How to protect your business from internal and external fraud Featured

8:00pm EDT May 26, 2010

Business owners tend to think no one can steal from them, however fraud occurs every day.

“Businesses are folding for one or two bad decisions,” says Julie Bachman, a merchant bankcard banker at FirstMerit Bank. “You thought that sale going to Africa was going to be good. Well, guess what -— now you’re bankrupt.”

You can’t afford to just take it for granted that a transaction is legit, that your controller is not stealing from you or that your employees are telling you the truth about not having felony charges. Now more than ever, executives must take ownership of their businesses and take the necessary steps to prevent fraud.

Smart Business spoke with Bachman about how to protect your business from internal and external fraud.

How do criminals target merchants for external fraud?

Merchants can open themselves up to external fraud unwittingly. Many merchants force themselves to believe a transaction isn’t too good to be true. Lo and behold, two months later they get a call that says they have a $12,000 chargeback. They are out the product and out the money.

Criminals focus on U.S. merchants quite often to fraudulently ship products all over the world. Merchants need to learn fraud awareness. Their bank should teach them how to recognize and spot those types of situations to prevent them from occurring.

How does internal fraud happen?

Most merchants have a terminal for processing credit card transactions. You swipe your card and the money moves within seconds. That means employees can use the terminal to process a fake return instead of a sale and swipe their own credit card, ‘returning’ as much money as they choose to their personal account. In the old days, bank tellers would come to work, clean out their drawer, go to lunch and never come back. Now there’s an electronic way to do it.

If you don’t have controls in place and if there is no oversight, that transaction is done with no questions asked.

It takes more work than issuing fraudulent transactions, but creating fake invoices is a major way for those in positions of authority to commit internal fraud. Someone who has the motive and opportunity can find a template online for invoices and create a company. They might even create a fake checking account, or even register with the state to make it look legitimate. Then they’ll submit the fake invoice for payment at their own company and approve it.

How can businesses reduce the possibility of internal fraud?

Typically, if a company has one person doing the accounting. Without a second set of eyes to review what has been done, you have a huge gap and an opportunity for embezzlement. You can see why: there is no oversight.

You don’t have to spend a nickel to correct this gap. If you just add another set of eyes to certain tasks, the perception that you’re watching for embezzlement is a deterrent. Create a check and balance of some sort without hiring additional staff.

The prime suspect in situations of internal fraud is typically someone with longevity: senior, tenured people, because they know where the holes are. They know who pays attention and who doesn’t, and what they pay attention to. Just remember that your employees are ultimately human beings and some might not hesitate to take an opportunity when it presents itself.

One way to help prevent internal fraud: if you’re getting a bad feeling about an employee, do a Google search on them. You’re not invading their privacy; this is your company. It can prove to be invaluable down the road. There is a fine line with privacy, however don’t just assume that nothing has changed during the 10 years since you hired someone.

How can merchants reduce external fraud?

Merchants should work with their bank to train their sales force to recognize external fraud. They take the orders, make the quotes, orchestrate the shipments and deal with a client from start to finish. The bank’s fraud expert will focus the most attention on them and explain the fraud terms they will see. Almost 99 percent of the time, a fraudulent transaction will have one if not many red flags.

What are some red flags that could be signals of fraud?

An immediate red flag is getting an e-mail out of the blue from someone with broken English asking if you can quickly ship outside the U.S. They always want you to hurry. And it will always be a larger order than the client is used to.

Salespeople, especially if they are on commission, will think it’s a great deal. They will unwittingly comply. When it comes time for payment, another red flag is when you’re given multiple credit cards.

A legitimate customer is not going to have 17 VISA cards in their wallet, all issued from the same institution. These criminals have purchased a block of card numbers on the black market. Typically, the first eight to 10 numbers will be identical. Only the last few will vary. You’ll know this is the same issuer because the first series of numbers tells who the bank is. No one person is going to have that many cards. No bank is going to issue that many cards to one individual or entity.

An initial credit card decline is another important red flag. If the customer presents multiple cards and asks you to split the transaction evenly among those cards -— that’s another red flag. What they are trying to do is keep each transaction low enough to evade the issuer’s fraud monitoring system. So, if the total order is $10,000 and they want to run $2,000 on each card, they are trying to keep that transaction under the radar. Their goal is to get those cards billed and receive the shipment of product before the cards are blocked and shut down.

Julie Bachman is a merchant bankcard banker at FirstMerit Bank. Reach her at or (614) 545-2783.