Keep your small business safe from scams: Here’s how to handle fraud prevention
By Chase Canada
Here’s a five-letter word that will make your skin crawl as a business owner: fraud.
Fraudulent financial behaviour is on the rise for businesses, partly due to more consumers making transactions online. Consider, for example, the increase in phishing scams.
In fact, according to the 2021 AFP Payments Fraud and Control Survey, 65% of treasury and finance professionals think the uptick in this type of criminal activity is due to recent swings in the economy.
Fraud can impact small businesses in many ways—from your financials, to your security, to your reputation. However, before you can protect yourself against fraud, you need to know what to look for.
In honour of Fraud Prevention Month in March, this article will explain several different types of fraud and how small business owners can safeguard their operations.
7 types of fraud small business owners need to watch for
Here are some of the more common forms of fraud that can affect small business owners.
1. Payment and banking fraud with customers, scammers, or suppliers
This type of fraud could appear in a few different ways. For example, it could be as simple as a customer paying with an unauthorised credit card, or as complex as a perpetrator pretending to be someone from your bank who calls and asks you to submit your account information over the phone. These types of activities can hurt your finances and cause headaches for your company.
Employee embezzlement is, unfortunately, a potential reality in business. If bills aren’t paid correctly or your books aren’t adding up properly, it’s worth investigating. If your small business has employees with a lot of access to the money side of the operation — perhaps they accept payments or handle accounting on the processing side — you need to put protections in place to keep your finances in order.
3. Point-of-Sale systems that have been tampered with
POS systems are susceptible to criminal attacks, too, as hackers will try to access customer data and payment information. This may show up as failed login attempts or slow service. Keep on top of updating and strengthening your platforms and online network so you decrease your risk.
You also need to protect your POS systems from physical tampering. Some criminals might try to use a recording device or card skimmer to steal credit card numbers. The latest method is called a shimmer, which is a microchip inserted into a card reader. In 2017, CBC reported that four shimmers were found “by a diligent retailer conducting a daily security routine.” Regular physical and technological security checks can save small businesses time and money in the long run.
4. Chargeback or gift card fraud
A chargeback occurs when a customer disputes a charge on their debit or credit card. During the dispute process, the issuer will typically credit the cardholder. Some chargebacks are legitimate, such as if the customer never received a service or product, and therefore, the person is entitled to receive their money back (here’s chargeback information for merchants from Visa). Unfortunately, some users file erroneous chargebacks. For example, they may receive a product and still challenge the charge on their account. On top of lost business revenue, frequent chargebacks can sometimes put your business account in jeopardy with certain payment companies.
Gift card fraud can happen in a few different ways. On the consumer side, a scammer might pretend they’re a family member or representative from a business and request payments via gift cards. Some junk emails and websites also offer “free” or discounted gift cards that are not legitimate.
These cards offer fewer consumer protections and can be hard to link to the perpetrator, so these scams are rampant. In fact, in just two months in 2021, 23 people in the Waterloo region were targets of gift card scams. The victims lost a combined total of $57,430.
On the business side, gift card scams can negatively affect your operation in a couple of ways. For instance, if a scammer hacks into someone’s credit card account and purchases several gift cards to your store, the victim may be able to successfully file a chargeback. This leaves you on the hook for those losses. Additionally, this type of activity could ding the reputation of your business, fair or not, if someone experiences fraud through you.
5. Fake orders
This type of scam has several varieties. Scammers can replicate legitimate-looking order emails or text messages that ask recipients to click on a compromised link or ask them to verify payment information. This is an example of a phishing scam, which is used to gather private information from the target.
In another fake order scam, your business might receive an official-looking invoice that’s actually fraudulent. It could be for office supplies that you never actually ordered or received. Because it appears legitimate, however, it’s possible that your finance team would mistakenly pay it.
6. Stolen credit cards
Credit card fraud is also prevalent. Whether someone loses their card and fails to report it missing, or a business throws out paper with sensitive information on it, there are numerous ways for a credit card (or just its information) to end up in the wrong hands. As such, almost 39% of people said they refuse to use their credit card with certain merchants and establishments, according to a CPA Canada 2019 fraud survey.
While consumers are typically protected from credit card fraud, the merchant or bank could be on the hook for these illegitimate purchases. With that in mind, pay close attention to unusually high charges or irregular payment activity.
7. Hacked website
Like hacked POS systems, hackers target websites for businesses or stores in an attempt to collect sensitive data and information. For example, if your website loads too slowly or goes offline entirely, that could be a sign of a Distributed Denial of Service (DdoS) attack. These attacks threaten businesses of all sizes worldwide and can cost upwards of hundreds of thousands of dollars to remedy. It’s imperative to secure your website and regularly monitor for malicious behaviour.
5 tips to proactively avoid fraud
Now that we’ve explained some of the potential scams, here are tips that can help your small business proactively avoid fraud.
1. Hire attentive employees who can catch inconsistencies. Incorporate a fraud policy at your company and put it in your handbook. Train employees on what fraud is, what to look for, and who to notify if they spot it. Go over best practices and make updates, such as changing passwords regularly, part of the process. Do your due diligence when hiring, too; run background checks and vet personal references for all potential hires.
2. Conduct surprise audits. Bringing in an outside consultant to review your company’s financials is a good way to make sure everything is running smoothly — and alert you to anything that doesn’t add up. An auditor can review invoices and conduct data analyses to check for inconsistencies.
3. Work with a professional accountant. It’s essential to keep good financial records and have a professional review them regularly. On top of helping you find ways to save money, a professional accountant can also help you devise internal policies. If you can’t afford to hire a full-time accountant, you can outsource this work to a bookkeeper who works with small business clients or hire a fractional accountant to do quarterly reviews of your finances.
4. Maintain a secure website. There are many ways and actions you can take to strengthen your site. For one, make sure your website has a Secure Sockets Layer (SSL), which establishes an encrypted link between a server and a client. Check for other gaps in security and invest in software that monitors for potential cyberattacks.
5. Protect your POS system. Implement measures to keep your POS system safe from both hardware and software fraud. Routinely check your physical equipment for evidence that someone tampered with it. From a software standpoint, use an account verification system, CVV2 and CVC2 codes, password protection, and other methods to ensure transactions stay secure.
Also, keep a close eye on physical mail and all other paper trails. Check invoices to make sure they’re legitimate before you pay them, and develop routines, such as paper shredding, when it comes to documents that contain sensitive information that are no longer needed.
Protect yourself from fraud
While fraud is an unsettling topic, you’ll feel more empowered when you know what to look for and how to firm up your security measures.
From hiring professional mitigators to strengthening your online operations to reporting fraud to the proper authorities, there are a number of ways to secure your business and fight fraud. Remember, too, that large, trusted financial services companies can also help you protect your small business against fraud.
You’re now leaving Chase
Chase's website and/or mobile terms, privacy and security policies don’t apply to the site or app you're about to visit. Please review its terms, privacy and security policies to see how they apply to you. Chase isn’t responsible for (and doesn’t provide) any products, services or content at this third-party site or app, except for products and services that explicitly carry the Chase name.