Protecting Your Organization Against Check and ACH Fraud

  • Published on

  • View

  • Download

Embed Size (px)


Webinar series from FraudResourceNet LLC on Preventing and Detecting Fraud in a High Crime Climate. Recordings of these Webinars are available for purchase from our Website This Webinar focused on the subject in the title FraudResourceNet (FRN) is the only searchable portal of practical, expert fraud prevention, detection and audit information on the Web. FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet LLC and White-Collar Crime 101 LLC/FraudAware. The two entities designed FRN as the go-to, easy-to-use source of how-to fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts. FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.


<ul><li><p>Protecting Your Organization Against Check </p><p>and ACH Fraud</p><p>March 6, 2013</p><p>Special Guest Presenter:Paul McCormack, CFE</p><p>Connectics</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Copyright 2013 FraudResourceNet LLC</p><p>About Peter Goldmann, MSc., CFE</p><p> President and Founder of White Collar Crime 101Publisher of White-Collar Crime FighterDeveloper of FraudAware Anti-Fraud Training </p><p>Monthly Columnist, The Fraud Examiner, ACFE Newsletter</p><p> Member of Editorial Advisory Board, ACFE Author of Fraud in the Markets</p><p>Explains how fraud fueled the financial crisis.</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>About Jim Kaplan, MSc, CIA, CFE</p><p> President and Founder of AuditNet, the global resource for auditors Auditor, Web Site Guru,Internet for Auditors PioneerRecipient of the IIAs 2007 Bradford Cadmus Memorial Award. Author of The Auditors Guide to Internet Resources 2nd Edition </p><p>Copyright 2013 FraudResourceNet LLC</p><p>Paul McCormack, CFE</p><p> 17 years of fraud, litigation and business consulting experience</p><p> Worked directly with agents from federal, state and local law enforcement agencies including the F.B.I., G.B.I., D.E.A., and the Secret Service</p><p> Previously managed check fraud detection for SunTrust Banks</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Webinar Housekeeping</p><p>This webinar and its material are the property of AuditNet and FraudAware. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. We will be recording the webinar and you will be provided access to that recording within five business days after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.</p><p>Please complete the evaluation to help us continuously improve our Webinars.You must answer the polling questions to qualify for CPE per NASBA.</p><p>Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.</p><p>If GTW stops working you may need to close and restart. You can always dial in and listen and follow along with the handout.</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Disclaimers</p><p>5</p><p> The views expressed by the presenters do not necessarily represent the views, positions, or opinions of FraudResourceNet LLC or the presenters respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. </p><p> Any mention of commercial products is for information only; it does not imply recommendation or endorsement by FraudResourceNet LLC</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Todays Agenda</p><p> Introduction Fraud Statistics Auditors Role in Fraud Detection Check &amp; ACH Fraud Statistics Main Types of Check Fraud Red Flags of Check Fraud How ACH Fraud Occurs Red Flags of ACH Fraud Detecting Check and ACH Fraud Prevention/Control Measures Conclusion Questions</p><p>Copyright 2013 FraudResourceNet LLC</p><p>The Auditors Role </p><p> IPPF Standard 1210.A3 Internal auditors must have sufficient knowledge ofavailable technology based audit techniques to perform their assigned work</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Fraud: The Big Picture</p><p>According to major accounting firms, professional fraud examiners and law enforcement: Fraud jumps significantly during tough economic timesBusiness losses due to fraud increased 20% in last 12 </p><p>months, from $1.4 million to $1.7 million per billion dollars of sales. (Kroll 2010/2011 Global Fraud Report)</p><p> Average cost to for each incident of fraud is $160,000 (ACFE) Of Financial Statement fraud: $2 million</p><p> Approx. 60% of corporate fraud committed by insiders (PwC) Approx. 50% of employees who commit fraud have been </p><p>with their employers for over 5 years (ACFE)</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Check &amp; ACH Fraud Facts</p><p> Checks continue to be the dominant payment form targeted by fraudsters</p><p> 85 percent of companies surveyed reported that checks were targeted</p><p> The typical loss associated with payment fraud is $19,200</p><p> Most organizations do not automatically change out affected bank accounts associated with payments fraud</p><p> Seventy-four percent of organizations maintain separate accounts for different payment methods and types</p><p>Source: 2012 AFP Payments Fraud and Control Survey</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Check &amp; ACH Fraud Facts</p><p> Electronic check conversion services continue to experience a very low incidence of fraud (2%), making this service a good choice in helping minimize instances of check fraud.</p><p> 17% of organizations that were targets of ACH fraud during 2011 suffered a financial loss as a result of such fraud</p><p> Positive pay, ACH filters and daily reconciliations are among the methods used to identify exception items that may include fraudulent transactions as well as errors and other rejects due to administrative issues</p><p>Source: 2012 AFP Payments Fraud and Control Survey</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Check &amp; ACH Fraud Facts</p><p> The most common reasons victim organizations are financially responsible for the losses sustained from ACH fraud include: Not reconciling accounts on a timely basis Not using ACH debit blocks or ACH debit filters ACH return not being timely Not using ACH positive pay</p><p>Source: 2012 AFP Payments Fraud and Control Survey</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Polling Question 1</p><p>The majority of organizations targeted by ACH fraudsters suffer a financial loss.</p><p>A. TrueB. False</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Main Types of Check Fraud</p><p> Alterations Chemicals remove or alter the original information inscribed on a check (for example, the payee, the amount etc). </p><p> Counterfeit Check was never issued by the organization, it is a copy (the quality can vary significantly). Check is negotiated and ultimately debited against the organizations account</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Main Types of Check Fraud (cont)</p><p> Forged Endorsements / Signatures Checks are stolen and then endorsed by someone other than the payee that the organization intended to receive the funds. An employee can also steal blank checks and forge official signature</p><p> Closed account fraud Checks written against accounts that are closed and contain no funds</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Main Types of Check Fraud (cont)</p><p> Kiting - Kiting of funds involves writing checks against deposits that have not cleared. Money appears in two accounts - temporarily</p><p> Account takeover Cyber-fraudster typically steals banking credentials by planting malware on target users computer. Almost immediately, wires, ACHs and occasionally checks are created. Once the money leaves the account it is laundered through a series of transactions making recovery of the funds all but impossible.</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Check Fraud Red Flags</p><p> Checks are presented out-of-sequence Banks fraud department routinely calls to verify check </p><p>fraud suspects</p><p> Vendors complain about missing check payments Canceled check endorsements are illegible or </p><p>inconsistent</p><p> Payees appear to have been altered or do not appear to be business-related</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Check Fraud Red Flags</p><p> Check contains misspellings, typos, and grammatical errors, or doesn't have a watermark.</p><p> Routing transit number (RTN) or ABA number at bottom of the check doesn't accurately include the two sets of numbers on the upper right corner next to the check number. (The RTN or ABA number is the nine-digit code on the bottom of the check).</p><p> First three numbers indicate the state and district office of the issuer. These numbers don't coincide on altered checks. </p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #1</p><p> Kathleen Prince, the former bookkeeper / accountant for the Inner Circle Foster Family Agency received a sentence of 41 months for taking $708,924 from her employer for her personal use.</p><p> Prince made checks payable to herself as well as her creditors. She used the funds to pay her personal credit card bills, cell phone bills, and her mortgage. She also used to proceeds from the fraud to pay for a vacation to Hawaii.</p><p> To conceal the fraud from the board of directors, Prince altered the agency's accounting records and misrepresented the organization's health to board of directors. </p><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #1 Lessons Learned</p><p> Check fraud is prevalent in all types of organizations. Charitable organizations are particularly vulnerable as they are unable, or unwilling to invest in additional controls or oversight to prevent it.</p><p> If board of directors allows a bookkeeper to control multiple elements of payment process, recording and reconciliation process, the probability that fraud will take place rises dramatically.</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Polling Question 2</p><p>Writing checks against deposits that have not cleared is a definition of</p><p>A. Check alterationsB. Closed account fraudC. KitingD. Account takeover</p><p>E.</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #2</p><p> Karen Febles, a former a New York bank employee was charged with stealing $1.8 million from a retired employee of the bank while tasked with managing his personal and professional finances. Between 2007 and 2011, Febles allegedly altered checks for higher amounts that had previously been signed by the account holder</p><p> Febles purchased a Range Rover with $52,720 in cash, a Mercedes-Benz with $34,650 in cash, spent approximately $45,000 on vacation cruises, more than $100,000 on real estate, more than $20,000 on other car payments and more than $20,000 on personal expenses</p><p>Continued </p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #2 Prevention Lessons</p><p> In addition to monitoring employee activities, all organizations should have software in place that monitors customer as well as employee account activity. Employees often mistakenly believe that they can use their personal bank accounts to conduct fraud unobserved.</p><p> Febles spent considerable funds on cars, vacations and real estate. It is possible that a fellow employee may have suspected that Febles was committing fraud. </p><p>Key: If you have not done so already, deploy an anonymous hotline that employees can use to report concerns regarding employees, vendors and customers.</p><p> Failure to implement Segregation of Duties can be costly</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Polling Question 3</p><p>Choose all of the following that could be red flags of check fraud:</p><p>A. Vendors complain about missing check payments</p><p>B. Canceled check endorsements are illegible or inconsistent</p><p>C. Payee name contains a typo</p><p>D. Payees appear to have been altered or do not appear to be business-related</p><p>A.</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>How ACH Fraud Occurs</p><p> Very easily! Need two pieces of data routing number and bank </p><p>account number = Corporate account ID theft Transaction is initiated by fraudster via an Originating </p><p>Depository Financial Institution (ODFI) ODFI batches transactions and delivered via a </p><p>clearing house to Receiving Depository Financial Institution</p><p> RDFI posts transactions customer accounts</p><p> Account holder is unawareof transaction until ACHdebit appears in account</p><p>Copyright 2013 FraudResourceNet LLC</p><p>ACH Fraud Red Flags</p><p> Accounts are experiencing a significant increase in ACH debits (payroll accounts are especially vulnerable)</p><p> Unexplained ACH debits for small amounts from unknown vendors</p><p> Banks fraud department calls to confirm ACH debits</p><p> Accounting personnel are unable to reconcile all debit activity in organization accounts</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>ACH Fraud Notification</p><p> Consumers have 60 days to notify their bank. Corporate accounts have 2 days! </p><p>Important: It is crucial that all accounts are reconciled on a daily basis</p><p> Banks routinely deny return requests outside of the 2 day window</p><p> Banks will enter litigation to defend their decision</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #3 ACH Fraud</p><p> Mary Harris, a former treasury analyst for Central Parking Corporation, pleaded guilty to her role in an $1.9 million embezzlement.</p><p> Harris admitted that in her position she had access to organization bank accounts and the Automated Clearing House (ACH) system. Harris processed approximately 200 ACH transactions that deposited funds in her own bank account or the bank accounts of her relatives.</p><p> Harris concealed the fraud by making accounting entries in Central Parkings accounting ledger and creating false emails to support the entries.</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #3 Lesson Learned</p><p> A fraudster only needs two pieces of data - your banks routing number and the account number</p><p> Payroll accounts are often the destination for fraudulent ACH transactions as the routing number and account number is widely circulated</p><p> If your organizations bank accounts see a significant increase in ACH debits, fraudsters may be testing your ability to detect fraudulent transactions before unleashing a number of debits</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #3 Prevention Lessons</p><p> Dont ignore calls from your banks fraud department. They have considerable behind the scenes information regarding what a fraudulent ACH debit looks like</p><p> If you cannot reconcile all debit activity in your organizations accounts, look for reasons for the un-reconciled amounts</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Case Study #3 Prevention Lessons (continued)</p><p> Companies only have 2 days to notify their bank of a fraudulent ACH. Notify them immediately once detected</p><p> Given the short time period within which your organization is required to notify the bank, all accounts should be reconciled on a daily basis. Failure to do so will in automatic denial of any fraud claims made</p><p> Banks will often pursue litigation to defend their decision to deny the fraud claim</p><p>Copyright 2013 FraudResourceNet LLC</p><p> Since employees most often unwittingly provide fraudsters with the information they need to commit ACH fraud (bank account number &amp; routing number), educate your employees on the dangers of ACH fraud. Helpful: Your bank will likely be able to provide examples of fraudulent phishing emails that criminals have used in the past</p><p> Pay attention to ACH fraud cases in the news. Consider whether a similar fraud could take place at your organization?</p><p> Designate one computer for all online banking transactions including ACH and wire</p><p>Case Study #3 Prevention Lessons (continued)</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p> Ensure that all of your organizations computers have robust anti-virus software installed that is kept up to date automatically (no manual intervention to accept update)</p><p> Task your organizations IT department with conducting frequent reviews of the computer designated for online banking to ensure that it remains virus free</p><p> To avoid complacency as well as the threat of employee fraud, rotate responsibility for ACH transactions every 6 months </p><p>Case Study #3 Prevention Lessons (continued)</p><p>Copyright 2013 FraudResourceNet LLC</p><p>Polling Question 4</p><p>Commercial accounts have ______ days to inform the bank of an ACH fraud</p><p>A. 60B. 30C. 2D. 10</p><p>E.</p></li><li><p>Copyright 2013 FraudResourceNet LLC</p><p>Che...</p></li></ul>


View more >