Tips on identifying and reporting fraud in your organization

Fraud happens in businesses of all types, sizes and levels of sophistication. Though it can occur at any level of an organization, fraud more frequently happens at the management level or above. A 2014 report by the Association of Certified Fraud Examiners (ACFE) found that 36 percent of those who committed fraud were mid-level managers. Most were male and 87 percent were first-time offenders.

“Upper-level employees are more likely to be entrusted with sensitive information and may be able to override controls,” says J.W.Wilson, CPA, a partner in accounting and auditing services at Clarus Partners. “However, having a profile of a common perpetrator isn’t enough for an organization to stop fraud.”

Smart Business spoke with Wilson about fraud, its effect and what organizations can do to detect and mitigate it.

What are the more common types of fraud and what can they cost an organization?

There are two categories of fraud that are most common: misappropriation of assets and misstatement of financial statements. Asset misappropriation is a scheme through which employees steal or misuse an organization’s resources — for instance, false billing, inflated expense reports or outright theft of company cash. Misappropriation of assets is the most common, but it’s the least costly, averaging around $130,000 per loss.

Financial statement fraud is a scheme through which employees intentionally cause a misstatement or omission of material information in the organization’s financial statements. That could mean recording fictitious revenues, understating expenses or artificially inflating assets. Though financial statement fraud is the least common type of fraud, it’s the most costly, averaging $1 million per loss.

In general, fraud costs businesses in the U.S. billions of dollars each year. Typical acts of fraud costs businesses between $10,000 and $500,000. But in addition to costing businesses money, fraud also hurts productivity and company morale. Fraud can damage the reputation and customer relationships of the business, which can take significant time and energy to repair.

How is fraud typically detected?

Most often fraud is detected by an employee of the organization who then reports the fraud to someone internally.

Because staffers are most likely to identify and report fraud, it’s a good idea to put in place a fraud hotline or reporting system. In making employees aware of the hotline, consider communicating to whistleblowers that they will be protected from any reprisal, and that they could earn a financial reward if they’re willing and able to give useful information to law enforcement.

What are internal control reviews?

An internal control review is an overall assessment of the internal control system and the adequacy of that system to address the risks of the organization. They can highlight weaknesses in a company’s internal control structure or expose processes that could be strengthened to maximize efficiency. Detailed recommendations would be given to help mitigate risk or strengthen areas of identified weakness.

Most often, a company’s board, the owner or CFO requests internal control reviews. But it’s a good idea to perform a review every three to five years or more often if there is significant change in the company.

What should companies do once they have the results of their internal control review?

Management should work to implement the recommendations pulled from the findings of the internal control review and ensure that they are in place. Going forward, management should regularly communicate reminders of policies and procedures to the company, and periodically review the procedures and check that they are consistently being followed.

Research by the ACFE indicates that the typical organization loses 5 percent of revenues each year to fraud. While that 5 percent is certainly a chilling average, consider that the median losses from fraud for businesses with less than 100 employees are around $147,000. A loss of that size could be devastating for a midsize business.

Companies should understand that fraud could happen anywhere. Strong internal control policies and procedures are the best way to help minimize this risk.

Insights Accounting is brought to you by Clarus Partners

How to set a tone at the top to stop fraud in its tracks

Mark Van Benschoten, Principal, Rea & Associates

Mark Van Benschoten, Principal, Rea & Associates

Fraud costs companies about 5 percent of revenue, totaling about $3.5 trillion internationally, according to a 2012 report by the Association of Certified Fraud Examiners.

“It can have impact beyond the initial financial loss,” says Mark Van Benschoten, CPA, a principal at Rea & Associates. “Fraud damages the reputation of a business, which could lead to a loss of revenue and loss of jobs; there can be a spiral effect.

Stopping fraud is about protection of the corporate entity.”

Smart Business spoke with Van Benschoten about fraud and how companies can protect themselves.

What are ways that employees commit fraud?

Some of the most common fraud happens because of inadequate segregation of duties, not communicating consequences, employee turnover, crisis conditions and poor communication. However, there are so many specific ways fraud is committed. Actually, employees who are determined to steal find new ways all the time to try and bypass a company’s systems.

What should a business tell its employees about fraud?

It’s important to set the tone about fraud from the top. Employees will react to the tone of the business owner. They may also read an owner not taking a stand on fraud as a signal that it’s OK. Business owners and management have to make it clear that they take fraud seriously and it will not be tolerated; they want to hear about what’s happening in the business. Consider putting an ethics hotline in place so your employees can anonymously report what they see.

A hotline sounds like Big Brother watching, is it?

An ethics hotline is one of the most cost-effective means of combatting fraud. In fraud cases where there is a hotline in place, the average loss is $100,000. Compare that to a company without a hotline and the amount rises to $180,000.

It’s not a matter of tattling on a co-worker. It’s about job creation. It’s about protecting the corporate image. The amount stolen from a company is one thing, but the potential losses that could happen from the negative impact on a business’ image could be devastating. This gives employees the opportunity to protect their jobs as well as those of the other honest people they work with.

There are other benefits, too. For example, if someone at a company uses a forklift in an unsafe manner, any employee that witnesses the situation can call the hotline to report it anonymously. Management can then rectify the situation and avoid a costly accident.

If a company has an audit, isn’t that enough to catch fraud?

Audits are not specifically designed to catch immaterial fraud. Audits do provide reasonable assurance about the presentation of the financial statements in coordination with Generally Accepted Accounting Principles. No auditor can, or will, guarantee that an audit will catch any case of fraud.

In most cases, someone has to speak up internally for fraud to be discovered. An outside auditor is only there once or twice a year, and his or her job is to ensure there is good financial reporting.

What other steps can companies take to prevent fraud?

It’s important that businesses have good internal controls in place. In situations where the owner is very involved with every aspect of the business, different checks and balances would be needed than in instances where the owner is hands off. With internal controls, you have to weigh costs versus benefits. It’s about how much you’re willing to pay to manage risk. You wouldn’t spend $11,000 to save $10,000.

It would be nice to say ‘do these three things and you’ll be protected,’ but there is no one-size-fits-all solution. Preventing fraud is about limiting opportunity, having good internal controls and making sure employees understand that fraud will not be tolerated by anyone — from the top down.

Mark Van Benschoten, CPA, is a principal at Rea & Associates. Reach him at (614) 889-8725 or [email protected]

Learn more about implementing an ethics hotline at

Insights Accounting is brought to you by Rea & Associates

How to avoid surprises by keeping a close eye on operations at all times

James P. Martin, Managing Director, Cendrowski Corporate Advisors LLC

James P. Martin, Managing Director, Cendrowski Corporate Advisors LLC

One of the primary functions of management is to understand what is actually going on in an organization, as opposed to what is supposed to be happening. However, for monitoring to be truly effective, there must first be good communication, a culture that promotes ethical behavior and a solid understanding of the particular organization’s risk factors.

“Organizational monitoring is not just about protecting a company from fraud,” says James P. Martin, CMA, CIA, CFE, managing director at Cendrowski Corporate Advisors LLC. “Monitoring systems can help ensure quality, that customer needs are being met and that the company is doing everything else that is necessary to achieve its goals.”

Smart Business spoke with Martin about how management can understand what is truly going on within the business.

What are the steps to an effective organizational monitoring plan?

First, the company must clearly define its goals. What is it trying to accomplish and how will it accomplish those goals? Second, what risks does it face? What can get in the way of the company accomplishing those goals? Third, what type of early warning system does the company need? How will it know if and when a risk has occurred or if someone has not performed as expected?

What impacts are electronic monitoring systems having?

Electronic monitoring systems have been around awhile but are drawing increased attention now with more severe penalties and potential outcomes for violations under Sarbanes-Oxley. Electronic monitoring systems are similar to a car’s dashboard. When trigger points, predefined events or hurdles are detected, ‘warning lights’ appear on the manager’s desktop.

While electronic monitoring is useful, it cannot — and should not — replace human involvement. The most important thing managers can do is be involved with operations on a day-to-day basis by walking around and talking with employees, holding regular meetings, receiving regular reports and phone calls, etc.

How are trigger points identified?

An organizational assessment of risk will help management identify areas that have more robust monitoring needs. Examples might include finance, everything related to potential issues arising with cash, or vendor management, such as notification every time a vendor’s address changes. Triggers also can monitor quality metrics, supply chain issues, personnel issues, etc. The system should be proactive so that management can address issues before they get out of control, preventing a crisis management situation.
It’s important to note that a monitoring system is more holistic than the definition of trigger points. The single biggest factor is people — what they will do in a given situation. The overall culture needs good communication systems and a clear understanding of management expectations.

Monitoring techniques need to continuously adapt to consider potential changes in behavior. There are a lot of examples of companies that had defined monitoring procedures, but creative people were able to identify and exploit areas that were not considered in those procedures.

How do private equity firms monitor the activities of the companies they invest in?

Private equity firms have to monitor the operations of the portfolio companies, not to the extent of detail that internal management does, but they do need to define risk. These companies have expectations, and if they identify certain events on the horizon, they can be prepared to take certain actions. Like the companies they monitor, private equity firms also must define their own particular trigger points.

Any tips for improving a system?

Make sure you’re monitoring the right areas. There may be areas you’ve historically monitored that have now changed, which is where the internal audit function comes in. The board’s audit committee must understand what is critical for the upcoming year. In examining the ‘audit universe’ — the model that defines every auditable event within the organization — areas of risk are identified, and then prioritized for audit. It’s management’s responsibility to determine how many resources to invest in each given area of risk.

James P. Martin, CMA, CIA, CFE is managing director at Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or [email protected]

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

How using forensic investigative tools in an acquisition can detect fraud

Michael Maloziec, Accountant, Cendrowski Corporate Advisors LLC

Michael Maloziec, Accountant, Cendrowski Corporate Advisors LLC

Many companies undertake an acquisition using only a financial due diligence process. However, for a greater chance of detecting potential misrepresentations, companies need to incorporate forensic investigative tools into their standard due diligence process.

“Forensic techniques will help point out and isolate areas of potential fraud as well as any irregular or suspicious activity,” says Michael Maloziec, an accountant at Cendrowski Corporate Advisors LLC.

Forensic analysis during the due diligence process can uncover accounting improprieties that could overinflate the value of a target company. Performing these two services together will give increased assurance that projected performance is achievable, Maloziec says.

“Adding in forensic analysis is a crucial step toward assuring your acquisition is successful. It can allow you to see past ‘closed doors’ into areas you might not think to look,” he says.

Smart Business spoke with Maloziec about forensic techniques and their benefits during the acquisition process.

How large of a role can fraud play?

It’s huge. The Association of Certified Fraud Examiners Report to the Nations found a typical organization loses some 5 percent of its revenue to fraud each year. Even though that does not sound like a significant number, when applied to the Gross World Product, this figure translates to a potential projected annual fraud loss of more than $3.5 trillion.

What are some caveats to keep in mind?

Companies will always showcase their business in the best possible light. Managers will ‘polish the apple’ so to speak. Bear in mind the sales numbers might be misstated, which can overinflate the value of the company. Also, companies will not disclose everything, so it is important to proceed forensically during your due diligence process. Always be aware of potential manipulation in reserves and estimates. Reserves are one of the most common areas for fraud to occur because it is under management’s discretion. These caveats will help you recognize and point out areas that raise red flags.

How can you protect yourself from fraud?

One method is to look behind the numbers. You should always carry a certain sense of forensic skepticism and never make assumptions during any part of the due diligence process. Be sure to ask questions that will dig into transaction details and note any instances that provoke uncertainty. Don’t forget about applying simple common sense. Ask yourself, ‘Do the numbers flow with the current business plan that is set in place? Do management’s representations make sense?’ You can also utilize a number of analytical tools to spot any anomalies.

What analytical tests should be performed?

A great way to start would be to forensically analyze the financial statements over the past few years. During analytical testing, it is important to review current and past events in order to isolate anomalies from known events. You can utilize a variety of different ratio analyses, which can be an excellent tool in detecting red flags. Ratio analysis measures the relationship between various financial statement amounts and tracks how past numbers are trending with current results. To gain some perspective, compare company financial information to similar industries that hold the same standards, such as size, geography or sector. There are also numerous computer software programs that will assist in narrowing the scope and provide the capability of recognizing potential fraud.

How should a company approach this issue?

Start by assessing the business processes. Processes provide guidance to employees and assure accurate reporting. Acquirers need to review and understand the capacity and capability of their target organization. As part of the due diligence process, the acquirer should examine the current processes and identify any weakness or holes that could allow for erroneous or unauthorized transactions. A great method to gain insight would be to perform an internal risk assessment, which can help identify industry risks that might not be so obvious. This allows managers to zero in on areas that might be susceptible to potential fraud before they become a problem.

Michael Maloziec  is an accountant at Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or [email protected]

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

Economic factors are still driving fraud activity at businesses of all sizes

Jason Buhlinger, Supervisor, Financial Advisory Services, Brown Smith Wallace LLC

When times are tough, the temptation for employees to dupe the system and steal cash or assets increases. The economy is a key driver in fraud activity, and over the last several years, organizations of all sizes have been victimized.

So is the fraud environment improving now that there’s news of an uptick in the economy? Not yet, says Jason Buhlinger, a supervisor in financial advisory services at Brown Smith Wallace LLC, St. Louis, Mo.

“While there may be signs of the economy getting a little better, people still feel uncertain — and as long as that feeling is in the back of their minds, there is motivation and a rationalization to steal,” Buhlinger says.

Companies are running leaner, which means there is less management oversight at some firms, and others have eliminated internal audit personnel. One person may be doing the job of two or more employees, so the work force is spread thin. And that may mean that no one is watching should an employee decide to commit fraud.

“Imposing internal controls becomes harder to accomplish with less staff,” Buhlinger says.

Now is not the time to let your guard down as a business owner.

“The longer the economy trickles along, we’ll continue to see people who are looking for easy ways to get cash,” Buhlinger says.

Smart Business spoke with Buhlinger about the types of fraud being committed and how to establish strong internal controls to protect your business.

What specific economic factors drive individuals to commit fraud?

The recession began in December 2007, and at one point, the Dow Jones Industrial Average was down as much as 50 percent. People had to become more frugal. Those who planned on retiring early had to re-examine that goal as they watched their investment savings dwindle. And home prices dropped significantly in some areas of the country.

All of a sudden, the asset values that many people counted on were gone and they had to figure out a way to supplement that. This is where the fraud triangle comes into play — opportunity, rationalization and pressure. All three of these stress points have increased in the past several years, and this continues to be the case.

As long as people feel a sense of economic uncertainty, that can evolve into rationalization and pressure to find more money somehow. When the opportunity to commit fraud presents itself, rather than taking the higher moral road, as they might in better times, they justify the act and take that opportunity. Your organization can’t realistically eliminate all rationalizations and pressures, but it can manage the opportunity side of the triangle.

What types of fraud are most common today?

Asset misappropriation remains the most common type of fraud. That includes, but isn’t limited to, cash theft, payroll schemes and inventory theft, to name a few. A worker might file false expense reports and pocket the cash, or take product from a warehouse and sell it for a profit.

Stealing from cash registers $20 at a time can go unnoticed if proper controls aren’t in place. Asset misappropriation tends to involve smaller amounts of money, but those dollars add up over time.

What are the components of an effective fraud awareness program?

Organizations need to take a proactive approach to prevent fraud. Owners need to be involved in the financial aspect of the business rather than passing that role off entirely to a manager. For example, we recently handled a fraud case in which a CFO had complete financial control of the company and could take whatever he wanted. If their company had implemented the critical concept of segregation of duties, it would have been more difficult for him to pull off fraud.

Segregation of duties is critical to prevent fraud, and this can be a challenge in small businesses. That’s why owner involvement is critical at every level of a business, from reviewing financial statements to checking in at the cash registers. It also helps if organizations provide a way for employees to anonymously report fraud through a tip line or even a simple suggestion box.

By keeping fraud at the forefront of your business, you will discourage those who are teetering on the edge of committing fraud. And with internal controls in place, you will be more likely to catch fraud early before it causes significant damage to the business.

How can a business be proactive about creating a culture of honesty?

It’s important to create a fraud prevention program and talk about it regularly with employees. Hold quarterly meetings to discuss fraud and internal controls. Let everyone know your organization has a zero tolerance policy. By making employees aware that fraud is on the radar and no one is going to get away with it, you decrease the rationalization and opportunity for fraud to occur.

Begin a fraud prevention program to learn what areas of your business are susceptible to fraud. A risk assessment will help you zero in on entry points for fraud so you can watch those areas carefully.

A certified fraud examiner (CFE) can help you get that fraud policy on paper, and it’s a good idea to incorporate it into your employee handbook. Secure a commitment in writing from every employee that they understand the policy and the ramifications if fraud is committed.


Jason Buhlinger, CFE, AVA, is a supervisor in financial advisory services at Brown Smith Wallace, St. Louis, Mo. Reach him at  (314) 983-1310 or [email protected]

Insights Accounting is brought to you by Brown Smith Wallace LLC

Peregrine CEO had $6.9 million in life insurance, airplane debt

CHICAGO, Mon Aug 6, 2012 – Russell Wasendorf Sr., chief executive of failed brokerage Peregrine Financial Group, had $6.9 million in life insurance and a debt on his private jet when he attempted suicide last month.

A receiver for Wasendorf, who in July confessed to stealing more than $100 million from the futures broker’s customers over nearly 20 years, detailed the value of the plane and insurance policies in a court filing on Monday and said he was preparing to unload them as assets.

Peregrine, commonly known as PFGBest, filed for bankruptcy protection on July 10, one day after Wasendorf attempted suicide by funneling tailpipe exhaust into his car. He left a note describing how he had bilked customers and fooled regulators by intercepting and forging financial statements mailed between a bank where Peregrine customer money was held and the firm’s auditors at the National Futures Association.

The receiver, whose court-appointed job is to track down and sell Wasendorf’s assets at the highest price, said the CEO held two life insurance policies with an “aggregate death benefit” of $6.9 million.

One policy, issued in 2004, had a face amount of $4.5 million, the receiver Michael Eidelman said. He is seeking to surrender it for its cash value of about $1.3 million.

Wasendorf obtained a second policy with a face amount of almost $2.2 million 14 months before he attempted suicide, but it would not have paid a benefit if he had succeeded in killing himself. The policy has no cash value and should be allowed to lapse, Eidelman said.

Eidelman did not explain the difference between the $6.9 million aggregate death benefit of the policies and the $6.7 million combination of their face amounts.

GlaxoSmithKline settles healthcare fraud case for $3 billion

WASHINGTON, Mon Jul 2, 2012 – GlaxoSmithKline Plc has agreed to plead guilty to misdemeanor criminal charges and pay $3 billion to settle the largest case of healthcare fraud in U.S. history.

The settlement includes $1 billion in criminal fines and $2 billion in civil fines in connection with the sale of the drug company’s Paxil, Wellbutrin and Avandia products, according to filings in federal court on Monday.

Deputy U.S. Attorney General James Cole said at a news conference in Washington that the settlement “is unprecedented in both size and scope.”

As part of the settlement, GlaxoSmithKline agreed to strict oversight of its sales force by the U.S. government to prevent the use of kickbacks or other prohibited practices.

GSK said in a statement it would pay the fines through existing cash resources. The company announced a $3 billion charge in November related to legal claims.

CEO Andrew Witty said GSK’s U.S. unit has “fundamentally changed our procedures for compliance, marketing and selling. When necessary, we have removed employees who have engaged in misconduct.”

The impact of fraud on organizations

James P. Martin, Managing Director, Cendrowski Corporate Advisors LLC

The Association of Certified Fraud Examiners’ (ACFE) “2012 Report to the Nation” is one study that describes the losses that an entity may experience as a result of fraud: A typical organization loses approximately 5 percent of its annual revenue to fraudulent acts.

Small businesses often suffer disproportionate fraud losses, as the “median loss suffered by organizations with fewer than 100 employees was $190,000 per [fraud] scheme, says James P. Martin, managing director for Cendrowski Corporate Advisors LLC.

“In today’s environment, companies of all sizes need to consider the risk of fraud and take proactive measures to help mitigate the risks that they face,” says Martin.

Smart Business spoke with Martin about how a to take proactive measures to protect a business and help it fight fraud.

What can companies do to help mitigate the risk of fraud?

Fraud is not a random occurrence; it happens in situations in which conditions are right for it to happen. Identifying the root causes of fraud and removing the potential for fraud is called fraud deterrence.’

There are procedures can be applied in any organization to help alleviate the growing threat of fraud.

What is fraud deterrence?

The term ‘fraud deterrence’ refers to a systematic approach to identifying and removing the causal factors of fraud; it is not simply a plan focused on earlier fraud detection. Fraud deterrence is based on the premise that fraud occurs when the conditions are right for it to occur, more specifically, in situations in which there is motive, opportunity and rationalization for a fraudulent act.

These three elements, comprising the ‘Fraud Triangle,’ are the focus of fraud deterrence, as the removal of any one of these element will reduce the opportunity for fraud to occur. In this manner, fraud deterrence centers on the premise that the causal factors of fraud can be recognized and proactively reduced in an organization.


How do the causal factors of fraud work?

It is through the implementation of strong internal controls that elements of the fraud triangle — the causal factors of fraud — are reduced. To illustrate the deterrence actions, consider a familiar example relating to fire deterrence and response:

Fire extinguisher = remediation

  • The fire has already happened.
  • Minimize the damage by quickly controlling the fire.
  • The longer the response time, the greater the damage that will occur.

Smoke detector = earlier detection

  • Earlier detection, before fumes can even be smelled.
  • Detects nothing until the event actually happens.
  • By the time the detector is activated, there has been a fire.

Removal of causal factors = deterrence

  • Removal of flammable materials
  • Removal of sources of ignition (e.g. not allowing smoking, flammables away from a flame source such as a water heater)
  • Increasing awareness of risk of fire (e.g. Smokey the Bear)

Deterrence of the fire event, just as in the case of fraud, is effected by the removal of causal factors without waiting for a warning sign that something has gone wrong. Of the three elements of the fraud triangle, ‘opportunity’ can be most directly addressed by the organization through improvements in the internal control structure.

What improvements can help eliminate opportunity?

First and foremost, make sure that cash is well controlled, and that starts with the bank account. The bank reconciliation should be performed by a person not involved with collections or disbursements.  The bank statement should always go to a person not involved with any of those functions; in the case of a small business, the statement should go to the owner.

The statement should be reviewed for unexpected activity, including looking at the payee of each check, before a copy is provided to the person doing the reconciliation. Likewise, cash collections and deposits should be independently counted and verified. Basic diligence of cash can prevent many fraud schemes.

Would the deterrence activities also identify the need for further investigation?

Yes, fraud deterrence initiatives frequently move to detection activities: Fraud deterrence identifies an opportunity that could allow a fraud to occur; detection activities are performed to determine if anyone has exploited that opportunity.

Fortunately, fraud deterrence, and the resulting understanding of the opportunity for fraud, provides a clear roadmap for where such detection activities should be applied. Clearly, an organization that has instituted fraud deterrence activities has a greater defense against fraud than one that has not actively identified and eliminated the opportunity for fraud in its organization.

James P. Martin, CMA, CIA, CFE, is managing director for Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or [email protected]

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

How to balance security and convenience by protecting your bank accounts from fraud

Barry Langer, First Vice President, Customer Relations Manager, California Bank & Trust

Online banking is convenient, but it’s easy for cybercriminals to gain access to your accounts when you process transactions over the Internet. Organized criminal gangs are using malware and phishing schemes to steal approximately $1 billion from small and mid-sized companies across the United States and Europe each year, and the problem has become so pervasive that a recent theft of $100 million from a business account barely registered on the FBI’s radar.
The good news is that it’s possible to enjoy the convenience of online banking without exposing your company to unnecessary risk by taking advantage of a bank’s products and services and exercising some basic precautions.
“Cybercriminals pose a real and serious threat,” says Barry Langer, first vice president and customer relations manager for Corporate Services at California Bank & Trust. “Executives need to educate themselves and understand the risks, then take some basic steps to safeguard banking transactions.”
Smart Business spoke with Langer about balancing risk and convenience by protecting your bank accounts from the most common forms of fraud.

How are cybercriminals attacking business accounts?

Companies incur risk whether they’re writing checks or processing online payments, but the greatest threat occurs in cyberspace. When an unsuspecting employee opens an authentic-looking email or document from an imposter, wily cybercriminals can steal user names and passwords by downloading malware such as the Zeus virus onto computers. Cybercriminals can also embed viruses in Web sites, innocuous Word documents such as resumes or simulated email alerts from social networking sites such as Facebook. Unfortunately, employees often fail to recognize an attack because the virus is programmed to evade network security, giving fraudsters access to your accounts. Worse yet, anyone can purchase the Zeus Trojan for about $700.

How can companies minimize risk and the possibility of fraud when processing online banking transactions?

Your employees need to serve as the first line of defense, but they need training to recognize cybercriminals’ tricks and tactics and thwart potential attacks. In addition, companies need to notify their bank immediately if they suspect a breech.
Businesses should also:

  • Eliminate outside risk. Don’t rely solely on security software, antivirus programs and firewalls. Protect your system from viruses and malware by stopping employees from downloading documents stored on external flash drives or CDs, or accessing outside email accounts. Better still, keep viruses from invading your network by using a dedicated computer strictly for banking transactions because most viruses are transmitted via email or while surfing the Internet.
  • Reconcile accounts. Nip fraudulent activity in the bud by reconciling your business accounts daily.
  • Take advantage of bank products and services. Your bank can help you prevent fraud by providing education, best practices and tools such as antifraud software.
  • Implement a dual authentication security process. This is another way to prevent online payment fraud, as different people create and approve each transaction. While the duplicate process requires additional time and staff, it reduces the opportunity for someone to initiate or approve fraudulent payments.

How can companies minimize the risk of paper or check fraud?

Unless companies use a fraud prevention service such as Positive Pay, forgers can wash payees’ names from stolen checks and substitute their own, alter the amount or use software to duplicate checks. With the Positive Pay service, companies send a check issue file to their bank and it is matched against checks presented to identify discrepancies or suspect checks.  Checks that do not match the check issue file are presented to the company for examination. While it’s not free, Positive Pay has the ability to lower costs by reducing unauthorized transactions, potential losses and legal fees.
Positive Payee Match provides another layer of security, as your bank also matches the name of the payee against the roster of issued checks. You can also review the front and back of exception items online and quickly make payment/return decisions from the convenience of your office.
If you don’t want to provide a check issue file, you can monitor presented checks online and return them immediately by utilizing an alternate service called Reverse Positive Pay.

How can companies prevent ACH fraud?

Savvy companies are reducing risk without sacrificing convenience through a service called ACH Positive Pay, which enables you to view and make decisions to accept or reject ACH items before they post to your account. If reviewing every transaction is too time consuming, simply create a filter and review and approve transactions above a specified dollar limit.

How can executives spearhead fraud prevention efforts?

Executives must set the tone by acknowledging the seriousness of the threat and prioritizing risk mitigation over convenience when processing banking transactions. Small to mid-sized businesses are particularly vulnerable to cyber attacks, so executives at those companies should utilize the risk assessment tools and best practices provided by your bank. Remember, an ounce of prevention is worth a pound of cure because a single attack can easily cost your business hundreds of thousands of dollars.

Barry Langer is first vice president and customer relations manager for Corporate Services at California Bank & Trust. Reach him at (213) 593-3838 or [email protected]

Insights Banking & Finance is brought to you by California Bank & Trust

Stanford Financial exec to plead guilty: report

HOUSTON, Tue Jun 19, 2012 – Laura Pendergest-Holt, former chief investment officer for Allen Stanford, has agreed to plead guilty and receive a three-year prison sentence for her role in a $7 billion fraud, Bloomberg reported, citing three people familiar with the matter.

Earlier this month, former billionaire Stanford was sentenced to 110 years in prison for running the fraud in which he stole money from his investors to finance an extravagant lifestyle in the Caribbean.

Pendergest-Holt will plead guilty to a single obstruction of justice charge, Bloomberg said.

Pendergest-Holt was indicted on obstruction of justice charges and conspiracy charges related to her allegedly false testimony to the U.S. Securities & Exchange Commission, which was investigating the fraud.

The U.S. Justice Department and Pendergest-Holt’s lawyers could not be reached for comment outside regular U.S. business hours.