Small business has a big fraud problem

Prevention and mitigation strategies can mean the difference between a thriving enterprise and a shop closing its doors. Fraud incidents tend to disproportionately affect small businesses, since the relative size of a financial loss makes up a much bigger chunk of revenue compared with larger organizations.

Compounding the problem is the duration of fraud. Because small businesses are less likely to spend the time and money needed to reduce risk, fraud is more likely to endure for longer periods before being detected.

Smaller businesses also have fewer fraud controls than larger organizations and, as a result, become victims more frequently. For example, billing and payroll fraud  at small businesses occur at twice as often compared with larger organizations, while check and payment tampering occur at four times the rate.

Sign up for the free BAI Banking Strategies newsletter and get industry insights delivered to your inbox.

Banks and credit unions can help small businesses integrate fraud prevention and mitigation into their workflows to help prevent fraud and minimize its impact.

Fraud from every direction

Small businesses have for years faced the threat of hackers, with common intrusions such as malware and viruses. But the nature of attacks has changed – they seek to steal company trade secrets, customer payment information, customer personal information and vendor records. Hackers can even remotely lock a business’s computer system and hold it for ransom.

Another growing area of exposure includes identity theft in which fraudsters steal business information, such as tax identification numbers, and wreak havoc by taking out loans in a company’s name. Fraudsters also target a business’s customer records to sell customer identities on the black market. Mobile devices have introduced new vulnerabilities to in-house networks, giving perpetrators new entry points. If your employees can use their own devices for business purposes, how confident are you that the devices are not compromised?

The good news is that small businesses can implement policies, procedures and safeguards that can increase detection, minimize losses and ensure effective resolution of fraud. Consider these 10 low-cost strategies that could significantly reduce the risk and impact of fraud:

  1. Be thorough when hiring. Internal staff accounts for 37 percent of fraud, so your ability to protect your business starts with recruitment.
  2. Establish a code of conduct. Employees are less likely to cross the line if they have a strong sense of company rules and expectations.
  3. Educate and cross-train your employees. Your staff must be aware of all the ways a company’s financial health and reputation can be compromised. Rotate job responsibilities so no one remains in a sensitive position for a long period.
  4. Keep close tabs on finances. Check bank and credit card statements monthly and know how much it costs to run your business, as well as how much money is coming in.
  5. Bolster computer security. Protect your network with firewalls, anti-malware and email phishing detection products.
  6. Be aware of regulatory changes. Pay close attention to local, state and federal requirements for protecting customer information and reporting fraud.
  7. Use checks with security features. Checks with security features such as holograms, heat-sensitive ink, chemical reactive paper and a true watermark make duplication difficult.
  8. Use a fraud detection monitoring service. Having a set of eyes on the business can help detect fraud so you can minimize the damage.

Strategies for mitigation

Given the rampant nature of fraud nowadays, small businesses also need to plan for the day it happens. Consider these ideas for alleviating fraud’s impact:

  1. Subscribe to a fraud remediation service. Fraud remediation advocates can determine the threat, investigate acts by unknown parties or employees of the business, and spearhead the investigations needed to prepare cases and speed the path to a resolution.
  2. Look to experts to implement a response plan. Work with a recovery service that can provide an action plan for the critical first 48 hours after the discovery of a security breach or fraud.

Unfortunately, the threat of fraud is here to stay, so small-business owners must be diligent in reducing risk.

The median time to detect an internal fraud scheme is 14 months. This means businesses must be looking for both internal and external threats at all times, and their financial institution can play a big role in helping them protect themselves.

Andy Shank is vice president of fraud and risk management at Harland Clarke.

 Learn more about how to prevent fraud in the BAI Executive Report “Taking the fight to the fraudsters”