How to protect your business from internal, external and data security fraud

Fraud is a crime that hides in the shadows. The adversaries often go to great lengths to cover their tracks, and businesses may not realize what they are up against, making it difficult for them to fight it and protect their assets.

“Ninety-nine percent of the time, clients either don’t realize it or don’t adequately address it,” says Michelle Thompson, vice president of fraud risk with FirstMerit’s Merchant Bankcard Division.

Most business fraud involves misuse of credit or debit cards through internal fraud, external fraud and data security fraud — and it may happen more often than you realize.

Smart Business spoke with Thompson and Susie Brindza, director of FirstMerit’s Merchant Bankcard Division, about the steps you can take now to help protect your business.

How does internal fraud typically occur?

One of the most common forms of internal fraud is embezzlement involving credit cards. A company employee processes a return for a purchase that was never made, and the money is credited to their personal credit card.

Business owners don’t want to become overly cynical and suspicious, but so many times when this type of fraud happens the embezzlement comes from a tenured employee who was trusted with the books, such as bookkeepers, accountants or other employees with opportunity and motive.

What can companies do about this?

To discourage internal fraud, it is important to have a second person review transactions. That second set of eyes tells people they are being monitored. Just by viewing the statements, you can see if there are returns being made with no offsetting purchases.

Also, another best practice is to password-protect all company bankcard accounts and closely monitor who has access.

What are common forms of external fraud, and how can businesses guard against it?

External fraud often strikes in the form of illegitimate orders or payments by parties who have illegally obtained someone else’s credit card information.

Different billing and shipping addresses could signify a fraudulent order. Typically, you want those addresses to be the same. It doesn’t always mean it’s a bad transaction — a customer could ship a gift to someone who lives out of state and bill it to his or her credit card and there is no problem. But you should look more closely if the bill-to and ship-to addresses don’t match.

A credit card authorization request only verifies the credit card number is legitimate and there are sufficient funds at that time to process the purchase. An authorization does not check names or addresses for matches, which is important for merchants to remember.

In addition, pay extra attention to shipping addresses. If you see addresses in New York, New Jersey and Florida, while there are plenty of legitimate businesses in those states, you should be cautious. These are some of the most common states criminals will utilize to transport items out of the country.

What’s important to keep in mind about data security fraud?

If you don’t take adequate steps to ensure your firewall and encryption software are effective, you run the risk of hackers stealing the 16-digit card numbers off your hard drive from that unsecure location.

Data thieves also can take advantage of system vulnerabilities during a transition such as when a card authorization is in progress between the merchant and bank. Be certain you have high security standards in place for protecting data and that you’re monitoring everyone to be sure they’re following the standards.

By taking the right preventive measures and being aware of fraud trends by talking to financial experts, you can minimize the risks to your business and limit the opportunities for criminals to steal your funds and information.

Insights Banking & Finance is brought to you by FirstMerit Bank