Wednesday, November 17, 2010

Identity Fraud

The term ‘identity fraud’ is commonly used to describe the impersonation of another person for
financial gain. Fraudsters steal your personal identity and/or financial information and use it to
purchase goods and services or to access facilities in your name.

What is identity fraud?

Fraud occurs ‘when a false identity or someone else’s identity details are used to support unlawful activity, or when someone avoids obligation/liability by falsely claiming that he/she was the victim of identity fraud’.

Common types of identity fraud

Application fraud/account takeover:

A fraudster applies for financial services (eg, a new credit card or opens a new bank account) in your name or changes your postal address.

Impersonation of the deceased:

A fraudster uses the identity of a deceased person to obtain goods and/or services.


A fraudster sends you an email claiming to be from your bank or other legitimate online business (eg, a shop or auction website) asking you to confirm or update your personal information such as passwords and account details via a link in the email.

Present (current) address fraud:

A fraudster living at your address (eg. the same block of flats) or nearby uses your name to purchase goods and/or services and intercepts the mail when it arrives.

How does the fraud work?

A fraudster steals or acquires information about you. This may include:
· Your name
· Your current or previous address
· Your date of birth
· Your bank account or credit/debit card details
· Any other personal or financial information about you
· This information is then used to:
· Acquire new debit, credit or store cards Open bank or mobile phone accounts Obtain new passports or driving licences
· Apply for benefits
· Take out loans
All in your name. You may not realise that you have been a victim of identity fraud for some time. This is because the fraudster may intercept deliveries or redirect your mail without your knowledge or consent.

The Identity Fraudster
1. Steals/acquires personal/financial information about you
2. Uses this information to obtain finance/goods/services in your name
3. Intercepts/redirects goods/services
4. You stop receiving mail or receive mail about goods/services you know nothing about

What happens if you become a victim?

Generally you will not be liable for all of the debt incurred by the fraudster in your name. However you will need to rectify the damage caused by the fraudster (particularly. to your credit rating) and this can take time. 5 steps that you should take:
1. Report the matter to the relevant organisation(s) immediately. Follow their advice.
2. Obtain a copy of your credit report (available from credit reference agencies).Check for discrepancies. Go back to step 1.
3. Keep a record of all correspondence you make or receive in respect of the identity fraud.
4. Consider ‘protective registration’. A small annual fee is charged for this service.
5. Reassess your personal security strategies in respect of your personal and financial information. (Ask yourself ‘how well do I protect it and can I do anything differently?’)

In most cases it will be at the discretion of the organisation which supplied the goods and services to the fraudster to decide whether or not to prosecute. This is because the organisation supplying the goods or services is considered the victim in law – not you.

How to protect yourself

Be aware of the risk from identity fraud and safeguard your personal and financial information.

· Securely destroy all documents containing personal information before disposing of them.
· Remove your name from unnecessary or unwanted mailing lists.
· Arrange for your mail to be redirected if you move house and notify relevant organisations.
· If you don’t receive any mail, check with Royal Mail that a redirection hasn’t been set up in your name without your knowledge.
· Monitor your bank accounts regularly for any unusual transactions and close any banks accounts you no longer need.
· Review your credit report on a regular basis.
· Report lost or stolen personal documents and/or credit/debit cards.
· Limit the number of personal documents you carry to those that you need – leave the rest at home in a secure place.
· Use secure passwords and PINs – a combination of numbers and letters is best. Shield the display when entering your PIN into a cash machine or mobile terminal.
· Install anti-virus software and firewalls on your computer and keep them up to date.
· Limit the amount of information stored on mobile devices such as phones, PDAs and hand-held computers.

· Disclose personal information over the telephone (especially a mobile phone), on the internet, by mail or in person to people you don’t know.
· Respond to unsolicited emails.
· Disclose your passwords and PINs to other people, even to family members.
· Use obvious passwords or PINs or the same password for different accounts.
· Let your debit or credit card out of your sight in restaurants and shops.
· Disclose personal information on websites that are not secure.

Source: Fraud Advisory Panel

Wednesday, November 10, 2010

Fraud hotspots in smaller businesses

Small and medium-sized businesses (SMEs) are particularly vulnerable to fraud in times of economic downturn; many lack the controls found in larger organisations and do not necessarily have the resources to combat certain types of fraud. This factsheet highlights some of the key areas of fraud risk.

Areas of fraud risk

All types and sizes of businesses are vulnerable to fraud. Smaller businesses can be susceptible to a very broad range of fraud risks and a small workforce can mean that it is difficult to segregate duties. Fraud can be committed by employees (sometimes called ‘internal fraud’ or ‘employee fraud’), third parties (such as suppliers and customers) and even by business owners themselves. Some of the most common fraud ‘hotspots’ are summarised below.


Card fraud: A fraudster pretends to be a legitimate customer and purchases goods using a stolen credit or debit card.

Non-deliveries: Customers falsely claim that goods dispatched from an online retailer have not been received.

Refunds: Customers steal goods from a retail outlet and then return the goods for a cash refund.


False or inflated supplier invoices:
Employees authorise payments for overpriced and/or non-existent goods or services and receive a ‘kickback’ (such as a cash payment) in return from the supplier. This is particularly noticeable in the property management sector where service charges are calculated on a cost plus percentage mark-up basis.

Fictitious refunds or returns:
Employees generate false refunds and either steal the cash value from the till or arrange for the amounts to be refunded directly to their personal credit card or bank account. Retailers are particularly susceptible to this type of fraud.

Ghost employees or contractors:
Fictitious employees and/or contractors are added to the business’ payroll and are paid wages and/or expenses.

Misappropriation of assets:
Employees help themselves to cash, stock, IT equipment such as laptops, and stationery or submit false expense claims.

Theft or supply of confidential information:
Employees steal confidential customer and/or client information and use it for fraudulent purposes.


False or inflated invoices: Suppliers invoice for more goods or services than were delivered or supplied, or invoice at a higher price than originally quoted. This may involve collusion with an employee to ensure that payments are authorised.

Long firm fraud: A business is set up with the purpose to defraud other legitimate businesses.

Property management: Over-charging by management companies using fictitious time records.

Other third parties

Corporate identity fraud:

A fraudster sets up a false company to trade or steals an organisation’s identity and/or financial information and uses it to purchase goods and services, obtain information or to access facilities in that organisation’s name.

Online banking fraud:

A fraudster gains access to the business’ online bank account and manipulates funds such as setting up standing order payments to his/her own bank account. Businesses that do not have adequate firewall protection are particularly vulnerable to this type of fraud.

Fraud warning signs

There are a number of warning signs that can indicate that fraud may be occurring within your business. These include:
• Changes in employee behaviour
• Changes in cash flow
• Stock shrinkage
• Customer complaints
• High turnover of staff
• Computer and network problems

Managing the risk of fraud

Your business can take a number of steps to reduce the risk of becoming a victim of fraud. The key elements of fraud risk management are:


• Establish an ethical business culture. Develop an anti-fraud policy that clearly sets out the minimum standards of
behaviour expected of employees (acceptance of gifts, use of assets, response to theft etc) and lead by example.
• Minimise the opportunities for fraud to occur within your business. Review your business activities; identify the areas most at risk to fraud and introduce controls to prevent it. These might include segregating finance duties, implementing authorisation thresholds, conducting reference checks on new employees and introducing IT systems access controls. Controls do not need to be complicated or expensive.


• Be aware of the indicators of fraud. Introduce procedures to detect the early warning signs that fraud is taking place. These might include educating staff to spot common frauds and scams, introducing a reporting hotline, conducting spot audits (of stock, sales and purchase ledgers etc) and reviewing profit and loss accounts on a regular basis.


• Make sure you are prepared to respond to a fraud being discovered within your business. Smaller businesses should consider a policy that independent professional advice will be sought at the outset of any fraud investigation. Larger organisations should include fraud as part of their disaster recovery plan. This should cover the investigation process (who, when and how), legal or ethical duties to report (to your shareholders, customers, bank, insurance company and/or regulator(s)) and public relations.
• It is important to remember that there are different standards of proof that need to be met according to the type of action you wish to take against the fraudster – disciplinary, regulatory, civil or criminal.


• Consider the need for fidelity or crime protection and/or directors’ and officers’ liability insurance.


• Business practices and activities change over time. Regularly review the systems, processes and controls you have in place to manage the risk of fraud to ensure that they remain current, relevant and appropriate for your business’ needs.

Indicators of fraud checklist

There are a number of behavioural and financial warning signs that can indicate that there may be a problem within your business. These should not be taken as definitive proof that there is a fraud; some employees will display one or more of these characteristics and be completely honest and trustworthy; others may display none but may be dishonest.

Employee behaviour:

• Increased levels of stress without a high workload
• Lifestyle not commensurate with salary
• Reluctant to take annual holidays
• Personal financial problems
• Tends to bend/break the rules
• Tends to be subject to complaints
• Works late or unusual hours
• Is unwilling to delegate
• Refuses promotion
• Cosy relationship with contractors and/or suppliers
• New staff resign quickly


• Cash only transactions
• Large variation in expenses between offices/outlets
• Poorly reconciled cash expenses
• Poorly reconciled customer accounts
• Customer complaints
• Rising costs with no explanation or that are not commensurate with an increase in revenue
• Large volume of refunds to customers
• Unusually large inventories

What to do if your business suffers a fraud

Three steps that you should take are:

1. Report the matter to the gardai and other relevant organisation immediately. Depending upon the type of fraud this could include your bank, insurance company, suppliers and/or customers.
2. Consider seeking specialist professional advice.
3. Reassess the way your organization conducts and manages its business to ensure it is adequately protected against this type of fraud occurring in future.

Tuesday, November 2, 2010

Fraud in a Recession

Economic recession

A downturn places people under pressure and leads some into dishonesty. Fraud losses make recession induced cashflow, liquidity and credit problems worse. Coping with the consequences of even a small fraud will consume energies when management time is already at a premium.

A recession increases fraud threats from inside the business, for example: Managers desperate to keep their heads above water may be tempted to falsify accounts and sales returns; Employees with large debts may inflate expense claims, ‘borrow’ from the till, steal stock and company assets and collude with customers, suppliers or Contractors: Staff may be more vulnerable to attempts to get them to sell confidential information; Organised criminals may infiltrate companies, placing individuals in positions where they have access to money, goods, or information that can be turned to financial gain.

Recession also brings to light existing frauds as credit lines run out and financial manipulation can no longer be concealed.

External attacks are equally serious. Companies providing customer credit are at risk from an increase in fraudulent applications. Suppliers and contractors will be under pressure and some will defraud business customers. As smaller firms find it harder to obtain credit from traditional sources they will be tempted to turn to new and untried sources of funding, some of which will be offered by fraudsters.

What to do if your business suffers a fraud

Three steps that you should take:

1. Report the matter to the police and other relevant organisations immediately. Depending upon the type of fraud this could include your bank, insurance company, suppliers and/or customers.

2. Consider seeking specialist professional advice.

3. Reassess the way your organization conducts and manages its business to ensure it is adequately protected
against fraud.

Remember that a recession is the time to take fraud seriously.

· Identify the areas of your business that might be most vulnerable to loss from theft or fraud, such as sales, stock, purchasing, expenses and record keeping.

· Strengthen any obvious weaknesses you have identified. This might include introducing additional checks for signing off payments or authorising purchases.

· Monitor your bank and credit card statements for unusual transactions.

· Designate a senior member of staff with responsibility for managing risk. He/she should identify areas of vulnerability and recommend changes to business processes where appropriate.

· Ensure that your business premises have adequate physical security protection including locks, keypads and alarms.

· Try to minimise cash transactions within your business.

· Conduct checks on your suppliers, contractors and biggest customers to make sure they are who they say they are and that you are getting value for money

· Check invoices against original purchase orders and the goods supplied.

· Make sure your staff are aware of the risks from theft and fraud and how to report it.

· Communicate staff expense policies/procedures and monitor compliance. Check references for all new staff; full-time, part-time, temporary, and casual. Further checks may be needed as employees are promoted or require access to more confidential information.

· Adequately protect your IT systems and business information from the cybercrime risks posed by phishing, viruses, hacking and scams.

· Consider how you would respond to a fraud if it was discovered in your organisation

What Do Not

· Forget that severe economic pressures can cause previously honest people to become dishonest.

· Assume all information provided by prospective employees, lenders or contractors is accurate.

· Economise on protecting your business against the risk of fraud.

Source; The Fraud Advisory Panel