Insurance 30 November 2016

Seven steps to successful fraud prevention as a small business

Business owners should be vigilant with who they let have access to important company documents

Falling victim to fraud can spell financial turmoil for businesses. However, as Katy Worobec, director at Financial Fraud Action UK explains, company owners can take some simple steps to protect themselves and help stem the rise of fraud.

Criminals are using increasingly sophisticated tactics to defraud businesses, with often devastating consequences. Recent figures from Get Safe Online and Action Fraud revealed that UK firms have lost more than £1bn to online crime in the past year.

Despite this rise, a surprising number of company owners are not taking the quick and easy steps that could protect their businesses.

A recent study carried out for Financial Fraud Action UK’s Take Five campaign found that many business leaders are unaware of common scamming tactics. For example, criminals attempting invoice fraud will carry out comprehensive research into the relationship a company has with its suppliers.

Fraudsters know when regular payments are due and have detailed company information. Equipped with this information, they make contact with a business’s finance team and can convincingly pose as their supplier. They then trick their victim into changing bank account payee details for a sizeable payment.

Criminals also pose as senior company representatives, known as ‘CEO spoofing’, to defraud a business. Using specialist software, fraudsters can manipulate the characteristics of an email, including the sender address, so that it genuinely looks like it comes from a CEO or a senior staff

They then email a finance team requesting urgent payment outside of normal procedures.

Businesses of all sizes and types can fall victim to fraud. That is why the Take Five campaign is encouraging business leaders and employees to be more vigilant and to protect themselves against the scammers.

Take Five has been created in collaboration with Financial Fraud Action UK’s members (the nation’s major banks, card issuers and card payment acquirers), and a range of partners, including the government, Cifas, charities and law enforcement.

There are some simple steps you can take to protect your business:

(1) Ensure all staff who process supplier invoices and who have authority to change bank details are vigilant

(2) Any changes to supplier financial arrangements should always be verified with that supplier using established details you hold on-file

(3) When a supplier invoice has been paid, it is good practice to inform that supplier of the payment made, including the account the payment was made to

(4) Check company or organisation bank statements carefully. All suspicious debits should be reported to your bank immediately

(5) Fraudsters conduct extensive online research to identify suppliers to particular companies and organisations. Consider if it would benefit your company or organisation to remove this information from your website and other publicly available materials

(6) Do not leave bills lying around for others to look at and record details of standing orders and direct debits

(7) Educating staff is key when it comes to preventing CEO spoofing. Ensure everyone in the business, and especially finance staff, are aware of this type of scam and make sure staff can challenge unusual requests

Consider putting in place a system which strengthens the controls around transfers. This could include requiring approvals from two different people apart from the requestor to initiate a transfer

Above all else please remember to Take Five – to pause and think – before responding to any requests to share financial details. By doing so we can all play an active role in protecting everyone from financial fraud.

Katy Worobec is director at Financial Fraud Action UK, a leading body in fraud prevention and transparency in the payments industry.

Sign up to our newsletter to get the latest from Business Advice.