The risks
- Employees and / or contractors spending company money for private gain. For example:
- Ordering goods for personal use.
- Over-ordering goods in return for supplier back-handers.
- Paying for non-existent services in return for corrupt payments.
- Negotiating inflated prices in return for corrupt payments.
- Fraudsters setting up a merchant account in your company’s name and accepting orders for goods that they do not supply.
- Fraudsters hijacking your website to redirect orders to their server.
- Fraudsters posing as company directors, then changing the directors and registered address of the business.
- Company records, employee names, bank account details and other sensitive information being stolen by people looking through rubbish bins.
- Goods being ordered with bogus account details or stolen credit cards.
- Payment card chargebacks as a result of customers fraudulently claiming that goods have been received not fit for purpose, or not received at all.
- Having the goods you despatched substituted with fake goods when returns are made.
- Phishing, vising and other social engineering attacks which persuade you or colleagues to divulge confidential information in order to facilitate fraud.
- Your website traffic being deliberately diverted to a bogus site with a similar address (for example, with a near-misspelling).
- ID passes, passwords and private information being stolen by dishonest contractors and tradesmen.
Protect your organisation
- Check your bank accounts and Companies House records for irregularities, on a regular basis.
- Reconcile bank statements and company credit card statements meticulously and regularly.
- Encourage employees, customers, suppliers and business partners to report anything unusual.
- Be aware of registration of new domains that are similar to yours. Consider registering common misspellings and variations of your company name.
- Shred sensitive papers before disposal.
- Set guidelines and processes for who can place orders on behalf of the company. Use a formal purchase order system.
- Take up references for, and consider vetting new employees and contractors.
- Perform credit checks on new customers and check their contact details for authenticity.
- Respond to payment card chargeback requests promptly.
- Set strict credit limits.
- Set limits to withdrawals, transfers and payments from bank accounts. Consider setting up dual authority for withdrawals, transfers and payments, in the same way you might with dual signatories on cheques.
- For unknown customers with no transaction history, insist on cleared payment being received before goods or services are supplied.
- Perform credit checks on new suppliers and partners, and check their contact details for authenticity.
- If selling online, validate new customers using verification such as Address Verification Service, or Verified by Visa / MasterCard SecureCode. There are a number of commercial providers of verification solutions and details can be found via the CardWatch website.
- File your company secretarial records using the Companies House WebFiling system to reduce the threat of identity theft of your company name or directors.
- Ensure that your computer security is sound including having up to date and activated antivirus/antispyware software and firewalls, regular software updates and the use of strong and private passwords. This will protect against many online threats.
If your organisation is a victim of actual or attempted fraud
- Report it to Action Fraud on 0300 123 2040 or online at www.actionfraud.police.uk. If you are in Scotland, contact Police Scotland on 101.
- Take immediate steps to mitigate damage, whether the suspected source of fraud is internal or external
- If the fraud concerns your bank account, contact your bank immediately