Originally posted on the Bill.com blog.
You’d like to think your business is safe from fraud. But there are many, sneaky ways that those with ill intent — both inside and outside your organization — can take advantage of your company.
But, by noting the below risks, you can begin to plug any leaky opportunities for fraudulent activities.
Using paper checks
According to this survey of finance professionals, three out of four businesses were victims of check fraud and check forgery in 2016. Yes, you read that right. Seventy-five percent of businesses have been subjected to financial crimes.
The true culprit? Paper checks.
Those little pieces of paper give fraudsters everything they need to steal your money — account number, routing number, and even your bank and address. It’s like handing burglars the key to your house.
Paper checks give culprits multiple ways to strike:
- They can print checks populated with your company’s information and numbers and cash them.
- They can “wash” the ink from a check to fill in different recipient names and dollar amounts.
- They can use the information to make payments or withdraw cash on a whim.
Furthermore, it’s hard to limit check exposure. How many people in your company have access to your check stock or signed checks? When you drop a check in the mail, how many people can see it or take it? What about the recipient? You have no idea who receives the check at a company and all the individuals that have access to that information.
To avoid check forgery, you should move to paperless payment methods such as EFTs, ACH transfers, and more. It restricts access to crucial banking information and provides elevated levels of security.
No defined workflows
Employees should have clearly articulated roles in any process that can result in payments or transfers. If you lack definition around these critical processes, you’re setting your company up for fraud.
- Does your company have written guidelines around payment review and approvals?
- Is there a mapped workflow for payments in general?
- Are employees trained on these processes and guidelines?
Awareness is one aspect. Execution is another.
Passing paper invoices and checks from hand-to-hand is completely inefficient. It’s hard to track who has seen them, who has approved them, and who has paid them. It’s even more difficult to enforce time-tested rules like the separation of duties. For example, someone who reviews invoices should not be authorized to pay them.
This is where automated fraud prevention comes in. When you move to digital payments and adopt a bill payment solution, you’ll benefit from automated workflows. The system will enforce your guidelines, sending each invoice for review and tracking every step for auditing. No payment will be released until the proper protocol has been followed. No one can access the workflow process unless authorized.
Sharing banking account login information
Don’t give away the keys to the kingdom. Your online bank account is a virtual playground for those bent on ill intent — in your company and outside of it. You should share that information very sparingly — or not at all. It’s too easy for someone with that access to commit accounting fraud.
Once more, here’s where paperless posts come into play. A bill payment solution like Bill.com protects your banking information. Someone can OK a payment without ever accessing the online banking account. The system allows for user-based permissions, which means employees can only see what they need to see. And they rarely — if ever — need to have direct access to your bank account.
Ignoring fraud prevention tools
You have multiple practices and tools at your fingertips to prevent fraud. Including:
- Use only services that provide positive pay.
- If someone leaves the company or is fired, make sure their login information is immediately deactivated. Take them off any systems that might affect payments or other financial activities.
- Budget for fraud prevention. A survey by the Association of Certified Fraud Examiners shows that “more than half of companies don’t have budget set aside for fraud prevention or risks.”
- Train your employees. They should know what the company’s guidelines and processes are and be aware of standard security protocols to support them.
- Consider regular external audits. A third-party auditor may spot red flags or other concerns missed by employees or your accounting team.