Small businesses are one of the most vulnerable to business fraud, and whilst small businesses commonly employ people they fully trust (and like to feel they’ve vetted their employees well) they cannot prevent unpredictable behavior, even from their most trusted partners.
Fraud affects 1 in 4 small businesses every year – with SMEs losing an estimated £18.9 billion in the past year. It is important to understand that small business fraud extends past your immediate surroundings despite the awareness raised by banks and other fraud prevention schemes to be wary of disclosing personal details. UK cyber attacks have been an increasing worry, especially as business cyber crime is reported to be up by 63% - although a 15% decrease from the year of 2016 is still an alarming number of business that do not know how to prevent fraud internally or have any regulations in place to reduce the risks. Katy Worobec, director of Financial Fraud Action UK states "Customers and businesses need to be alert to the threats posed by the continued rise in impersonation scams attempting to trick them out of their personal details and money."
In order to protect your business against fraud risks you must first identify: the most common types of frauds that you could potentially expose your small business to, the member of staff (or staff members) that are most likely to commit fraud, steps you can take to implement regulations to prevent the risk of fraud.
Types of fraud
The types of frauds your small business can be exposed to doesn’t differ to a corporate one – however small businesses, especially newly established ones are generally more susceptible to fraud and need to be aware of the fraud risks that could arise.
Before we get into ways you can protect your small business against fraud we need to look at the several types of fraud that can arise internally through your employees or externally with suppliers and other third parties. You can split the types of fraud into 6 main categories: assets, payroll and accounting, data, bribery and vendor.
- Cheque forging and tampering
- An employee or customer forging a signature or alters the payee, amount or any other details that cause the cheque to be unauthorised
- Cash theft
- Stealing cash, “skimming”, returns fraud, any other scheme that removes hard currency.
- Product, inventory or service theft
- When an employee misuses company services e.g. gaining a product or service for free
- Expenses theft
- When an employee uses company expense account details for their own personal benefit
- Compensation fraud
- An employee who exaggerates injuries or disabilities to dupe a company out of their worker’s compensation scheme.
Payroll and Accounting
- Also known as larceny. This is a type of fraud caused by someone who controls the funds being used
- Purchasing for personal use
- Using company funds to purchase something for personal use, but records it as a legitimate business purchase in their books
- Accounts payable and receivable
- Accounts payable – one of the most detrimental frauds involves fraudulent expense reimbursements, tampering and billing schemes
- Fake suppliers
- When an employee sets up a fake supplier account and bills the company for services not provided
- Ghost employees
- When a fake or ex employee is kept on payroll and still receiving a wage
- Advance fraud
- When an employee requests and advance and doesn’t pay it back
- Trade and business secret theft
- Acquiring trade secrets and selling them to a competitor
- Access and theft to sensitive data and/or Personally Identifiable Information (PID)
- When an employee steals or shares credit card numbers, client information or other PID and sells them to third parties
Bribery and corruption
- Bribes and kickbacks
- When an employee pays or provides benefits to another business (or internal official) for their own or company advantages
- Product substitution
- When an employee or supplier substitutes counterfeit or inferior products and/or materials than what was initially agreed – usually to reduce their own costs
- Billing schemes
- When an employee creates false payments to themselves using the company’s system – usually by creating a fake customer or editing an existing, authentic vendor.
- Charging a supplier for more money than initially agreed
How to prevent fraud in small businesses
Preventing fraud can seem like an impossible and daunting task, however there are many steps you can take as a small business to protect your monetary and physical assets. One of the most important investments you can make into your business is knowing how to protect it and putting systems in place to reduce the likelihood of fraud in the areas of your business that are most susceptible to it.
Every business operates differently, however as a general rule we have compiled a series of tips to help prevent your small business falling victim to fraud:
Know who your customers are
Vetting your customers is just as important as vetting your employees. Whilst most will make a genuine purchase, there are unfortunate cases where customers want to rid you of your monetary assets. Failure to prevent customer fraud can result in profit and liability losses.
There are some simple steps you can take to help prevent small business fraud, keep your sales up and protect your assets:
Identify the threats
Illegitimate customers can utilise a number of methods to commit payment fraud – such as the use of someone else’s bank details, forging currency or money laundering.
Whichever method a fraudulent customer uses – it will leave you the risk of being out of pocket either through loss of goods or services and their fraudulent payment.
Methods of payment are one of the front-line ways customers make fraudulent purchases which can have a detrimental effect in your books. Ensure you make guaranteed sales with legitimate currency. Fraudulent methods of payment can come in the following forms:
- It is much easier to copy and print cards with magnetic strips than you might think. Here are just a handful of ways to spot if a customer is using a counterfeit card:
- Observe the symmetry and embossing in the card – is it symmetrical and consistent?
- Some customers will purposefully damage the magnetic strip of a card to force you to enter their card details manually. The long card number might not necessarily match up to what is on the strip
- Match up your receipt with the card used to pay for your goods/service. If the last 4 digits are different, your customer has used a fraudulent card.
- Receiving a cheque you can’t cash is one of the most common ways customers can commit payment fraud. The cheque is usually bounced back or rejected by your bank, leaving you out of pocket.
- Cheque overpayment is also a very common method which involves writing a cheque greater than the agreed value and asking for the difference in change. Once the change is given back the cheque will usually get rejected and the customer will cease all contact.
- Only accept cheques from customers and suppliers you trust
- Always use a pen when writing a cheque and be sure to cross through any empty spaces.
- If the cheque you receive feels or looks wrong, or if the customer writes a cheque for an amount greater than what was initially agreed (and asks for change back) - ask for an alternative method of payment
- Fraudulent cash is an old-school tactic of paying for goods, even with the new £5 and £10 polymer notes. With good internal controls, the person who handles cash can also use a variety of methods to check what they are receiving is fraudulent:
- Check for raised print – you should feel this on words like “Bank of England”. If the cash is fake you’ll likely feel a strange texture or it will feel flat
- The print quality on all polymer notes is extremely sharp – if you spot any blurriness in the detailing then the note is very likely to be fake.
- On a £5 note, the Elizabeth Tower/Big Ben is finely detailed in a window on the note – when tilt the note you will observe a coloured rainbow effect
- A £10 note has the same feature but with the Winchester Cathedral
- You can find out more about paper and polymer notes on the Bank of England’s dedicated page to bank notes.
Short and long firm fraud
- Long firm fraud can be defined as fraudulent businesses placing many small orders with wholesalers and suppliers to develop their credit history. They then place a large order and disappear without payment. Short term fraud on the other hand is very similar but takes place over a much shorter period of time.
- There are several ways you can protect yourself against short and long firm fraud:
- Visit customers at their premises to establish if they are legitimate.
- Check if they have filed account previously through Companies House and have clearly been prepared by an accountant.
- Ensure any supplies you order are delivered to the intended address with identifiable vehicles and couriers.
- Ask for trading references and vet the referees to establish if they are also legitimate.
- Ensure a company has various methods of contact not limited purely to a mobile contact and/or email address.
Vet your customers for their identity
One of the ways you can protect your small business is by investigating your customers and their transactions. If you suspect something isn’t right, it probably isn’t.
- Should you doubt your customer’s identity – gather as much information as you can before accepting payment.
- Asking questions about a customer’s order is a legitimate way to find out their intentions and make you come up with an informed decision about accepting their purchase.
- If you are an online-based business, add an extra later of security to transactions by asking for Verified by Visa/Mastercard SecureCode authentication.
Look out for fraudulent or suspicious customer orders
It’s very easy to have suspicions on a placed order or enquiry – here are some ways you can spot this behaviour and avoid falling victim to fraud:
- Spot if your customers are asking top-line questions at infrequent periods and display a lack of interest in your products or services. This is a sure fire way to tell if a customer is fraudulent especially if your products or services are premium.
- Infrequent purchasing, especially when they bulk orders or changes of behaviour.
- If a customer wishes to pay out of your buying process (through cash or direct through PayPal) then you can lower your protection to a fraudulent purchase if you agree. Stick to your payment processes to ensure you are covered should the worst ever happen.
- If a customer supplies an overseas delivery address then this can be a red flag, especially if they do not care about delivery costs. Whilst this might be legitimate – follow up with more questions before making an informed decision.
Know your physical and non-physical assets
The value of your business depends on your property, stock, money, customer data and your ideas. These things are worth a lot to fraudsters trying to con you out of your business plans as well as your business worth.
Currently – the fine for failing to protect customer data is £500,000 under the Data Protection Act 1998, however on the 25th May 2018 the new GDPR Act the penalty can result in a fine of 2% of your annual revenue. This is especially important to realise should sensitive information fall into the wrong hands.
Here are some ways your business assets can be threatened:
- Internal tampering/business fraud
- Account takeover from a customer or employee
- Hacking and identity fraud
Small business can protect their assets internally and externally using the following steps:
Identify and secure your property and assets
To fully protect your business assets you must be fully aware of what they are and how much they are worth. Whilst restricting access to your assets is common knowledge, you need to consider how you can stop unauthorised access
- List together all your tangible (physical) and intangible (digital) assets – then create an action plan on how you’ll secure them.
- It might not be apparent how worthy your assets are to begin with. For example – the loss of data can be highly detrimental and can be used to initiate fraudulent activity against your company
- Once you have put strategies in place to prevent fraud against your business and assets, make it a regular occurrence to monitor your implementations.
- The Information Commissioner’s Office (ICO) has a guide especially for small businesses and how you can protect data.
Protect your business, identity and intellectual property
Your reputation and branding is one of your most valuable assets as a business which fraudsters can make use of for monetary and identity purposes. If steps aren’t taken to protect your identity then you could suffer a massive loss of money, reputation and credit rating.
- Read up on your Intellectual Property Rights (IPR) and find out how you can report copyright infringement.
- Companies House is often a go to for fraudsters who can then change your filed details. Protected Online Filing (PROOF) is a scheme that enables companies to limit the number of changes that can be filed for a company – therefore reducing the likelihood of fraudster’s paper change requests being accepted.
Protect your business and personal data
The Payment Card Industry and Data Security Standard (PCI DSS) is something all businesses that handle card, online and offline payments must comply with.
- Non-compliance and resort in your business suffering huge consequences for any fraud committed internally or externally, including any fines. You can read up on further information on PCI and compliance here
Know your suppliers
Purchasing stock, supplies or marketing assets are essential for every business to run.
Invoice fraud from suppliers is one of the most common types of business to business fraud that affects many businesses year on year through the use of fake invoices and changes to method of payment that haven’t been fully agreed or cleared. There are many suppliers and illegitimate companies who claim to be established and trusted businesses – regardless of how good their credit history is.
Small businesses must ensure they don’t fall victim to this. By knowing exactly how to fully control and manage your suppliers and their identities will reinforce your small business and who you’re dealing with:
These are the types of fraud you could face with suppliers:
- Fake invoice fraud
- Advanced fees
- Insolvent supplier trade
- Computer software service fraud
- Office supply scams
- Business directory fraud
Small businesses can take action to verify their supplies and reduce the risk of fraud:
Research your suppliers
- Simple internet searches on the suppliers business can pull up reviews from other customers. Typing strings like “fraud” or “scam” can bring these up quicker in your search engine.
- Some suppliers claim to be more established than they really are and will generally work at establishing a good relationship with you over a period of time.
- You can take precautions against fraud by establishing a Single Point of Contact (also known as SPOC) with each of your suppliers. Any monies you wish to deal with can be done so with your SPOC instead of someone else within the firm you have not been acquainted with.
- Companies House is a great place to check for filed accounts. You can also ask the supplier for their references in order to make an informed decision about business proceedings.
- Look out for overcharging on goods or invoices where additional charges are added without having been discussed previously
Keep regular checks on all your suppliers
Over time, even if you have a good relationship with your supplier you must continue to monitor their processes and behaviour in case anything changes.
- If their service standards aren’t up to scratch or they begin to break what they promised to deliver then you’ll increase your chances of being out of pocket. Check the financial health of a supplier by applying for a credit reference agency to carry out a check.
Know your employees
Employee fraud is far more common than you think – around 80% of all data breaches occur with staff involved in some shape or form according to the ICO and can cause significant loss or destruction to your small business. Not to mention those in the inside of your business are able to know your processes inside and out, giving them insight into how they could potentially bypass them.
Employees within a small business can shape its identity, so you must uphold a strict policy on fraud, behaviour and ethics to ensure your reputation and revenue doesn’t suffer the consequences.
There are various ways employees can commit fraud within a business:
- Asset exploitation
- Personnel management fraud
- Payment fraud
- False accounting
- Travel fraud
- Procurement fraud
Here are ways you can go about employee fraud prevention within your small business:
Monitoring staff behaviour
Keeping an eye out on your employees’ progress, performance and development is good practice, but it can also open you up to any suspicious behaviour from one or more staff members. Such behaviour could include complaining about company policies and procedures, refusing to take holidays or any other changes in their lifestyle that have caused questionable behaviour.
Most of this behaviour can be explained however it’s better to be alert of anything that could happen. Even your most loyal and long-serving employees could be tempted to commit fraud, even if there is mutual trust – so it’s even more important to watch out for changes in behaviour in those you know well.
Anti-fraud and anti-bribery statements
One way of communicating a strict anti-fraud policy is by enforcing it from the beginning. This can be carried out through company introductions, company handbooks and training – which can all aid to establish zero-tolerance culture and place emphasis on fraud being highly unacceptable within your business.
You can obtain a sample fraud policy statement document from the Fraud Advisory Panel to get started.
Other policies, disciplinary procedures and controls
By knowing your full list of assets and where they are stored can help you devise a plan on how to protect them from employees with other intentions. There are several ways you can do this depending the nature and size of a small business, but can include things like shadowing over financial processes and reconciliation or restricting access to associates.
Small business advice for fraud prevention – top tips
Implement clear policies
Employees might not realise the implications or consequences of their actions if there is no solid fraud policy in place within your small business.
Ensure you have a fully documented policies and procedures handbook to clarity your company expectations, employee conduct, definitions of “fraud”, “theft” and “bribery” and the consequences of violating your terms. These policies should cover every aspect of your business – from tangible to intangible assets.
Educate yourself and employees on fraud
By relying on common passwords for a variety of processes can increase the risk of valuable assets falling into the wrong hands. Ensure you educate your employees to create secure passwords and change them on a regular basis.
Keep record of all procedures, ingoing’s and outgoings
As a small business owner it’s very easy to be stretched thin by various responsibilities. By keeping as organised as you possibly can just might be the very skill that saves your business from falling victim to fraud.
Keep accurate records of all your assets in the form of inventory/stock control, accounting records to monitor what is going in and out and any other billing your company might be involved in receiving/giving.
Have a computer dedicated to your accounting needs
Using social media and other recreational websites opens your computer up to a host of vulnerabilities. By having a computer that is solely used for banking and other accounting needs will reduce the risk of any cyber crime.
Get insurance cover
If your small business does happen to fall victim to fraud despite your efforts, insurance can help you recover some or all of the losses. Consult with various insurance firms to find the cover that’s right for your business.
Have a password policy
As mentioned previously – your passwords should be regularly updated and different ones should be set per process or system you use. Set rules for your passwords (e.g must contain a special character) to ensure passwords are complex enough.
Secure your IT infrastructure
Invest in a firewall as well as specialist anti-virus, spyware and malware detection for your computerised assets.
Ensure you keep several backups of your files should any of your hosts get caught up in a cyber attack – by having backups you’ll be able to restore function quickly or work from a different computer.
If you have an enquiry about fraud prevention for your small business – contact Alan or alternatively call on 0870 919 4745