Are you liable for fraudulent credit and debit card charges?

Credit and debit card fraud was already a big problem when COVID-19 hit. Although how much payment card fraud increased in 2020 depends on the source, most experts agree that, like most types of fraud, it flourished during the pandemic. COVID-19-related prevention and treatment scams and increased online shopping likely contributed to this rise.

If you become a victim, it’s probably good to hear that the law protects consumers from serious losses. But to reduce financial liability, you need to follow the reporting rules carefully.

Unauthorized credit card charges

If your credit card is lost or stolen and you report the loss to the card issuer before your card is used in a fraudulent transaction, you can’t be held responsible for any unauthorized charges. If you report it after unauthorized charges have been made, you may be responsible for up to $50 in charges.

Some card issuers have decided not to hold their customers liable for any fraudulent charges regardless of when they notify the card company. And if your account number is stolen but not the actual card, your liability is $0. But either you or the card issuer must identify the fraudulent transactions for them to be removed.

Compromised debit cards 

If you report a missing debit card before any unauthorized transactions are made, you aren’t responsible for any unauthorized transactions. If you report a card loss within two business days after you learn of the loss, your maximum liability for unauthorized transactions is $50.

If you report the card loss after two business days but within 60 calendar days of the date your statement showing an unauthorized transaction was mailed, your liability can jump to $500. Finally, if you report the card loss more than 60 calendar days after your statement showing unauthorized transactions was sent, you could be liable for all charges. This includes money taken from accounts linked to your debit account.

What if you notice an unauthorized debit card transaction on your statement, but your card is still in your possession? You have 60 calendar days after the statement showing the unauthorized transaction is sent to report it and avoid liability.

Action steps

When reporting a card loss or fraudulent transaction, contact the issuer via phone. Then follow up with a letter or email. This should include your account number, the date you noticed the card was missing (if applicable), and the date you initially reported the card loss or fraudulent transaction.

Because liability levels depend in some circumstances on your card issuer, it pays to find out your issuer’s policies — before you’re subject to them. Also take steps to protect your payment card and personal information. The Federal Trade Commission provides a good list of fraud protection practices at consumer.ftc.gov (search for “credit card fraud”). Contact us for more information.

© 2021 Covenant CPA

Don’t let fraud ruin your restaurant’s reopening

Most restaurants are finally reopening to in-person dining. And while you may now be thinking about luring customers back, hiring enough workers and managing supply-chain shortages, one issue has remained the same: fraud. Restaurants often face fraud threats from employees, customers and vendors. So now isn’t the time to drop your guard.

Potential risks

Your restaurant may have high transaction volumes but lack the technology linking point-of-sale, inventory and accounting systems. This leaves gaps for fraudsters to exploit. Employees could, for example, provide food and drinks to friends without entering the sales — or ring up only a portion of friends’ bills. They might issue voids or refunds when there was no original sale and pocket the proceeds. Or they could overcharge customers by, say, charging for premium beverages but serving cheaper alternatives.

Although it’s less common, intangible property theft is another risk. Your restaurant may use proprietary recipes and confidential marketing plans to compete in the dog-eat-dog world of food service. If a departing employee takes such secrets to a rival, it could threaten your restaurant’s survival.

Watch bookkeepers and vendors 

Owners often employ bookkeepers to manage back-office operations but may neglect to give proper oversight. Such an environment provides criminals — or even ordinary people experiencing unusual financial pressures — with opportunities to cook the books. In one frequently seen scheme, the bookkeeper creates a fake vendor account, submits and approves fraudulent invoices, then directs payments to a bank account he or she controls.

Even when bookkeepers are honest, the invoices they process may not be. It can be hard for managers to keep track of the daily stream of food, beverage and supply deliveries. Vendors might exploit such chaos by inflating their bills to reflect more or pricier items than they actually delivered. When vendors collude with restaurant employees, particularly receiving or accounting staff, theft can exact a heavy financial toll.

Multipronged approach to prevention

Successfully combatting restaurant fraud takes a multipronged approach. For example, if you haven’t already, integrate your accounting, inventory and sales systems. And to manage potential occupational fraud, conduct background checks on new hires, install video surveillance throughout your restaurant and know how to spot red flags. For example, keep your eye on servers who are always flush with cash or purchasing managers with unusually cozy relationships with vendors.

If you don’t have one, set up a confidential fraud reporting hotline. Also engage a CPA to review your financial records at least once a year for discrepancies. Contact us for assistance. We can investigate fraud suspicions or simply go over your operations for potential fraud gaps that can be closed with better internal controls. 

© 2021 Covenant CPA

The risks — and rewards — of accepting cryptocurrency payments

To use their ill-gotten cash, criminals must make it appear legitimate. That’s the job performed by money launderers, who increasingly use cryptocurrencies. According to digital currency analytics company Elliptic, crooks use them to launder $3 to $4 billion per year. With over 4,000 digital currencies to choose from, they gain access to a liquid asset that’s cost effective and usually untraceable.

But cryptocurrencies may also have something to offer legitimate businesses. Let’s look at the pros and cons.

Accepting cryptocurrencies

Some banks deny customers the ability to deposit digital currencies. They often cite laws that make it illegal to process cryptocurrencies, concerns about security and a lack of infrastructure to support such transactions.

But even though banks are reluctant to embrace cryptocurrency, there are some potential benefits for businesses. For example, if you accept cryptocurrency, it can:

  • Provide another way for customers to purchase goods and services, which could generate revenue you wouldn’t otherwise realize,
  • Enable you to avoid the fees charged by banks and credit card companies to use their payment networks, and
  • Prevent transactions from being cancelled or charged back to you once the cryptocurrency payment is final.

Understanding the risks 

Of course, there are also risks associated with accepting payment in cryptocurrency. One is the fact that digital currencies fluctuate in value — sometimes wildly. This can work in your company’s favor if the price of a currency increases. But it can also lead to big losses if the price declines.

What’s more, you should know that government regulation of cryptocurrency continues to lag — making the future of oversight unpredictable and subject to change. And digital wallets used to hold cryptocurrency aren’t necessarily secure and could be compromised by sophisticated criminals. Law enforcement is constantly working to improve its ability to monitor these transactions, which includes seizing payments connected to crimes.

Maintaining your wallet

Although all of these risks demand your attention, probably the most pressing challenge facing businesses relates to the maintenance and security of digital wallets. Before you decide to accept cryptocurrency payments, make sure you thoroughly understand how digital wallets — and price fluctuations — work. Contact us for more information.

© 2021 Covenant CPA

Not my plant! Preventing ransomware attacks on manufacturers

The world’s largest meat production company was recently sidelined by a ransomware attack. The hack forced the company to temporarily shutter plants in the United States, Canada and Australia, affecting the U.S. meat supply and even hurting commodity prices.

If it seems like cybercriminals often target manufacturing (including food processing) and distribution companies, that’s because they do. According to software company Varonis, manufacturers account for nearly a quarter of all ransomware attacks — more than any other industry. To prevent your company from becoming another statistic, learn about security breaches and protect your network. 

A high price

It’s only natural that manufacturers fear data breaches — and unfortunately hackers often can use that fear to cripple organizations through ransomware. This type of malware is installed on a computer or network without the user’s consent. Hackers subsequently demand that the company pay a ransom to regain control of its data.

Cyberattacks can harm a manufacturer or distributor by causing safety issues, negative publicity, lost productivity, and compromised personal and corporate data. IBM reports that the average cost of a company data breach was approximately $4 million in 2020.

Role of employees 

Employees are a manufacturer’s first line of defense against hackers. But your workers can also be a liability if they aren’t vigilant and knowledgeable about cyberthreats. It’s critical to provide training about the latest scams and encourage employees to report suspicious emails immediately to your IT department.

Many hackers look for easy targets, so even the simplest security measure will deter some cyberbreaches. For example, you can use relatively inexpensive encryption software and phishing filters to make it harder for hackers to get inside your network. Probably the most important simple step you can take is to update security software as soon as updates and patches become available.

On the safe side

To minimize losses if a breach occurs or a ransom demand is made, think about purchasing cyber insurance to cover direct losses and the associated costs of responding to breaches. Your traditional business liability policy probably doesn’t include such coverage.

Also consider assembling a breach response team. The team should be responsible for making a response plan, identifying potential weaknesses in your network and conducting breach response drills. Include cybersecurity, financial, legal and public relations experts on your response team. They’ll be essential in the event a criminal demands ransom and your company must weigh the difficult decision about whether to pay it.

More to lose

No company can afford a cyberattack, but manufacturers that rely on automation, robotics and network connections may have more to lose than businesses in other industries. Contact us for help protecting your assets from fraud.

© 2021 Covenant CPA

Cash talks — and fraud experts are listening

Fraud perpetrators take whatever they can get their hands on. But they generally prefer cash because it’s virtually untraceable. Fortunately, fraud experts have the expertise and tools to trace even cash-based theft.

Multiple opportunities

According to the Association of Certified Fraud Examiners, there are three main categories of cash fraud, which includes checks because they’re easily converted to cash: 1) theft of cash on hand, 2) theft of cash receipts and 3) fraudulent disbursements. Fraudulent disbursements comprise many of the most frequently executed schemes, such as overbilling and “ghost” employee schemes.

Overbilling vendors usually submit inflated invoices by overstating the price per unit or the quantity delivered. A dishonest vendor also might submit a legitimate invoice several times. Overbilling may involve collusion with employees of the victim organization, who typically receive kickbacks for their assistance.

Employees also can conduct billing fraud on their own, submitting bogus invoices payable to a fictitious vendor and diverting the payments to themselves. Similarly, an employee might set up payroll disbursements to nonexistent employees.

Suspicious signs

Cash can be difficult to trace once it’s in the hands of a thief. But forensic experts usually are able to trace the path that stolen cash took before the fraudster pocketed it. This includes who “touched” the cash and what prompted its flow out of the organization.

Inflated invoices, for example, often leave a trail of red flags. Experts look for invoices that bill for “extra” or “special” charges with no explanation. Other suspicious signs may include:

  • Round dollar amounts
  • Amounts just below the threshold that requires management’s sign-off, and
  • Discrepancies between invoice amounts and purchase orders, contracts or inventory counts.

If forensic experts suspect that fictitious billing has occurred, they often investigate accounts with no tangible deliverables — such as those for consulting, commissions and advertising — and check vendor addresses against employee addresses. Invoices with consecutive numbers or payable to post office boxes receive extra scrutiny.

Other avenues to explore

Returned checks can supply useful information, too. Fraud perpetrators are more likely to cash checks, whereas legitimate businesses typically deposit them and rarely endorse checks to third parties.

To trace ghost employee schemes, experts examine payroll lists, withholding forms, employment applications, personnel files and other documents. The information collected from these sources may provide vital links between actual and ghost employees that wouldn’t otherwise be apparent.

Don’t waste time

If you suspect that any of these fraud schemes are underway in your business, contact us immediately. The best way to prevent significant losses is to catch the thief as quickly as possible. We can also help you implement internal controls to help prevent such fraud in the future.

© 2021 Covenant CPA

Keeping your loyalty program safe from fraud

To generate revenue and foster customer loyalty, many businesses, including retailers, airlines and credit card companies, create loyalty and reward programs. Such programs can help companies attract and retain customers, but they may also be subject to fraud and abuse.

ATO risk

Loyalty programs are particularly vulnerable to account takeovers (ATOs). In these schemes, a criminal assumes control of a customer’s loyalty or rewards account and monetizes it. The thief redeems points for goods and services for personal use or sells them on the black market. These days, the information usually ends up on the dark web.

ATOs often are successful because many loyalty programs lack the robust fraud controls and dedicated teams of investigators to prevent and investigate them. Often, companies don’t understand the extent of fraud and abuse taking place in their programs to justify the investment.

3 steps

To help minimize fraud risk and limit financial losses, consider taking the following steps:

  1. Conduct a risk assessment. Review your loyalty program’s terms and conditions, structure, and activity to ascertain the potential for fraud and abuse. Think about engaging a suitably qualified fraud professional with experience evaluating loyalty programs to guide your efforts. 
  2. Gather and analyze historical losses. Establish a central location for employees to report fraud and abuse. Dissect each loss to identify its root causes and develop a list of potential control failings for remediation. And, if you don’t already have one, establish an anonymous hotline for employees and customers to report suspected fraud.
  3. Evaluate technology solutions. Use the results of your risk assessment and historical analysis of losses to pinpoint potential weaknesses for technology to address. For example, technology can help authenticate customers to prevent ATOs. It can also monitor transactions for activity indicative of fraud. 

Watch your customers

Although ATO schemes involving criminals are common, your company can’t overlook the potential for legitimate customers to abuse your loyalty program. For example, customers may redeem points, then deny doing so and ask you to credit their accounts. Sometimes unethical customers sell their points to online brokers and deny having done so when challenged. Customers could also open multiple accounts under their own or assumed identities to receive new account sign-up bonuses.

Finally, don’t overlook the fact that employees may compromise loyalty accounts. Make sure managers are aware of the possibility and keep an eye on workers with access to the accounts.

Maintain strong security

Contact us for help assessing the security of your loyalty program. If you suspect a widespread fraud problem, we can devise controls to limit thefts and losses.

© 2021 Covenant CPA

Defending your Auto Dealership from Fraud

Although auto sales plunged at the start of the COVID-19 pandemic, they’ve since rebounded. In fact, some dealerships are reporting record sales in 2021. Problems remain — including supply bottlenecks. Also, your dealership may be more vulnerable to fraud. Factors such as employees working from home, new vendors and even booming sales, can put your business at risk. Here’s how to prevent fraud from cutting into profits.

Focus on accounting

Fraud prevention starts with strong internal controls. For example, good controls generally require a dealership’s accounting department to post transactions daily, including new and used vehicle sales, repair orders, invoice payments, payroll and cash receipts.

By 1 p.m. on any given day, you should have access to real-time checkbook balances and other accounting information effective as of 5 p.m. the day before. Timeliness makes it easier for you to spot the first signs of fraud and use the data to catch a perpetrator before he or she gets away with theft.

Protections that work

Complex computer passwords that must be changed frequently, background checks on employees and vendors, and security cameras are also essential to preventing fraud. But these protections may have fallen by the wayside during the pandemic. Review your safeguards now and ensure they’re being used.

Your business should always “segregate” duties. Generally, this means that certain tasks, such as managing payroll, are broken into pieces and performed by more than one employee. This limits opportunities to perpetrate fraud and cover up the crime. If you don’t have enough workers to properly segregate duties, consider outsourcing one or more accounting functions to a third-party service.

Loose controls lead to losses

To understand how loose controls can facilitate theft, consider the real-life example of a parts manager who stole $70,000 by selling his employer’s parts and pocketing the cash. If the dealership’s owner had performed random inventory counts throughout the year, rather than waiting for his CPA to physically verify inventories at year end, he could have prevented or limited losses.

In another case, a dealership caught its cashier stealing by voiding service orders and falsifying deposit slips. The cashier’s responsibilities included collecting cash, issuing receipts to customers, preparing the daily deposit slip and reconciling the daily cash report. A loss of $16,000 might have been prevented if the dealership had segregated these duties.

Back to normal

The pandemic is waning. But that doesn’t mean you can afford to relax fraud protections. If you didn’t get a chance to properly vet new workers or vendors in the past year or haven’t kept up with inventory checks, get back to your usual controls as soon as possible. Contact us if you need help or if you suspect fraud in your dealership.

© 2021 Covenant CPA

Fending off “friendly” fraud

Fraudulent behavior isn’t necessarily perpetuated by people hiding their identities. For example, legitimate customers sometimes use the credit card chargeback process to their advantage — and to the disadvantage of merchants. Others routinely abuse chargebacks to steal merchandise. Here’s how to protect your business from these types of “friendly” and sometimes dishonest fraud.

Chargeback mechanics

Friendly fraud pivots on a customer’s failure to communicate with a merchant. Instead of contacting a seller to discuss a problem with a good or service, some customers immediately dispute a charge with their bank or credit card company. They generally provide plausible reasons for the dispute and don’t mask their identify at any phase of the process.

A chargeback takes time and effort to resolve. And if the bank or credit card company honors a customer’s dispute (which they often do), the merchant must assume the loss.

4 steps

To prevent such chargebacks from harming your bottom line:

1. Track shipments. Keep an “eye” on orders from the moment they leave your facility to their arrival at a customer’s location. For shipments worth more than a certain amount, consider requiring the customer’s signature to release it from the shipper’s possession. With a robust document trail, you’ll be able to support your denial of a chargeback — even if a customer claims he or she didn’t receive the goods.

2. Communicate your refund policy. Create a detailed refund policy and communicate it to customers throughout the shopping process and when the sale is made. For example, post signs in your store or notices on item pages of your website. Just keep in mind that an overly restrictive refund policy may create an incentive for customers to go directly to their credit card companies to dispute a transaction.

3. Invest in customer service. Some customers resort to chargeback requests because they’ve had trouble contacting or reaching a resolution with the merchant. Make sure you provide customers with multiple support channels, such as phone, email, and instant message. Additionally, give customer service personnel the authority to resolve disputes quickly — including to issue refunds or credits without supervisory approval.  

4. Watch customer activity. Collecting and analyzing customer data can deepen your company’s understanding of purchasers’ behavior and help detect anomalies. For example, if a customer frequently checks the status of his order and then denies placing the order, you may be able to use this fact when disputing a chargeback. 

Play defense

It’s important to understand that not all chargeback requests are hostile or intentionally fraudulent. But you also need to protect your business from bad actors. Contact us for more information on “friendly” fraud.

© 2021 Covenant CPA

Avoid buying unreliable — or fraudulent — Insurance Coverage

Bad faith denials of claims by insurers are illegal, but some dishonest companies or agents attempt them anyway. It’s possible that just when you have the greatest need, you’ll find yourself out in the cold. Unfortunately, there aren’t a lot of great legal remedies. So it’s critical to avoid bad and fraudulent insurance in the first place.

Legal contract 

An insurance policy is a contract. The insured agrees to pay premiums and take reasonable steps to prevent injury or damage, and the insurer agrees to settle legitimate claims according to the policy’s terms. Not only is it good business practice for insurers to cover legitimate claims, but it’s illegal for them to deny them. 

There may be times when you and your insurer disagree about what’s covered or what constitutes a reasonable delay or amount in settlement. But errors in judgment and offers of compromise don’t necessarily equal bad faith. Bad faith arises when the insurer sacrifices its insured customers’ interests to enhance its own bottom line — and that can involve fraud.

Bad faith practices 

Outright denial of legitimate claims is only one bad faith practice that indicates fraudulent insurance practices. Shady operators may also unreasonably delay investigating a claim or attempt to settle a claim for less than the amount specified by your policy.

Another bad faith tactic is to slow down the claim process by requiring multiple, duplicative proof of loss forms. Or an insurer might fail to settle one portion of a claim to induce you to accept a lesser settlement under another section of the policy. In many cases, fraudulent insurers misrepresent policy provisions related to claims. 

Trouble with arbitration

When a claim is denied, one way to avoid legal action is arbitration. But a bad faith insurer might threaten to appeal arbitration awards to pressure you to settle for less than the awarded arbitration amount.

Defending against such practices can be difficult. One problem is that there’s no federal — only state — regulation of the insurance industry. Penalties imposed by states typically aren’t stiff enough to deter fraudulent practices, and they generally do nothing to compensate claimants who were wrongfully denied.

It’s important, therefore, to deal with only reputable insurance companies. Before you buy, check with industry rating services such as A.M. Best or your state’s department of insurance. Ask advisors and colleagues for their recommendations as well. And if you have a claim, be sure to file it promptly and document all correspondence and communication relating to it.

Risk management

Adequate insurance coverage is a cornerstone of an effective risk management plan. If you’re not sure you have the right insurance by a trustworthy carrier, contact us for help.

© 2021 Covenant CPA

Small businesses, big fraud risks

It’s not always easy being small. For one thing, small businesses (with fewer than 100 employees) experience higher occupational fraud losses: a median $150,000 vs. $140,000 for larger companies, according to the Association of Certified Fraud Examiners. That’s because they don’t always have the staffing or financial resources to implement fraud-prevention programs. Small businesses are also much more likely to fall victim to certain types of fraud — including check tampering and payroll schemes.

Ask your advisor

Private companies aren’t required to have annual audits, but your small business can still work with your CPA to determine where you might be at risk. He or she can train you to recognize the warning signs and help you reduce opportunities for fraud by, for example, segregating duties in your accounting department.

Periodically ask your CPA to review your receipts and disbursements with an eye toward uncovering irregularities. And if you have inventory that could tempt thieves, ask your advisor to verify inventory counts and observe inventory procedures for potential loopholes.

Don’t fall short

One area where many small businesses fall short is in conducting background checks on potential employees. Check all work references and consider running criminal background checks. Workers with a history of occupational theft often seek jobs with small businesses because they think pre-employment screening likely will be minimal.

Even if you don’t have a large enough staff to implement strict segregation of duties, you can still establish oversight procedures that allow you to understand and verify financial information. This might mean reviewing bank statements before they go to your bookkeeper and reconciling them yourself every month. Also set a dollar limit on the checks that employees can write without authorization to protect against check alteration.

Finally, don’t overlook the value of treating employees fairly. Many employees rationalize fraudulent activities because they feel underpaid or underappreciated. Make sure your pay scale is competitive by comparing it with prevailing wages in your area. And take employee complaints — particularly if they’re about possible illicit activities — seriously.

Give employees a voice

One of the best ways to provide employees with a voice and catch fraud before it leads to major losses is an anonymous reporting mechanism — such as a hotline or web portal. We can suggest affordable reporting solutions and help you establish an effective anti-fraud plan.

© 2021 Covenant CPA