Overpaying Parking Tickets & Other Stories of Fraud
Written by Denee Mott, Vice President - Treasury Management
If your business hasn’t been touched by fraud, count yourself lucky. It’s now so widespread and in many different formats that some days it’s difficult for business and nonprofit executives to keep up. The most recent Association for Financial Professionals (AFP) Payments Fraud Survey showed that a record 78 percent of all organizations experienced payment fraud last year.
I’d like to share a few real-life fraud scenarios and prevention tips in hopes that it can help you prevent fraud. Vigilance is key to preventing loss within your organization.
Parking Ticket Scam
A small, unassuming municipality, with just a handful of employees and one operating account for all its activity, suddenly became a victim when a fraud ring descended undetected on the community. Members of the group purposely racked up parking tickets, then overpaid them. Officials followed their refund procedures and sent refund checks back to the thieves, who now had the correct routing number, account number, check number, and signor’s information from the checks. They wrote more than $70,000 in fraudulent checks, and without a fraud prevention solution like Positive Pay, which would have caught the fraudulent checks as they were processed, the community lost several thousands of dollars before discovering the fraud.
Tip: Checks are walking fraud billboards with your routing number, account number, and check signor all on a compact slip of paper. The results of the AFP 2018 Payments Fraud Survey also show this as 74 percent of survey respondents report experiencing check fraud in 2017. I’m a huge advocate of paying electronically and, if you must use checks, implementing Positive Pay for all checks, including payroll.
An organization recently experienced fraud when an employee received an authentic looking email that informed them that they needed to change their online banking password for “security reasons” and provided a link in which to do so. The employee clicked on the link, entered their login credentials, and “changed their password.” What the employee didn’t know is that the link took them to a fraudulent, look-alike webpage which captured or “harvested” their online banking login credentials which enabled the fraudster to swiftly create and send a $35,000 ACH electronic payment to another account.
Tip: Educate all employees on a routine basis on how to tell the difference between an authentic email and fraudulent email that is received. Look closely at the sender’s address and hover over any links before clicking to ensure they are authentic. Some organizations have implemented a strict procedure where online banking is to be accessed only using a specific computer dedicated to online banking use and nothing else – including email. In this example above, had the employee followed such a procedure, they would have merely changed their online banking password and no loss would have been experienced.
ACH Positive Pay also helps protect your funds by preventing unauthorized electronic payments and check fraud.
I learned about a disgruntled employee who left employment at an organization, however, termination of system access for that employee didn’t follow on a timely basis. This former employee diverted all payroll direct deposits of a single person to another bank account for two pay periods undetected. In the end, approximately $10,000 was stolen, and the organization had to shut down its accounts and increase systems security.
Tip: Work closely with your IT department to immediately terminate employee access to systems when they leave the organization. Implementing Positive Pay and Account Reconciliation will help detect any suspicious payments activity.
Fraud typically starts with a targeted phishing e-mail, aimed at whomever is in charge of the organization’s checkbook, or online banking service. By tricking the victim into running software, opening a harmful attachment, or visiting a malicious web site, the criminals are able to install keylogging software and steal bank account passwords.
With increased fraud activity happening everywhere, I encourage everyone to stay vigilant by:
- Continually educating employees on a routine, frequent basis to help them understand how to prevent and recognize fraud.
- Implementing bank fraud prevention services and processes to enhance and protect companies and accounts from cyber-fraud.
Let’s work together to see how we can strengthen your processes and systems moving forward. Please contact me with any questions.