1.
December 14, 2015
Steve Hazan
Small Business
Fraud

2.
Who is SECU?
• Maryland’s largest Credit Union
• 22 Branches
• Over 225,000 members
• $2.8 billion in assets
• …and yes, we bank MD businesses!

3.
Overview
1. Who Pays For Fraud?
2. The Fraud “Triangle”
3. How Do I Protect My Business?
3

4.
“If you make it easy for people
to steal from you they will”
-Frank Abagnale
4

5.
Catch Me If You Can
5

6.
Who Pays for Fraud?
• We All Do
– Higher prices for goods & services
– Higher interest rates
– Lost time & Resources
– Reputational Risk
• Target, Home Depot breaches
6

7.
Sobering Statistics
• 5% of All Revenues are lost to fraud*
• World wide $3.7 trillion lost in revenues*
• Companies with<100 Employees are particularly vulnerable*
• Small businesses make up 31.8% of fraud, highest
percentage of any business category*
• Median small business loss of $155K vs. $120K loss for larger
businesses*
– *Source: Association of Certified Fraud Examiners (ACFE)
– **Bureau of Justice Statistics
7

8.
The Fraud “Triangle”
Motive Opportunity
Rationalization
8

9.
Motive
• Greed
• Financial Pressure
• Employee Disenfranchisement
• Entitlement to more compensation
9

10.
Opportunity
• Employees may yield to temptation when
faced with personal financial stress
• Ex. Drug, Divorce, Gambling
• 87% of perpetrators have never been
charged with or convicted of a fraud
related offense
10

11.
Rationalization
• Many people rationalize fraud by telling
themselves that they will only “temporarily”
borrow the money and eventually return it
• Attitude created by management or
owners can create rationalization.
11

12.
Why are small businesses a target?
• Lack of security
• Longer shelf life
• Lack of preparation
• Unaware of the risks
13

13.
Check Fraud
• 82% business owners indicated that checks were
targeted at their companies*
• Checks were the payment instrument with the highest
average value of unauthorized transactions in 2012**
• The average unauthorized check transaction was $1,221
in 2012**
*2014 AFP Payments Fraud and Control Survey by JP Morgan
**Federal Reserve Payments Study
14

14.
Check Fraud Schemes
• Altering Checks
• Counterfeit Checks
• Forged Signatures
• Checks drawn on closed accounts
15

15.
How do I Protect My Business from
Check Fraud?
• Destroy unused checks from closed accounts
• Separate responsibilities for employees handling
checks
• Verify and reconcile bank statements and
transactions frequently
• Store check stock in secured and locked area
16

16.
Small Business Credit Card Fraud
• 43% of financial business owners were exposed
to debit / credit card fraud attacks in 2013*
• Credit / Debit cards were the payment
instrument with the second highest average
value of unauthorized transactions in 2012*
*2014 AFP Payments Fraud and Control Survey by JP Morgan
17

17.
How do I Protect My Business from
Credit Card Fraud?
• Starting October 2015, merchants must upgrade
their systems to “chip and signature” aka EVM
• Companies who fail to adopt EVM will be held
liable
• Laws transfer the risk to the business owner
from the banks
18

18.
How is the Chip Card Method More
Secure?
A unique one-time code is generated behind the scenes that is needed for the
transaction to be approved, a feature that is very difficult to replicate in a
counterfeit card.
19

19.
Cyber Crime
• 83% of Small Businesses have no formal measures
against cyber threats*
• About 50% of all attacks are aimed at Small
Businesses*
• 44% of fraud incidents involved cybercrime in 2013 and
2014**
• Courts seldom hold banks liable for cyber attacks,
burden of responsibility is on business owner to protect
themselves
• *Forbes Entrepreneurs
• **Price Waterhouse Cooper
20

20.
Types of Cyber Crime
• Phishing
• Spoofing
• Corporate Account Take Over
• Theft of sensitive information or client
information
• Theft of intellectual property
21

21.
Phishing Emails
• Emails that appears to come from a legitimate business
requesting “verification” of information and warning of
some adverse consequence if it is not provided
• The email usually contains a link to a fraudulent web
page
22

22.
Phishing Email Examples
23

23.
Phishing Email Examples
24

24.
Spoofing
• A malicious party impersonates another device
or user on a network in order to launch attacks
against network hosts, steal data, spread
malware or bypass access controls
• Most commonly done by hacking an account
and making it appear as though an email came
from a legitimate source
25

25.
Target Hacking Incident
• Target HVAC sub-contractor was hacked
• Hackers installed malware onto the contractor’s computer, who had
access to Target computer system
• Hacking software was actively collecting data from live customer
transactions at Target
• Hackers stole the credit card numbers and other personal
information of up to 70 million customers.
• Target agreed to a $39 million settlement with several U.S. banks*
*Money.cnn.com
26

26.
How Do I Protect My Business
from Cyber Crime?
1. Identify and shape up weak points
2. Designate a banking only computer
3. Back Up Information
4. Educate Employees
5. Get Insured
27

27.
How Do I Protect My Business
from internal fraud?
• Institute Policies to segregate accounting
duties or outsource functions to 3rd parties
• Conduct background checks/review credit
history before hiring employees with access
to cash or accounting duties
• Dual Signatures for payments over a certain
threshold
28

28.
How Do I Protect My Business
from internal fraud?
• Vacation Policy
• Positive Pay
• ACH Blocks/Filters
• Migrate payments to Purchasing Card Platform
• Code of Conduct/Policies in place
• Employee Assistance Program for those
struggling with emotional, health or financial
issues
29

29.
Combating Business Fraud
1. Be Proactive
2. Establish Hiring Procedures
3. Train Employees to identify fraud
4. Conduct Regular Audits
5. Call in an expert
30

30.
Strike Back!
• The IRS considers embezzled funds as
income. Failure to report it constitutes tax
evasion.
• Issue 1099 to perpetrators
31

31.
Resources
• Your Financial Institution
• Your CPA
• www.abagnale.com
• www.irs.gov
• www.sba.gov
• www.aicpa.org
• www.forbes.com
• www.bankofamerica.com
• Association of Certified Fraud Examiners (AFCE) www.acfe.com
• www.visa.com
• www.pwc.com
• www.jpmorgan.com
32

32.
Questions?
33

33.
Certificate of Completion
This Certifies That
___________
Attended the 2 Hour Seminar
Small Business Fraud
________ _________
Date Presenter
*Note: It is the primary responsibility of each licensee to fulfill the requirements of the law (CPE) and to be able to document, to the Board’s
satisfaction, such fulfillment. All active licensees must maintain, for 4 years, records sustaining (proof of attendance, course outline & expertise
of instructor) the continuing education credits claimed by them as a prerequisite for renewal of their license. For more information PLEASE refer to
Continuing Education Policies from the State Boards (410) 333- 6322
34