimed at Small
Businesses*
• 44% of fraud incidents involved cybercrime in 2013 and
2014**
• Courts seldom hold banks liable for cyber attacks,
burden of responsibility is on business owner to protect
themselves
• *Forbes Entrepreneurs
• **Price Waterhouse Cooper
20
21. Types of Cyber Crime
• Phishing
• Spoofing
• Corporate Account Take Over
• Theft of sensitive information or client
information
• Theft of intellectual property
21
22. Phishing Emails
• Emails that appears to come from a legitimate business
requesting “verification” of information and warning of
some adverse consequence if it is not provided
• The email usually contains a link to a fraudulent web
page
22
25. Spoofing
• A malicious party impersonates another device
or user on a network in order to launch attacks
against network hosts, steal data, spread
malware or bypass access controls
• Most commonly done by hacking an account
and making it appear as though an email came
from a legitimate source
25
26. Target Hacking Incident
• Target HVAC sub-contractor was hacked
• Hackers installed malware onto the contractor’s computer, who had
access to Target computer system
• Hacking software was actively collecting data from live customer
transactions at Target
• Hackers stole the credit card numbers and other personal
information of up to 70 million customers.
• Target agreed to a $39 million settlement with several U.S. banks*
*Money.cnn.com
26
27. How Do I Protect My Business
from Cyber Crime?
1. Identify and shape up weak points
2. Designate a banking only computer
3. Back Up Information
4. Educate Employees
5. Get Insured
27
28. How Do I Protect My Business
from internal fraud?
• Institute Policies to segregate accounting
duties or outsource functions to 3rd parties
• Conduct background checks/review credit
history before hiring employees with access
to cash or accounting duties
• Dual Signatures for payments over a certain
threshold
28
29. How Do I Protect My Business
from internal fraud?
• Vacation Policy
• Positive Pay
• ACH Blocks/Filters
• Migrate payments to Purchasing Card Platform
• Code of Conduct/Policies in place
• Employee Assistance Program for those
struggling with emotional, health or financial
issues
29
30. Combating Business Fraud
1. Be Proactive
2. Establish Hiring Procedures
3. Train Employees to identify fraud
4. Conduct Regular Audits
5. Call in an expert
30
31. Strike Back!
• The IRS considers embezzled funds as
income. Failure to report it constitutes tax
evasion.
• Issue 1099 to perpetrators
31
32. Resources
• Your Financial Institution
• Your CPA
• www.abagnale.com
• www.irs.gov
• www.sba.gov
• www.aicpa.org
• www.forbes.com
• www.bankofamerica.com
• Association of Certified Fraud Examiners (AFCE) www.acfe.com
• www.visa.com
• www.pwc.com
• www.jpmorgan.com
32
34. Certificate of Completion
This Certifies That
___________
Attended the 2 Hour Seminar
Small Business Fraud
________ _________
Date Presenter
*Note: It is the primary responsibility of each licensee to fulfill the requirements of the law (CPE) and to be able to document, to the Board’s
satisfaction, such fulfillment. All active licensees must maintain, for 4 years, records sustaining (proof of attendance, course outline & expertise
of instructor) the continuing education credits claimed by them as a prerequisite for renewal of their license. For more information PLEASE refer to
Continuing Education Policies from the State Boards (410) 333- 6322
34
Editor's Notes
Opened since 1951
Field of Membership originally State Employee’s; Has expanded so nearly all of Maryland can qualify for membership
All products and services of a traditional bank, including online, mobile, ATM network, deposit and loan products, business banking
Core Values: Service, Education, Commitment, Understanding
Mission: Promote the financial well being of those we service
If employees believe management has unfair compensation or benefits, they will assume the company can do away with a “small amount”
Lack of security
Often do not have anti-fraud practices in place.
Longer shelf life
Takes a long time for consumers to become aware a small business has been hacked, resulting in longer usage by hackers of consumer information.
Small businesses often do not reconcile bank statements in a timely manner.
Identify and shape up weak points
Take time to come up with complex passwords and change them regularly
Do not use same passwords for all or most accounts
Designate a banking only computer
Computers not used for other activities such as email or web surfing are much harder for hackers to gain access to.
Review bank transactions daily to detect fraud in real time
3. Back Up Information
Cyber attacks can contribute to lost of data as well as money
Ex. Cloud Computing, Drop Box, Carbonite
4. Educate Employees
Negligent employees are the most common cause of data breaches
Be Proactive
Establish Anti-fraud Hotline
ACFE found that roughly 42% of fraud cases reported were via hotlines
Anti-fraud policy and code of conduct
Implementing systems that actively monitor and analyze company data
5. Call in an expert
Enlist the expertise of a Certified Fraud Examiner