Margaret Roberts, who runs an association management company in Alexandria, Virginia, vividly recalls the day she answered a phone call from a landlord in New York who had received a deposit for an apartment lease. The check was drawn on the account of one of her nonprofit association clients, and it just didn’t look right to the landlord. He wondered if it was valid.
Antennae twitching, Roberts logged into the client’s online banking account and quickly confirmed that the landlord’s hunch was correct. The check was bogus. The fallout cascaded rapidly from that point: While Roberts was investigating and alerting the bank, another caller phoned to thank the association for an award payment he had received. There was no award. In the end, she discovered there wasn’t one fraudulent check, but several, totaling more than $15,000.
It turned out that scammers had pulled wire transfer information from the client’s conference website and created fake checks. “Our client got their money back, but we had to shut that account, open a new one, stop payment on valid checks, and send signature cards all over the country. The ripple effects were extensive,” Roberts says. “It was a nightmare.”
Controlling and Preventing Small Business Fraud
A single episode of payment fraud can be time-consuming and costly for businesses and nonprofits. Still, there are practices and procedures that organizations can implement to control the risks and consequences. The typical organization loses 5% of revenue to fraud each year, according to the Association of Certified Fraud Examiners. Nearly half of all reported fraud was clustered in four departments: operations (15%), accounting (12%), executive and upper management (11%), and sales (11%).
LexisNexis found that as of 2022, the cost of recovery from fraud averaged $3.75 for every dollar lost to fraud, reflecting expenses such as fees, interest, and merchandise replacement and redistribution in the case of retailers. That figure is up from $3.13 in 2019 and $2.40 in 2016.
Small companies can be so focused on simply running their businesses that they overlook the risk of fraud. It’s important to systematically look for and identify transactions that appear suspicious, probe for information, and train employees to look for anomalies. The same set of eyes — the controller or the accountant, for example — should examine account activity every day to become familiar with patterns. If payments, debits, and small credits are out of line with expectations, it’s time to investigate.
The Risks of Fraud for a Small Business
The risks are substantial. In 2021, 7 out of 10 organizations surveyed by the Association for Financial Professionals were targets of an attempted or actual payment fraud attack. The leading sources of fraud were compromised business emails and outside individuals, such as people passing phony checks.
Fraud is also becoming more sophisticated, according to the LexisNexis study, and that translates into higher costs for targets. Fraud costs attributed to the mobile channel account for a sizable portion of fraud costs among e-commerce merchants. Different channels and types of fraudulent transactions require different solutions.
With so much at stake, implementing fraud prevention tactics is essential.
Experts strongly advise organizations to use a dual-control process. This means when the organization transmits funds via an automated clearinghouse or wire transfer, one person should enter the transaction and a second person should review and release it. Business owners can reasonably perform both steps themselves, but once they have delegated financial authority, it’s prudent to implement a check-and-balance system.
Fraud Prevention Tips
The Federal Trade Commission is an excellent source of advice for fraud prevention for small businesses. The agency urges organizations to:
- Check all invoices closely and don’t pay unless the bill is verifiable for items that were ordered and delivered. Make sure staff members follow this rule.
- Adopt clear procedures for approving invoices or expenditures and limit the number of authorized people who can place orders and pay invoices. In addition, adopt procedures to ensure that an unexpected call, email, or invoice can’t trigger major spending.
- Pay attention to how someone asks you to pay and tell staff to do the same. If you are asked to pay with a wire transfer, reloadable card, or gift card, you can bet it’s a scam.
- Understand that scammers can easily fake email addresses with what seem like authentic company logos and create websites that look legitimate. Remind all staff to stop and think about whether it could be a scam before clicking on a link. Also, don’t open attachments or download files from unexpected email addresses because they may contain harmful viruses.
- Secure your organization’s files, passwords, and financial information. This includes keeping software up to date, backing up files, using strong passwords, and turning on two-factor authentication.
- Never leave a laptop, phone, or another device unattended in public, even locked in a car.
The Bottom Line
Most of all, it’s essential to remain vigilant. Fraud prevention is possible, but it takes effort and awareness.
Roberts thought she had seen it all after the fake check scam when a new con started making the rounds. A phony email goes out from an address that looks much like the email of a client’s chairman or treasurer. “The ‘chair’ sends an email to the treasurer saying that there is a bill for something organization-related,” Roberts explains. “Can they send a check overnight to him so he can take care of it? The check is to be routed to an address with a payee name on it.”
The scam almost succeeded until she noticed the discrepancy in email addresses, contacted the chair, and unraveled the scheme. “The schemers are relentless,” Roberts says.