"Identifying And Mitigating Your Exposure To Fraud"
KeyBank Special Report: Identifying And Mitigating Your Exposure To Fraud Inside: Fraud: A Problem That Won’t Go Away How Criminals Exploit Vulnerabilities In Treasury Practices Fraud Prevention From An Enterprise Perspective Vigilance: Your First Line Of Defense Fraud Is Real • You Are Not Alone • We Can Help executive summary: 8 8 200 200 “Fraud rings are better organized and more USA USA technologically rp rise rp rise Ente Ente sophisticated than ever before.” Fraud: A Problem That Won’t Go Away At this very moment, businesses In fact, the Association of In a roundtable discussion held like yours are being targeted by Certified Fraud Examiners by the Federal Reserve Bank, criminals whose sole intent is to (ACFE) calculates annual participants reported that costs obtain funds by illegal means. losses due to fraud at $652 associated with this steadily Operating both individually and billion,* or approximately 5 growing problem are not only in well-organized rings, these percent of the nation’s Gross substantial, but increasing as corrupt and calculating Domestic Product. the incidence of fraud continues individuals have learned to to escalate. identify and exploit weaknesses Are you vulnerable? that victims often overlook. In a recent survey conducted The hidden costs. by the Association for Financial The cost of fraud is not limited Hidden in plain sight − among Professionals® (AFP), 72 percent to direct losses. Also significant employees, associates and of all participating organizations are the many expenses the population at large − the reported that they had been associated with investigative perpetrators of payment fraud the victims of attempted or efforts and attempts to recover rob American enterprise of actual payment fraud.** And, lost funds. Less quantifiable, but billions of dollars each year. unfortunately, fraud appears potentially even more damaging, to be a growth industry. is the negative impact of ACH Fraud: The profile of a victim. The AFP finds that organizations with annual revenues under $1 billion are nearly three times more likely to sustain financial losses due to ACH fraud than are businesses with revenues over the $1 billion mark. In examining the statistics, the reason for this significant disparity becomes readily apparent: larger institutions are much more likely to implement fraud prevention solutions. successful fraud attacks on time and expense of correcting actively engaging in building the public image of victim fraudulent activity, the cost of alliances with financial institutions organizations. each incident typically exceeds that can provide the expertise to $3,000.†† pinpoint vulnerabilities and If victimized by fraud, you can structure solutions that can expect to spend over 175 hours† Alliance: Joining forces help to defend the organization filling out insurance claims, police on multiple fronts. against fraud − and from the reports and affidavits, and in Clearly, to prevail in the battle losses it can cause. completing numerous other time- against fraud, organizations must consuming tasks in an attempt to take a proactive stance. Today, repair the damage. Added to the businesses and institutions are How Criminals Exploit Vulnerabilities In Treasury Practices Fraud is as old as commerce The most frequent targets. beginning. Current methodologies itself − but as the technology Despite the declining use of are as advanced as today’s of treasury management has checks, check fraud continues technology. One of the fastest- evolved, so too have the methods to increase and is still the most growing types of check fraud used to perpetrate it. Today, the prevalent form of payment fraud involves the production of level of sophistication among by a significant margin. In fact, counterfeit checks. Using tools those who conspire to commit 41 percent of all organizations that are readily available − fraud is alarmingly high. responding to the AFP study including desktop publishing Disaffected and cunning, tech- reported an increase in the software, color copiers and savvy criminals arm themselves incidence of check fraud.** high-end printers − counterfeiters with an insider’s understanding produce replications of genuine of treasury management Other frequent targets of payment checks that are both convincing practices and set forth to fraud are: and effective in producing the defraud the organizations that • Automated Clearing House intended result. drive our economy. The costs (ACH) are immense. Fortunately, • Credit and debit cards Criminals also commit check banking services designed to • Wire transfers fraud by: protect organizations against fraud also continue to evolve Technology: The criminal’s • Stealing employee as well. The following are several toolbox. paychecks, reimbursement of the many ways criminals At first glance, check fraud may checks and rebate checks. endeavor to exploit vulnerabilities seem relatively low-tech. But in treasury practices. forged signatures and altered payable amounts are just the Continued on next page. • Taking advantage of check- fraud attempts made against conversion loopholes at their organizations involved ACH Understanding unprotected financial institutions. transactions.** And among your exposure. Criminals obtain account and organizations that were found routing numbers from checks to be financially responsible for and use this information to losses due to fraud, more than It is often assumed that initiate payments – typically via half did not use ACH debit financial institutions phone or the Internet – that are blocks or filters. Another 22 are responsible for presented electronically as percent of ACH fraud attempts losses resulting from ACH transactions. were successful because the fraud. However, an organization had not reconciled Fraud in the electronic realm. its accounts or returned payments organization may be As Automated Clearing House on a timely basis. And 17 percent held responsible in transactions and other electronic of victim organizations reported payment methods have gained that the source of fraud could be some instances – for increasing acceptance, so too traced to persons within their example, if it failed to has the incidence of electronic own organizations. reconcile accounts fraud. Rapidly assimilating these and/or identify and new and emergent electronic Beware the inside job. return fraudulent items payment technologies, the How do you identify a criminal criminally opportunistic relentlessly who has penetrated your in a timely manner. continue to pursue their victims in defenses? The answer may the electronic realm. not be so obvious. According to Financial responsibility data collected by the ACFE, less With the proliferation of phishing is determined on a case- than 8 percent of prosecutable e-mail schemes and online trojan suspects had been convicted of by-case basis, depending attacks, organizations must any crime prior to committing on the facts of the case acknowledge the necessity of internal fraud. protecting access to account and applicable law. information. Today, expertly The costs of internal fraud Responsibility may crafted phishing e-mails, which can be staggering. The ACFE be linked to the entity are used to fraudulently obtain finds that the median loss due determined to have passwords and other account to internal fraud is $159,000 information, are one of the per incident.* And nearly 25 been in a position to most damaging weapons in percent of all reported take preventive action, internal fraud cases resulted the criminal toolbox. Trojans, but which did not do which harvest account data in losses of at least $1 million. so. You should seek automatically – and all too often Among the most frequent the advice of your without being detected – are types of internal fraud are asset also responsible for significant legal counsel regarding appropriation schemes involving financial losses. The potential for responsibility for fraud. invoicing, expense reimbursements, loss due to trojans is expected to check tampering and payroll. continue to increase over time, as Small to mid-sized businesses these malicious programs are particularly susceptible become more sophisticated. to internal fraud and suffer Respondents to the AFP survey disproportionate losses as report that over a third of the compared to larger organizations. Fraud Prevention From An Enterprise Perspective Taking the offensive: A multi- • Utilize electronic plus a stronger factor such as dimensional strategy. processes. a digital certificate. Safeguarding the organization’s Use online reporting to enable cash flow and profits has long faster reconcilement and Defending against check fraud. been the role of the corporate authorization decisions for Dealing with fraudulent checks treasury department. However, questionable/red-flagged is costly, not only in terms of as fraud continues to grow in items. Also, consider issuing the actual loss, but in terms of scope and sophistication, the rebates and refunds as expenses related to remediation. need to manage this threat has electronic transactions, and The following strategies are never been greater. To effectively use direct deposit for payroll. fundamental to a successful combat fraud, forward-thinking anti-fraud initiative: organizations must adopt multi- • Protect account information, user IDs and passwords. • Identify altered payee dimensional strategies that Account numbers, routing names and payable function in synergy with their numbers and other relevant amounts, forged existing initiatives. And because account details are gold to signatures and fraudulently fraud can be expansive across criminals who attempt to replicated checks. an entire organization, it is also commit fraud. Instruct Detecting unauthorized essential to engage internal employees in the protection checking activity, partners by communicating of secure information and automatically identifying concerns and sharing observations. teach them to recognize questionable items and Combating fraud: phishing e-mails and other providing the option to either The essentials. attempts to obtain sensitive approve or reject these items Combating fraud isn’t simple, data. are important safeguards but it is possible if managed Continued on next page. effectively. KeyBank recommends • Implement fraud that you begin with these prevention solutions. essential activities: Implement bank-provided treasury management • Segregate duties. solutions that can help Designate one person to to mitigate fraud through make payments and another early detection and person to reconcile, to help safeguard against decrease the potential for erroneous postings. internal fraud. • Use two-factor • Reconcile on a authentication timely basis. to strengthen The more frequently you transaction- reconcile, the sooner you’ll be level security. able to identify any unusual Verify user identity with check or ACH transactions. a user ID and password, against altered or fraudulent • Use automated account • Keep paper checks out of checks. An effective tool in reconcilement. the wrong hands. managing these scenarios is This is an effective alternative Paper checks, when stolen or positive pay. An extra layer of to traditional reconcilement altered, can provide a direct protection, known as payee methods. It provides detailed route into your accounts. positive pay, is provided by checking account information One of the best ways to keep comparing the payee name that reduces the time needed them out of the hands of on presented checks to an to reconcile accounts and criminals is to archive checks electronic list submitted by enables you to identify as digital images and store the client organization. This fraudulent activity sooner. them on CD-ROM or other feature helps to ensure Typically, organizations digital media. This process authenticity by automatically choose from one of two enables organizations to reporting all exceptions, and distinct levels of account easily manage, retrieve and allowing the client to make reconcilement: view images on demand. the desired dispositions. Typically, archived check Because many financial Partial reconcilement – images include the front and institutions do not offer this provides a list of paid back of each check, providing service, it is important to checks in numerical a visual record of the signature, determine availability. order. Check serial endorsement and/or bank of numbers, dollar amounts, first deposit. Automated • Identify fraudulent dates paid and sequence account reconcilement activity rapidly. numbers are displayed reports and bank statements The more quickly fraudulent within this concise, are also frequently imaged for activity is identified, the more easy-to-read report. archival purposes. likely it is that you can prevent it. This is why it is imperative to Full reconcilement – • Make it more difficult to reconcile accounts on a timely in addition to a list of counterfeit your checks. basis. By doing so, your paid checks, it provides One of the more effective organization can identify an itemized report of ways to reduce check fraud exceptions that may be outstanding checks and is to utilize enhanced check fraudulent and take exception items. stock security features, appropriate action before including microprinting, dual- financial damage can result. color gradients, watermarked security tags and photocopy prevention markings. To further complicate the efforts 8 200 of counterfeiters, limit access USA to sensitive account rise erp Ent information and check stock. Often, the most cost-effective way to achieve these objectives is to outsource check production. Safeguarding the ACH • Matching all ACH debits Closing the loopholes process. against a pre-approved between digital and traditional Automated Clearing House account list provided by the payment methods. (ACH) payments present client to determine if the debit To be effective, your fraud new and potentially lucrative should be paid. protection initiative needs to opportunities for criminals. To close the loopholes that can help protect against fraudulent • Receiving a daily exception open when checks are presented ACH transactions, organizations report of all unauthorized as ACH payments. Positive Pay need to carefully monitor attempts to debit protected and ACH block and filter electronic account activity. accounts, including an option solutions should be structured to to pay or not pay each item work hand-in-hand – including In addition to reconciling on the list or place a block on the verification of payee name for accounts daily, the primary an account. electronic items – to identify solutions in the battle against questionable transactions and to ACH fraud are ACH blocks and • Rejecting all ACH debits return suspicious items upon filters. Designed to protect attempting to post to a presentment. Because not all against unauthorized electronic specified account. financial institutions offer this level ACH debits, these methods of integration, it is important to ACH block and filter reports are enable users to authorize specific evaluate carefully when selecting often available via fax, e-mail or ACH debits or block all ACH a solutions provider. the Internet. debits to their accounts. Users can select the level of protection that best fits their organizations: Vigilance: Your First Line Of Defense Fact #1: No amount of planning and oversight will ever completely eliminate fraud. The bad guys are just that good. Fact #2: Criminals look for easy targets, so if an account is protected, it becomes a far less attractive target for would-be criminals. This is particularly true in the case of internal fraud, especially when members of the organization know that fraud prevention measures are in use. Fact #3: With a well-conceived, well-executed system in place, you have the potential to reduce fraud to a point at which it becomes a negligible nuisance, and perhaps even eradicate it for considerable periods of time − all without incurring unreasonable cost. The right blend of process and technology. It’s time to take a proactive stance against fraud. KeyBank can help you formulate a strategy designed to address your needs. Contact Key today to discuss your fraud strategy and to obtain recommendations specific to your organization. For more information, visit key.com/globaltreasury. SM *Association of Certified Fraud Examiners (ACFE), 2006 Report to the Nation on Occupational Fraud & Abuse **Association for Financial Professionals (AFP), 2007 AFP Payments Fraud Survey: Report of Survey Results, 2007 †Federal Trade Commission. Identity Theft Clearing House, 2002 ††The American Bankers Association. Deposit Account Fraud Survey Report, 2004 This document is designed to provide general information only and is not legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. KeyBank does not make any warranties regarding the results obtained from the use of this information.