In this digital age, there is huge emphasis on knowing who merchants are selling to and buying from. It pays to know customer history and buying patterns, and it’s important for merchants to know the facts on their third-party suppliers. This knowledge is key in limiting fraud risk and detecting it before it happens.
But what about internal fraud risk? Internal fraud should not be overlooked, nor should it be cast off as a minor issue. This friendly fraud is truly a force to be reckoned with that can hurt businesses, regardless of size, niche, or revenue numbers.
The challenge is in knowing how to balance the efforts placed on external and internal fraud prevention and detection. The good news is that internal fraud or friendly fraud can be easily prevented and detected with a few basic measures and some infrastructure development.
The Costs of Internal Friendly Fraud
Often the best way to understand a problem is to see the numbers in black and white. Data from a recent study conducted by the Association of Certified Fraud Examiners (ACFE) titled Report to the Nations on Occupational Fraud and Abuse, reveals the prevalence and impact of internal fraud.
- Median loss from a single case of internal fraud was $150,000
- Over 23% of internal fraud cases resulted in a minimum loss of $1 million
- Study of 2,410 internal fraud cases came to a total loss of more than $6.3 billion
- Financial statement fraud ranks the highest of the three major categories of fraud with a $975,000 median loss
- Whereas the median cost of employee internal fraud was $65,000, the median cost of executive internal fraud was $703,000
These numbers highlight why it is imperative that internal fraud is addressed and that mechanisms are in place to prevent it from occurring. Another interesting fact from the 2016 study by the ACFE, highlights that organizations that did not have anti-fraud controls suffered twice as much loss as those companies that do have internal fraud prevention measures in place.
Internal Friendly Fraud Protection
It cannot be stated enough that knowledge is power—particularly when it comes to internal fraud protection, prevention, and detection. The more a merchant knows about the business and how it operates, the better protected and secure will be the business assets.
Building this knowledge takes stepping back and assessing how the business operates, who is actually running the business, and in understanding the largest fraud risks.
With a fraud risk analysis that includes studying how all employees (including upper management) interact with company assets and resources, fraud risk areas quickly become apparent. This process highlights where controls are lacking, where policies need to be clearly stated, and where changes need to be made.
With this knowledge, a merchant can then implement some key internal fraud protection mechanisms that will work to prevent, protect, and detect fraud.
- Auditing: Conduct regular internal audits of inventory, payroll, bank statements, and other transactions. Both internal and external auditing of financial statements are effective.
- Established code of conduct: When all company members know that internal fraud will not be tolerated, the risk factors are reduced. Be transparent about how whistleblowing will be handled and stress that anonymity will be respected.
- Secure data: Use technologies such as PKI compliance, tokenization, SSL, digital signatures, and biometrics to ensure security and protection. Don’t overlook measures such as forced password updates, office access cards, and disabling of past employee accounts.
- Management and employee review: Reviewing the roles and access that comes with these roles highlights where access needs to be tightened, and allows ranking of management and employee fraud risk factors.
- Hotline: Giving all employees a method of anonymously reporting fraud can greatly reduce the risks of fraud occurring. The Report to the Nations on Occupational Fraud and Abuse reveals that having a hotline in place lowered the median fraud costs for a business from $200,000 to $100,000.
Just as with the external fraud that many merchants solely focus on, the costs of internal fraud are typically never recouped. The loss to the business, the damage to brand reputation, and the ability to recover from internal fraud all quickly add up. In fact, the longer the fraud occurs, the more costly it is to the organization.
Data collected by a 2014 ACFE study reveals that when internal fraud is caught within seven months of occurrence, the loss is on average $50,000, but when the fraud continues to 36 months the loss grows to $211,000. When this type of fraud reaches the 61-month mark, the loss is $965,000.
Taking Control of Internal Fraud
Just as you implement solutions and technology to protect your business from external friendly fraud risks, the same must be done to protect your company from internal fraud risks. There is too much at risk, and by taking smart and proactive steps, it is possible to keep your business running securely, both inside and out.
The Verifi team has deep expertise in the latest tools and technology that can provide a secure environment, providing you fraud protection where and when you need it most.