Fraud-and-forensic-accounting | RKL LLP
Posted on: December 13th, 2017

How to Avoid Gift Card Fraud This Holiday Season

How to Avoid Gift Card Fraud This Holiday SeasonAmericans spent $46 billion on gift cards throughout 2016, according to market research firm Packaged Facts. While gift givers and receivers value the convenience and flexibility of gift cards, they have also been targeted by fraudsters over recent years. Gift card fraud is far less pervasive and damaging than credit card fraud, but it can present headaches for both consumers and retailers. It is important for those buying and selling gift cards to understand the risk of fraud and take precautions to protect their investments this holiday season and beyond.

Common types of gift card fraud

Most fraudsters use one of two methods to commit gift card fraud: hacking into accounts associated with gift cards or stealing gift cards or gift card numbers from a retailer.

  • Hacking into accounts associated with gift cards: As online registration for gift card balance tracking and reloading becomes more common among retailers, it has also opened opportunities for hackers to exploit weaknesses in the system. In 2015, Starbucks experienced a hack of its mobile app that allowed fraudsters to drain bank accounts attached to the gift card auto-load feature. Conversely, fraudsters are also using gift cards to drain value in other hacked accounts, like credit card rewards. In these cases, hackers gain access to a consumer’s credit card rewards or points and redeem them for gift cards, which they can then convert into cash via online services or physical kiosks that offer over 50 percent of gift card face value.
  • Theft of gift cards: Another method of gift card fraud is physical theft. Particularly during the holidays, retailers might position stacks of gift cards throughout the store for convenient shopping. Thieves will often steal a stack of these cards in order to write down the identifying information (card number, PIN, security code) or unlock the information using a magnetic strip reader. Once the information is exposed, they will return the cards to the store and then use software that allows them to keep track of card activation and balance in order to drain the card value before the consumer can use it.

Gift card fraud prevention tips for consumers

This holiday season and beyond, consumers can avoid gift card fraud by adopting the following best practices.

  • Only purchase gift cards from trusted, reputable retailers both in person and online. Ideally, try to buy them directly from the store where they’ll be redeemed. Cards purchased from reseller or auction sites may be stolen or counterfeit.
  • Do not disclose personally identifying information when buying a gift card. Unlike a credit card, this information is not required, so requests for bank account number, Social Security number, date of birth or similar personal data are red flags to be avoided.
  • When purchasing a card, examine it for physical signs of tampering. Details like an exposed PIN may indicate that the card has been redeemed. Return any card that looks questionable and ask for another that is unblemished.
  • Have the cashier scan the card at the time of purchase to ensure the card is valid and has the correct balance
  • Take advantage of available online registration and activation services. Having online access to monitor the card allows consumers to detect issues or drained balances sooner.
  • Keep the receipt as proof of purchase until the card balance has been depleted. If the gift card is lost, some retailers may re-issue the card at full value with proof of purchase.

Gift card fraud prevention tips for retailers

Retailers can also reduce the risk of gift card fraud by implementing the following policies and procedures.

  • Improve in-store security by only placing blank gift cards at the register. Consider keeping them behind the counter or behind lock and key.
  • Require a PIN for the use of gift cards, instead of just the number on the front of the card.
  • Maintain gift card PINs in a separate database from gift card numbers.
  • If an online registration portal is available, limit account balance look-ups within a certain time period.

As the popularity of gift cards continues to rise during the holidays, so does the potential for their fraudulent use. Remaining vigilant against signs of tampering and securing physical and online access to cards can help consumers and retailers avoid the financial and reputational damage associated with gift card fraud.

RKL’s team of fraud consultants are available to help businesses assess prevention protocol and implement best practices to ward against a wide range of fraud threats. Contact one of our local offices today to get started.

 

Jeremy L. Witmer, CPA, CVA, CFE, Senior Consultant in RKL’s Business Consulting Services GroupContributed by Jeremy L. Witmer, CPA, CVA, CFE, Senior Consultant in RKL’s Business Consulting Services Group. He provides forensic accounting, litigation support and business valuation services to companies and organizations across a number of industries. Jeremy’s expertise includes reconstruction of financial records, employee theft investigation, damage calculations for litigation purposes, and valuation of stock for gifting, buyouts and marital settlement. 

 

 

Don’t miss the latest RKL business analysis and insights. Sign up for our e-newsletter.

 

 Working Capital blog disclaimer

Posted on: September 19th, 2017

The Equifax Hack: How to Protect Your Data

The Equifax Hack: How to Protect Your DataEquifax recently announced that its systems were breached this summer by an unauthorized third party, which gained access to personal information including full names, Social Security numbers, birth dates and addresses.

The breach, which Equifax discovered in late July, has the potential to impact approximately 143 million consumers. With nearly one in three American’s personal data potentially exposed, consumers are left wondering what they can do to protect themselves or their companies.

Determine Equifax exposure

Equifax says it will be contacting all consumers whose personal information was breached. In the meantime, the credit reporting bureau has set up a dedicated website to provide information and help consumers find out if they’ve been impacted. Visit equifaxsecurity2017.com and click the “Potential Impact” tab or call the Equifax hotline at 866.447.7559.

ID theft protection from Equifax

Whether or not they are directly affected, Equifax is offering one year of free identity theft protection and credit monitoring to all U.S. consumers. To get the free year of TrustedID Premier Credit Monitoring, visit equifaxsecurity2017.com and click the “Enroll” tab. Please note that after the one-year period expires, standard charges will apply.

Credit monitoring best practices

The significant impact of this and other recent hacks is an important reminder to all consumers, businesses and organizations to remain vigilant about identity theft. Below is an overview of steps to take now and into the future to monitor the security of personal and financial data.

Use two-step authentication

Most companies and financial institutions offer two-step authentication. This adds a second layer of protection to account log-ins, by requiring an additional credential beyond username and password. Examples include a bank sending a one-time passcode via text or email to access accounts, or a ZIP code required to confirm a credit card payment. Consumers should explore all online accounts and enable two-step authentication when available.

Regularly review credit report

Consumers have the right to request a free copy of their credit report once a year from each of the three credit reporting bureaus. A best practice is to stagger these requests so an updated report can be reviewed every four months. Unrecognizable accounts or activity could indicate identify theft. Free reports can be requested from www.annualcreditreport.com.

Beyond the free credit reports, consumers may consider engaging a service provider to closely monitor existing credit cards and bank accounts closely. Constant fraud monitoring services are available for a fee, but there are also free services available, such as CreditKarma.

Place fraud alert on credit report

By placing a fraud alert on their credit report, consumers require lenders and creditors to take extra precautions in verifying their identities before extending credit. Initial fraud alerts are free and last for 90 days. Placing a fraud alert can be done online through any one of the three major credit reporting bureaus (Experian, Equifax or TransUnion), and the agency of choice will notify the other two bureaus.

Freeze credit report

Placing a security freeze on a credit report takes a consumer’s information out of circulation and makes it harder for a third party to open a fraudulent credit card or new account. No current or potential lender can access credit history when frozen, so consumers that need to apply for credit would need to lift the freeze before doing so.

Unlike a fraud alert, there is a cost to activate and deactivate a credit freeze. Freezes also differ from fraud alerts in that they must be placed individually with the three credit reporting bureaus via phone.

Today’s digital world requires constant vigilance against cyber threats. At RKL, ensuring the security and privacy of our clients is a top priority, and our team of fraud investigators help businesses and organizations prevent, detect or mitigate fraudulent activity. Contact your RKL advisor or one of our local offices with any questions or concerns.

 

Bethany A. Novis, CPA/ABV, CVA, CFE, partner and leader of RKL’s Business Consulting Services Group

Contributed by Bethany A. Novis, CPA/ABV, CVA, CFE, a partner in RKL’s Business Consulting Services Group. Bethany specializes in fraud investigation, business valuation and litigation services. In addition to being a licensed CPA accredited in business valuation, she holds designations as a Certified Valuation Analyst (CVA) and a Certified Fraud Examiner (CFE).

Working Capital blog disclaimer

Posted on: March 7th, 2017

Here’s How Your Company Can Fight Alternative Payment Fraud

Here’s How Your Company Can Fight Alternative Payment FraudAlternative payment methods – like Square, PayPal, Stripe and Payoneer – represent a convenient and flexible way for businesses to accept payments from customers. On the flip side, however, allowing your employees to pay vendors through these methods can be a risky proposition.

Because these payment methods are still relatively new, there is often confusion around the unique risks associated with them. However, once you understand these risks and common fraud schemes, you can institute a few best practices to prevent your company from falling victim to alternate payment fraud.

Know who is receiving your payment

One of the most concerning aspects of alternative payment methods is the anonymity that these methods provide to the fraudster. While most companies have strong policies for cutting checks or making ACH payments, few have updated these policies to expand controls related to alternative payment methods. Fraudsters know this and are happy to exploit this weakness.

For instance, a standard component of credit card or ACH electronic transactions is the identification of the payee on the credit card or bank statement. Alternative payment methods usually mask these payment details. Instead, the processor name, such as “Square” or “PayPal,” will first appear on your bank statement. In some cases, however, the payee name will only appear on the statement if the vendor has set up their account to do so. In alternate payment schemes, the fraudster vendor will omit their name or use a misleading company name to hide the true payee identity.

To avoid falling prey to a crafty fraudster, companies should institute a policy of tracking down the supporting documentation relating to any payment that has been processed through an alternative payment method. The goal is to verify that the payment was properly approved and is being made to a legitimate vendor. Supporting documentation can include purchase orders or original invoices.

Restrict access to company accounts and cards

Another best practice concerning alternative payment methods includes restricting the number of employees that have direct access to company bank accounts and credit card numbers. Alternative payment method fraud relies upon the fraudster having access to the company accounts; otherwise, he’ll need to devise a different scheme. Restricting employee use of company accounts is also important in investigating any suspicious activity. With limited users, it is much easier to quickly uncover the fraudster and stop them in their tracks.

Monitor your vendor approval process

While alternative payment fraud is still relatively new, it has quickly gained popularity with enterprising fraudsters due to the ease of the scheme and the high dollars involved. RKL’s fraud and forensic accounting team recently investigated a significant fraud where an employee created a fake vendor and used both Square and PayPal accounts to divert company funds to his bank account. In that case, the fraudster was successful because he was able to circumvent the company’s process for approval of new of vendors, had access to the company credit card and was a “trusted” employee.

Time is on your side

Perhaps the best thing to remember is that sometimes it pays to not be on the cutting edge.  While these new payment technologies are exciting and can be great ways for smaller businesses to get paid, there is no need for most companies to pay their vendors through these methods. It is much safer to continue to use traditional payment methods (check, ACH or credit card) until you are comfortable that your policies and procedures are ready. In other words, don’t be afraid to take it slow.

It is also important to remember that as the customer, you hold all the cards during the vendor evaluation process. Specifically outlining accepted payment methods in your company’s vendor approval policy will help eliminate the possibility that a vendor will try and seek payment through an alternative processor, like Square.

Finally, it is important to remember how fast technology can change. For that reason, you will need to continually revisit your policies and procedures to ensure that you have controls in place over new payment methods as they are developed.

Whether it’s crafting stronger payment and vendor policies, strengthening internal controls or investigating suspicious payments, RKL’s team of fraud consultants and forensic accountants can help you protect your business against alternative payment method fraud. Contact your RKL professional or one of our local offices today for more information.

 

Jeremy L. Witmer, CPA, CVA, CFE, Senior Consultant in RKL’s Business Consulting Services GroupContributed by Jeremy L. Witmer, CPA, CVA, CFE, Senior Consultant in RKL’s Business Consulting Services Group. He provides forensic accounting, litigation support and business valuation services to companies and organizations across a number of industries. Jeremy’s expertise includes reconstruction of financial records, employee theft investigation, damage calculations for litigation purposes, and valuation of stock for gifting, buyouts and marital settlement. 

 

Don’t miss the latest RKL business analysis and insights. Sign up for the monthly Working Capital e-news.

 

 Working Capital blog disclaimer

Posted on: February 14th, 2017

The Cost of Risky Employees is High. Here’s How to Reduce It.

 RKL’s Business Consulting team explains why pre-hire verification and vetting is a critical component of a company’s fight against fraud. Business is booming and you need to hire more staff, but bringing new employees on board is not without risk. Employers should ask themselves how well they know the person they are about to hire, particularly those whose positions entail the handling of financial, sensitive or confidential information.

According to the Association of Certified Fraud Examiners, 40 percent of fraud is carried out by employees in the accounting or operations department. This statistic begs the question: If a company is going to give an employee access to sensitive or financial information, shouldn’t that company also screen those individuals as thoroughly as possible prior to hiring?

There is no magic wand to wave to ensure a perfect hire, but there are several steps companies can take to strengthen pre-hiring screening and verification.

Conduct a background check

Long considered a standard part of the hiring process, more companies are skipping the background check to cut costs. This is a huge oversight, as a background check can uncover critical red flags and help companies eliminate unfit candidates right out of the gate.

Run credit and employment-related checks

Financial troubles rank high on the list of factors that drive an employee to conduct fraud, so a credit check can highlight such vulnerabilities. Employment and education-related verifications are also key to determining honesty about credentials and experience.

Send applicants for drug tests

Another time-consuming expense that is often passed over, drug tests are a proven method for filtering out applicants. Substance abuse is another risk factor for fraudulent behavior, and it can also create other operational risks for a business.

Dig deeper with references

It is important to obtain references from job applicants, but it is even more important to make the most of them. Take the time to go beyond the basic checklist of questions – asking open-ended inquiries and encouraging elaboration is a great way to get a sense of what the applicant is like as a colleague.

Maintain confidentiality and legal regulations

When using these methods to obtain information about applicants, it is critical to adhere to the legal or regulatory precedent in the employment arena, like the federal Fair Credit Report Act or the U.S. Equal Employment Opportunity Commission. There are many employment and hiring related issues subject to litigation, regulation and legislation, so be sure to develop policies and procedures that protect the rights and personal data of both employer and applicant.

Pre-hire verification and vetting is a critical component of a company’s fight against fraud and an important investment of resources. Companies can work with a human resources consulting or fraud prevention partner, like RKL, to avoid confidentiality issues or violations and develop a thorough employment screening process. Learn more about RKL’s fraud and forensic accounting services or contact me at 717.394.5666 or bnovis@rklcpa.com.

 

Bethany A. Novis, CPA/ABV, CVA, CFE, partner in RKL’s Business Consulting Services GroupContributed by Bethany A. Novis, CPA/ABV, CVA, CFE, a partner in RKL’s Business Consulting Services Group. Bethany specializes in fraud investigation, business valuation and litigation services. In addition to being a licensed CPA accredited in business valuation, she holds designations as a Certified Valuation Analyst (CVA) and a Certified Fraud Examiner (CFE).

 

 

Working Capital blog disclaimer

Posted on: September 16th, 2015

Four Common Fraud Tactics and How to Stop Them

Chalk drawing - no fraud!Your business likely has safeguards in place to defend funds from outside theft, but protection from inside threats is just as important. Occupational fraud is a very broad concept, but it primarily falls into three categories: asset misappropriation, corruption and financial statement fraud.

Many times a perpetrator uses more than one method to commit fraud – some of the top tactics are billing, check tampering, skimming and payroll/expense reimbursements. Let’s examine how each method works, along with ways to detect and prevent it.

Billing schemes

  • How it works: Examples include the use of shell companies, submission of false invoices for payment, generation of false purchase orders, use of incorrect payments to request returned checks, or personal purchases made with public funds or credit cards.
  • How to detect it: Ongoing scrutiny of vendor lists, purchase orders and invoices can help root out duplicate payments or billing problems. It’s also important to reconcile the accounts payable ledger to the general ledger, to compare actual expenditures to the budget, and to request and review monthly statements from vendors.
  • How to prevent it: Segregate duties between authorization, purchasing, receiving and accounting functions when possible. Conduct a thorough review and ongoing monitoring of receiving reports, purchases and inventory levels, vendor authorizations and payment codings in accounting records.

Check tampering

  • How it works: Examples include concealed checks, forged endorsements, changed payee names, or other alterations to information on the check face.
  • How to detect it: Review all voided/canceled checks, scrutinize checks payable to employees and verify supporting documentation for outstanding checks. Following up on vendor complaints for late payments and questionable payees or addresses may also help detect unusual behavior.
  • How to prevent it: Distinct separation of duties in the accounts payable department can help reduce the opportunity for check tampering – make sure someone independent of the cash disbursement and purchasing functions opens and reviews monthly bank statements and cleared transaction lists. Other strategies include ensuring all checks are mailed immediately after signing, requiring dual signatures on checks and storing unused checks in a secure area requiring dual access.

Skimming

  • How it works: Examples include unrecorded or understated revenues, stolen checks and altered account statements.
  • How to detect it: Revenue account analysis, review of journal entries and control of inventory type items can help detect skimming activity.
  • How to prevent it: Limit access to the general ledger, require review and approval of journal entries, add physical safeguards to assets and conduct independent reconciliation of accounts. Another tip is to have someone independent of the accounting function open incoming mail and place restrictive endorsements on checks received immediately upon opening.

Payroll/expense reimbursements

  • How it works: Examples include falsified or overstated documents like time sheets or expense reports, or the continued payment of former employees (“ghost employees”). 
  • How to detect it: Analysis of payee addresses or direct deposit account numbers, expense accounts and reimbursements can identify inconsistencies. It may be useful to conduct comparisons of current payroll records versus past and present personnel files.
  • How to prevent it: Institute a more thorough process for expense reimbursements, including requiring original supporting documentation. Another best practice is to restrict access to blank checks and the ability to set up direct deposits.

Shoring up your financial processes and operations against vulnerabilities can help make your company more fraud-resistant. RKL’s team of forensic accountants and certified fraud examiners can help. Call or email one of our local offices today to request more information.

 

Mark S. Zettlemoyer, CPA, CFEContributed by Mark S. Zettlemoyer, CPA, CFE, Partner in RKL’s Audit Services Group. Mark has nearly three decades of public accounting experience serving local governments, not-for-profit organizations and a broad range of corporate clients. He also leads RKL’s Government Industry Services Group.

 

 

Working Capital blog disclaimer

Posted on: June 23rd, 2015

The Cheapest Way to Handle Fraud is to Prevent It. Here are 4 Ways to Start.

Consider these four tips to prevent fraud in your organization.

Consider these four tips to prevent fraud in your organization.

There’s no getting around it: every business is vulnerable to fraud. The Association of Certified Fraud Examiners (ACFE) reports that the typical organization loses five percent of revenues each year to fraudulent activity. Once business owners accept this reality, the question becomes: what can I do to reduce my risk? Here’s another fact: the cheapest way to handle fraud is to prevent it. Thankfully, there are some basic steps you can take to protect your company’s reputation and finances.

1. Understand your vulnerabilities.

The old adage holds true – knowledge is power. The foundation for any fraud prevention strategy is an understanding of your current risk level. A comprehensive review of your company’s fraud exposure risk is a good place to start. This analysis provides you with a thorough overview of your company’s risk factors and outlines what could go wrong, how adequate your current controls are and what you can do now to reduce your fraud risk. Once you know the lay of the land, you can move forward with fraud prevention strategies.

2. Watch the books – closely!

It may seem obvious, but business owners must be aware and knowledgeable about the financial transactions running through their company’s books. A hands-off approach from upper management creates a leadership vacuum in which fraud can thrive. Cross-train employees, implement dual controls, regularly review bank statement details and require supporting documentation be retained for each transaction. This extra level of checks and balances goes a long way to set the right tone at the top and let employees know that fraud will not be tolerated.

3. Make reporting easy and discreet.

According to ACFE, tips are consistently the most common fraud detection method – twice as high as the detection rates from manager or internal reviews. Establishing an anonymous tip line or online reporting option encourages employees to come forward without fear of backlash or retribution. As the saying goes, sunlight is the best disinfectant, so don’t overlook the culture of your company. Fostering a sense of transparency and openness helps empower your staff to bring up suspicions and concerns before they rise to a higher threat level.

4. Thoroughly vet potential employees.

Part of creating the positive culture described in tip #3 is to make sure individuals are a good fit before they are brought onboard as new employees. Beyond the standard employment verification process, background checks and drug tests can flag issues before hiring. This may seem onerous or invasive, but it pales in comparison to the damage that could be inflicted by hiring a troubled individual and giving them access to your company’s assets and confidential financial information!

These early precautions can help raise awareness of the risk for fraud and instill a zero-tolerance atmosphere for underhanded behaviors in the workplace. If you are looking for a partner to help your company fight fraud, look no further than RKL. Learn more about RKL’s fraud and forensic accounting services or contact Bethany A. Novis, CPA/ABV, CVA, CFE, at (717) 394-5666 or bnovis@rklcpa.com.

 

fraud forensic accounting lancaster paContributed by Bethany A. Novis, CPA/ABV, CVA, CFE, a partner in RKL’s Business Consulting Services Group and managing partner of RKL’s Lancaster office. Bethany specializes in fraud investigation, business valuation and litigation services. In addition to being a licensed CPA accredited in business valuation, she holds designations as a Certified Valuation Analyst (CVA) and a Certified Fraud Examiner (CFE).

 

 

Working Capital blog disclaimer

css.php